TFW when you brag about the size of your graph on stage at an industry event, then it’s used as evidence against you.
Oracle was hit with a class-action lawsuit on Friday accusing the company of “a deliberate and purposeful surveillance of the general population via their digital and online existence.”
The suit, which was filed in the Northern District of California, quotes from Oracle Chairman and CTO Larry Ellison’s keynote presentation at the company’s 2016 OpenWorld conference, during which he boasted that there are five billion people in Oracle’s ID Graph.
“How many people are on Earth, seven billion? Two billion to go,” Ellison quipped from the stage.
You can read the full complaint here, which focuses on Oracle’s use of third-party trackers to create profiles without consent.
Johnny Ryan, a senior fellow at the Irish Council for Civil Liberties (ICCL), is one of three lead plaintiffs behind the lawsuit. Two US-based privacy rights advocates – Dr. Jennifer Golbeck, a professor of computer science at the University of Maryland, and Michael Katz-Lacabe, director of research at The Center for Human Rights and Privacy – round out the bunch.
This, however, is not Ryan’s first rodeo.
In June of last year, Ryan brought a suit against the IAB Tech Lab in a Hamburg court, accusing it of sharing consumer data without consent via real-time bidding. Specifically, that lawsuit argues the Tech Lab’s audience taxonomy unlawfully segments people without permission based on sensitive personal information, such as health status, religious beliefs and sexual orientation.
Between 2018 and 2020, during his stint as chief policy and industry relations officer at Brave, Ryan also helped file complaints in 16 different European countries alleging that RTB itself is a violation of GDPR.
Because this most recent complaint against Oracle was filed in the US and not Europe, Ryan, Golbeck and Katz-Lacabe are alleging violations of a cocktail of different US laws, including the Federal Electronic Communications Privacy Act and the California Invasion of Privacy Act.
The complaint comes at a time when Oracle’s advertising business hasn’t been thriving. Oracle has been losing market share to its marketing cloud competitors, namely Salesforce, and it recently went through a massive reorg of its Oracle Advertising business, which resulted in a round of layoffs this summer.
Even so, Oracle Advertising netted around $2 billion last year, a person with knowledge of the numbers told Insider.
And, in the view of its most recent complainants at least, that was money made through unlawful privacy violations.
According to the suit, “Oracle does not even maintain a pretense of having directly obtained the consent of the subjects of its surveillance … who have no legal or practical ability to consent to Oracle’s conduct.”
To be fair, Oracle did shut down its AddThis business in Europe after it became clear that trying to get informed consent to use AddThis audience data wasn’t going to work at scale (and that legitimate interest wasn’t going to fly as a legal basis under GDPR).
Oracle acquired AddThis, which is a social bookmarking service, for $200 million back in 2016.
Which is the same year Ellison took to the stage at OpenWorld to exult in Oracle’s data advantage, including its ready access to information on everything from social activity, web browsing and past purchases to real-time physical location and even “knowing how much time you spend in a specific aisle of a specific store.”
“This is scaring the lawyers,” Ellison joked to the audience. “[They’re] shaking their heads and putting their hands over their eyes.”
Oracle did not respond to AdExchanger’s request for comment.
