Settlement: Oracle pays 115 million US dollars for data protection violations

The database giant is using the sum to avert a ruling in a lawsuit that it violated the privacy of billions by collecting information.

Save to Pocket listen Print view

(Image: Erzeugt mit Stable Diffusion durch heise online)

3 min. read

After almost two years of legal proceedings, a group of international privacy activists has reached a settlement in a class action lawsuit with Oracle. The plaintiffs accused Oracle and its AdTech subsidiaries, which focus on targeted programmatic advertising, of collecting detailed dossiers on around five billion people without their consent. The plaintiffs were Johnny Ryan from the Irish Council for Civil Liberties (ICCL), Michael Katz-Lacabe, Director of Research at the Center for Human Rights and Privacy (CeHRP), and computer science professor Jennifer Golbeck from the University of Maryland.

According to the agreement reached before a US federal court in San Francisco, the plaintiffs will pay 115 million US dollars to avoid a judgment in the case. The sum will go into a non-refundable cash fund "to be distributed equally among the Settlement Class Members," according to excerpts from the agreement posted by Ryan. The agreement, which was negotiated over eight months, also provides for significant non-monetary compensation for the alleged data breaches: Oracle has given firm assurances that it will not record certain offending electronic communications for any further use of the products and services described in the lawsuit. In addition, the database giant intends to implement an audit program "to monitor compliance with its contractual obligations to protect the privacy of its customers".

The lawsuit mainly concerned the allegation that Oracle had used the data collected from internet users to create individual profiles and further enrich and sell them via its own data marketplace. A massive data breach in 2020 provided detailed insights into the Silicon Valley company's activities in this regard. Oracle collected the extensive user traces primarily via its subsidiary BlueKai. With the help of cookies and other tracking tools such as snooping pixels on websites, including porn portals and in HTML emails, the company is said to have built up a large advertising network.

As part of the settlement, Oracle has announced that it intends to give up the AdTech business completely. Products such as its own "Cloud Data Management" platform, the BlueKai business and Digital Audiences including OnRamp with the ID Graph identifier and cross-device tracking are to be discontinued by September 30. At the same time, the Group intends to automatically delete controversial user and customer data as soon as its other obligations under the agreement have been fulfilled. Relationships with relevant data providers will also be terminated. Ryan spoke of a "major change for one of the largest data traders in the world".

(mid)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.