Enterprise giant Oracle faces a new privacy claim in the US.
The lawsuit, filed Friday as a 66-page complaint in the Northern District of California, alleges that the tech giant’s “global surveillance machine” has amassed detailed files on some five billion people, involving the company and its adtech and advertising subsidiaries are accused of violating the privacy of the majority of people on Earth.
The suit has three class representatives: Dr. Johnny Ryan, senior fellow of the Irish Council for Civil Liberties (ICCL); Michael Katz-Lacabe, director of research at The Center for Human Rights and Privacy; and Dr. Jennifer Golbeck, a computer science professor at the University of Maryland — who say they are “acting on behalf of global Internet users who have been victims of Oracle’s privacy violations.”
The litigants are represented by San Francisco-based law firm, Lieff Cabraser, which they believe has filed significant privacy lawsuits against Big Tech.
The main point here is that there is no comprehensive federal privacy law in the US – so the process is certainly facing a hostile environment to make a privacy case – hence the complaint refers to multiple federal, constitutional, tort and state laws, which violations of the federal Electronic Communications Privacy Act, the California Constitution, the California Invasion of Privacy Act, as well as competition and common law.
It remains to be seen whether this “patchwork” approach to a challenging legal environment will prevail – for expert rapid analysis of the complaint and some key challenges this whole thread is highly recommended. But the content of the complaint hinges on allegations that Oracle is collecting massive amounts of data from unwitting internet users, i.e. without their consent, and using this surveillance information to profile individuals, further enrich profiles through its data marketplace, and protect people’s privacy. on a large scale — including, according to the allegations, by using sensitive data proxies to circumvent privacy controls.
Class action in California against Oracle by @johnnyryan and others
Ryan and others’ recent case against the IAB over RTB was quite an impressive piece of work
This case deals with similar issues, but in a much more challenging legal environment
A rather long one🧵https://t.co/ZBnBaw7cNs
— Robert Bateman (@RobertJBateman) August 22, 2022
In a statement regarding the lawsuit, Ryan said: “Oracle has violated the privacy of billions of people around the world. This is a Fortune 500 company with a dangerous mission to keep track of where everyone in the world is going and what they are doing. We are taking this action to stop Oracle’s surveillance engine.”
An Oracle spokesperson declined to comment on the lawsuit.
A few years ago, the company, along with Salesforce, faced class action lawsuits over a legal challenge to its tracking in Europe — which aimed to focus on the legality of their consent to track internet users, citing the (in contrast) comprehensive data from the region’s protection/privacy laws.
However, European legal challenges, filed in the Netherlands and the UK, have struggled – with a Dutch court finding the lawsuit inadmissible last year, as it ruled (according to reports) that the not-for-profit class action had failed to demonstrate that it represented the alleged injured parties and thus had no legal capacity. (Although earlier this year the organization behind the suit, the Privacy Collective, said it would appeal.)
The UK branch of the legal proceeding, meanwhile, was suspended pending the outcome of a previous class-action-style privacy case against Google – but last year the UK’s Supreme Court sided with the tech giant, blocking that representative action and dealing a blow to the prospects for other similar costumes.
In the Lloyd v Google case, the court ruled that damage/loss must be incurred in order to claim damages – and therefore the need to prove damage/loss on an individual basis cannot be dispensed with – thus making the lawsuit’s pursuit of a unified ” loss of control” of personal data for each member of the claimed representative class to take his place.
The ruling was considered at the time a hammer blow to rule out privacy claims class actions – clearly another blow to the work of the Oracle-Salesforce class action’s ability to proceed in the UK.
The challenges of litigation over privacy class actions in Europe likely explain the pressure from digital rights experts to test similar claims in the US.
This post Oracle’s ‘surveillance machine’ targeted by class action for privacy in the US TechCrunch
was original published at “https://techcrunch.com/2022/08/22/oracle-us-privacy-class-action/”