Corporate giant Oracle is facing a new US privacy class action lawsuit.
The lawsuit, which was filed Friday as 66 pages complaint in the Northern District of California, alleges that the tech giant’s “global surveillance machine” has amassed detailed records on some five billion people, accusing the company and its advertising and marketing affiliates of violating the privacy of the majority of people on Earth.
The suit has three class representatives: Dr. Johnny Ryan, senior fellow at the Irish Council for Civil Liberties (ICCL); Michael Katz-Lacabe, director of research at the Center for Human Rights and Privacy; and Dr. Jennifer Golbeck, a professor of computer science at the University of Maryland, who say they are “acting on behalf of Internet users around the world who have been subject to Oracle’s privacy violations.”
The parties to the case are represented by the law firm based in San Francisco, Leif Cabrazerwhich they note has litigated significant privacy lawsuits against Big Tech.
The key point here is that there is no comprehensive federal privacy law in the US – so litigation certainly faces a hostile environment to make a privacy case – so the complaint cites multiple federal, constitutional, statutes of limitations tort and state laws alleging violations of the Federal Electronic Communications Privacy Act, the California State Constitution, the California Breach of Privacy Act, and competition and common law law.
It remains to be seen whether this patchwork approach to a complex legal landscape will prevail — for expert instant analysis of the complaint and some key challenges this whole thread is highly recommended. But the crux of the complaint hinges on allegations that Oracle collects massive amounts of data from unwitting Internet users, ie. without their consent, and used that surveillance information to profile individuals, further enriching the profiles through its data marketplace and endangering people’s privacy on a massive scale — including, according to the allegations, by using sensitive data proxies to bypass controls for privacy.
Commenting on the lawsuit in a statement, Ryan said: “Oracle breached the privacy of billions of people around the world. It’s a Fortune 500 company on a dangerous mission to track where every person in the world goes and what they do. We are taking this action to stop the Oracle monitoring engine.
An Oracle spokesman declined to comment on the litigation.
A few years ago, the firm faced class action lawsuits, along with Salesforce, through a legal challenge to track him down in Europe — who intended to focus on the legality of their consent to track web users, citing (in contrast) the region’s overarching data protection/privacy laws.
However, European legal challenges, which were brought in the Netherlands and the UK, have had a rocky ride – with a Dutch court ruling the case inadmissible last year because (on reports) he held that the nonprofit bringing the class action had failed to establish that it represented the alleged injured parties and therefore lacked legal standing. (Although earlier this year the organization behind the lawsuit, the Privacy Collective, said it would appeal.)
Meanwhile, the UK branch of the lawsuit has been put on hold pending the outcome of an earlier privacy class action against Google – but last year The UK High Court sided with the tech giant, blocking this class action and dealing a blow to the prospects for other similar cases.
IN Lloyd v. Google casethe court found that damages/losses must be suffered in order to claim damages—and therefore that the need to prove damages/losses on an individual basis cannot be waived—which defeats the litigation’s pursuit of a uniform “loss of control ” on the personal data for each member of the claimed representative class to stand in his place.
The decision was seen as a hammer blow to the abandonment of privacy class actions at the time – apparently throwing another wrench into the running of the Oracle-Salesforce class action’s ability to proceed in the UK.
The challenges of litigating privacy class actions in Europe likely explain the push for digital rights experts to test similar claims in the US.