Security Experts:

Connect with us

Hi, what are you looking for?



Class Action Lawsuit Filed Against Oracle Over Data Collection Practices

A class action lawsuit filed against Oracle on Friday in the Northern District of California claims that the tech giant has built a worldwide surveillance machine.

A class action lawsuit filed against Oracle on Friday in the Northern District of California claims that the tech giant has built a worldwide surveillance machine.

According to the complaint, Oracle’s business practices “amount to a deliberate and purposeful surveillance of the general population via their digital and online existence,” tracking and recording the personal information of hundreds of millions.

The complaint also claims that the collected information is being sold to third parties through various products and services, including the ID Graph, and that the proposed classes have “no reasonable or practical basis upon which they could legally consent to Oracle’s surveillance.”

Representatives in the suit include Michael Katz-Lacabe (privacy rights activist), Dr. Jennifer Golbeck (associate professor at University of Maryland in College Park), and Dr. Johnny Ryan (senior fellow at the Irish Council for Civil Liberties).

According to the complaint, Oracle has created electronic profiles on all three representatives, based on their web browsing and other online activities, without their consent, and also shared this personal information with third parties, including advertisers.

“Oracle tracks the lives of the general public in a manner that is opaque, if not invisible, to the people it follows, as they have no direct relationship with Oracle. Oracle does not even maintain a pretense of having directly obtained the consent of the subjects of its surveillance who have no legal or practical ability to consent to Oracle’s conduct,” the document reads.

The complaint makes reference to multiple laws that Oracle’s business model is supposedly in violation of.

SecurityWeek has reached out to Oracle for comment.

Related: MCG Health Faces Lawsuit Over Data Breach Impacting 1.1 Million Individuals

Related: Meta Agrees $90 Million Settlement in Facebook Privacy Suit

Related: Class Action Lawsuit Filed Against SolarWinds Over Hack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.