IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Oracle's massive advertising database operates without user consent, lawsuit claims

Rights organisers have accused Oracle of collecting an undue level of sensitive data to identify consumers online

A side on photo of an Oracle sign on a lawn in front of a large blue-glass building

Oracle is facing a class-action lawsuit over its alleged use of extensive data aggregation to match the sensitive information of hundreds of millions of customers without informed consent.

In addition to its role as a data management, cloud, and enterprise solutions firm, Oracle also acts as a data broker, and runs Oracle Data Marketplace - the largest third-party data marketplace in the world.

Related Resource

The trusted data centre and storage infrastructure

Invest in infrastructure modernisation to drive improved outcomes

Whitepaper cover with image of female sat on floor with laptop on her knee leaning against a serverFree Download

The complaint alleges that Oracle’s current notice of consent for data collection does not justify the use of the Oracle’s BlueKai Data Management Platform cookies and tracking pixels to collect and store sensitive data of individuals including address, life events such as marriage or childbirth, education, and purchase history.

This, it states, builds up an excessively-detailed picture of each of the many millions of customers within its database. The major grievance outlined in the complaint is with the aggregation of this data within Oracle’s 'ID graphing', which matches sensitive data drawn from disaggregated sources to existing data profiles on US citizens and individuals around the world, in order to inform targeted advertising.

Oracle chairman Larry Ellison is credited as having claimed that there were five billion people in Oracle’s ID graph by 2016.

Internal documentation published by Oracle credits its BlueKai cookies and ID graphing with the successful collection of data of more than 155 million US households. Other tools such as AddThis, a widget service that Oracle acquired in 2016, tracks user activity on over 15 million websites, enabling the identification of 1.9 billion unique users.

The complaint notes that the cookies and pixels bundled with AddThis are utilised without prior notice or user consent.

Much of the complaint focuses on this issue of consent. The plaintiffs allege that Oracle is guilty of an invasion of privacy under the California constitution, which lists “privacy” as an inalienable right of the citizens of California, and of violating the California Invasion of Privacy Act.

“Oracle knows, or reasonably should know, that Internet users such as Plaintiffs and Class members have insufficient knowledge or basis to reasonably comprehend the extent to which Oracle is obtaining their data, tracking their activity, and compiling it into digital dossiers, nor the deeply invasive and detailed nature of those dossiers,” the complaint reads.

Unlike the UK and EU GDPR, the US has no federal digital privacy legislation, so state privacy laws are one of the few avenues by which individuals can assert rights to privacy in court.

In 2020, a lawsuit filed in the the Netherlands accused Oracle of GDPR violations in its handling of personal data through third-party cookies. BlueKai was specifically named in this lawsuit, with one expert noting that "Everyone who has ever used the internet is at risk from this technology".

“It may be largely hidden but it is far from harmless," said Dr Rebecca Rumbul, class representative and a claimant on the suit in England.

At the time, Oracle dubbed the lawsuit a "meritless action based on deliberate misrepresentations of the facts". Earlier in 2022, the suit was dismissed, although the new complaint claims that in response to the UK/NL suit, Oracle did “cease certain of the practices complained of in that lawsuit only weeks after it was filed”.

Oracle declined to provide comment to IT Pro.

Featured Resources

Big data for finance

How to leverage big data analytics and AI in the finance sector

Free Download

Ten critical factors for cloud analytics success

Cloud-native, intelligent, and automated data management strategies to accelerate time to value and ROI

Free Download

Remove barriers and reconnect with your customers

The $260 billion dollar friction problem businesses don't know they have

Free Download

The future of work is already here. Now’s the time to secure it.

Robust security to protect and enable your business

Free Download

Recommended

NetSuite launches SuitePeople tools for automating schedules and tracking attendance
business management

NetSuite launches SuitePeople tools for automating schedules and tracking attendance

28 Sep 2022
NetSuite announces accounts payable automation to boost transfer accuracy and efficiency
Business strategy

NetSuite announces accounts payable automation to boost transfer accuracy and efficiency

28 Sep 2022
Oracle to act as US data auditor for TikTok
Business operations

Oracle to act as US data auditor for TikTok

17 Aug 2022
Google and Oracle data centres hit by issues amidst hottest ever UK day
Cloud

Google and Oracle data centres hit by issues amidst hottest ever UK day

20 Jul 2022

Most Popular

How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022
Why collaboration is key to digital transformation
Sponsored

Why collaboration is key to digital transformation

13 Sep 2022
What your hybrid workforce needs from their laptops
Advertisement Feature

What your hybrid workforce needs from their laptops

21 Sep 2022