Oracle’s ‘surveillance machine’ targeted in US privacy class action
The business behemoth Oracle is now dealing with a new class action lawsuit in the US.
The lawsuit, which was filed Friday in the Northern District of California as a 66-page complaint, accuses the tech giant and its adtech and advertising subsidiaries of violating the privacy of the vast majority of people on Earth by asserting that their “worldwide surveillance machine” has gathered comprehensive dossiers on about five billion people.
Three class representatives are named in the lawsuit: Dr. Jennifer Golbeck, a professor of computer science at the University of Maryland; Michael Katz-Lacabe, director of research at The Center for Human Rights and Privacy; and Dr. Johnny Ryan, senior fellow of the Irish Council for Civil Liberties (ICCL). They claim to be “acting on behalf of worldwide Internet users who have been subject to Oracle’s privacy violations.”
They point out that the San Francisco-based legal firm Lieff Cabraser, which represents the claimants, has successfully prosecuted key privacy lawsuits against Big Tech.
The crucial point is that the United States does not have a comprehensive federal privacy law, making it difficult for the litigation to present a privacy argument. As a result, the complaint makes numerous references to federal, constitutional, tort, and state laws, alleging violations of the Federal Electronic Communications Privacy Act, the California Constitution, the California Invasion of Privacy Act, as well as common law and competition law.
It is unclear if this “patchwork” approach to a complex legal situation will be successful; but, this whole thread is highly recommended for an expert’s quick review of the case and several important issues. The complaint’s main points, however, centre on claims that Oracle gathers enormous amounts of data from unaware Internet users, i.e. without their consent, uses this surveillance intelligence to profile people, further enriches profiles via its data marketplace, and gravely jeopardises their privacy, including, per
In a statement on the lawsuit, Ryan stated: “Oracle has invaded the privacy of billions of individuals all over the world. This Fortune 500 business is on a risky quest to monitor everyone’s whereabouts and activities. This step is being taken to disable Oracle’s spying apparatus.
Oracle’s representative failed to respond to questions about the lawsuit.
A few years ago, the company and Salesforce were both facing class action lawsuits for their surveillance of online users in Europe. The lawsuits aimed to question the legitimacy of their permission to do so, citing the region’s (contrastingly) strict data protection and privacy regulations.
Although the European legal challenges, which were brought in the Netherlands and the U.K., have had a difficult time, a Dutch court last year declared the case to be inadmissible because, according to reports, the not-for-profit bringing the class action lawsuit had not shown that it represented the allegedly injured parties and, as a result, lacked legal standing. (However, the Privacy Collective, the group that brought the lawsuit, said earlier this year that it would appeal.)
While the U.S. branch of the case was put on hold until the resolution of an earlier class-action-style privacy lawsuit against Google, the U.K. Supreme Court ruled with the internet giant last year, stymieing the possibilities of other similar lawsuits.
The Lloyd v. Google case saw the litigation’s push for a uniform “loss of control” of personal data for each member of the claimed representative class to stand in its stead derailed by the court’s finding that damage/loss must be suffered in order to claim compensation — and that, therefore, the need to prove damage/loss on an individual basis cannot be skipped.
The decision, which at the time was seen as a major setback for opt-out class actions for privacy claims, put another wrench in the works of the Oracle-Salesforce class action’s capacity to go forward in the U.K.
The effort by digital rights experts to test such claims in the U.S. is likely due to the difficulties of bringing privacy class actions in Europe.