Oracle To Pay $115m In Privacy Lawsuit Settlement

Oracle is to pay $115 million (£89m) to settle a proposed class-action lawsuit in California alleging the Austin, Texas-based company tracked hundreds of millions of consumers’ online behaviour and created unauthorised “digital dossiers” on them for marketing purposes in violation of California and federal privacy laws.

Plaintiffs asked the US District Court for the Northern District of California to approve the preliminary settlement in an unopposed motion just under two years after the initial complaint was filed.

Oracle has denied wrongdoing.

The settlement follows eight months of settlement negotiations and comes after Oracle announced in June it was shutting down its ad tech business, Oracle Advertising.

‘Digital dossiers’

The plaintiffs said Oracle’s dossiers included what people viewed online, where they accessed banking services, purchased petrol, what restaurants they dined in and where they used their credit cards.

Oracle allegedly sold the information directly to marketers or through offerings such as ID Graph, which was promoted as helping marketers “orchestrate a relevant, personalized experience for each individual”.

The settlement covers people whose personal information was collected or sold since 18 August, 2018.

As part of the deal Oracle agreed not to gather user-generated information from URLs of previously visited websites or text that users enter into online forms other than Oracle’s own sites.

The named plaintiffs include Michael Katz-Lacabe and University of Maryland social media professor Jennifer Golbeck.

Privacy challenges

The plaintiffs’ legal firm Lieff Cabraser Heimann & Bernstein may seek up to $28.75m from the settlement for fees.

Industry watchers said Oracle Advertising faced growing challenges in spite of growth through numerous acquisitions due to its reliance on third-party cookies and tracking without proper consent, losing a data-sharing agreement with Facebook following the Cambridge Analytica scandal and increasingly strict privacy controls such as the EU’s GDPR, which also applies in the UK.

Meanwhile brands are centralising data away from scattered platforms and third-party cookies into data lakes such as Snowflake, Databricks, Teradata VantageCloud or Amazon Redshift, posing further challenges to Oracle’s ad tech business model.