knowledge & insights

Oracle Litigation Update: Privacy Matters

Beeman & Muchmore, LLP is not involved in the below-mentioned data privacy class action matter in any capacity. All information contained herein has been taken from the public record.

Last September, we wrote about a class action complaint against Oracle concerning data privacy. While it came as no surprise that Oracle had been targeted in litigation – yet again – we found the allegations in this complaint to be striking and extensive.

Today, we write to catch up on the motion practice in this matter since September. In sum, most of the claims in Plaintiffs’ complaint survived Oracle’s motion to dismiss and, for those that were dismissed, Plaintiffs have refiled.

Bottom line? It is a virtual certainty that this matter will move into discovery.


As we wrote when it was first filed, this is an unusually robust complaint:

This complaint sets forth how the regularly conducted business practices of defendant Oracle America, Inc. (“Oracle”) amount to a deliberate and purposeful surveillance of the general population via their digital and online existence. In the course of functioning as a worldwide data broker, Oracle has created a network that tracks in real-time and records indefinitely the personal information of hundreds of millions of people. Oracle sells this detailed personal information to third parties, either directly, or through its “ID Graph” and other related products and services derived from this data.

As summarized by TechCrunch, the totality of the allegations suggest that the “tech giant’s ‘worldwide surveillance machine’ has amassed detailed dossiers on some five billion people, accusing the company and its adtech and advertising subsidiaries of violating the privacy of the majority of the people on Earth.”

In addition to the wide-ranging impact Oracle’s alleged conduct may have on consumers around the world, it is also worth noting that Oracle has been sued for essentially the same thing that Ken Glueck, Oracle’s executive vice president and Chief Washington Lobbyist, has stridently accused Google (and others) of doing. As we also wrote in September:

We have long believed that Oracle’s intentional efforts to fan the flames of techlash – with aggressive political posturing and acerbic attacks on the cloud providers it envied (Google, Amazon, etc.) – served the dual purpose of: (1) weakening the adversaries that it was having difficulty competing against; and (2) creating a distraction from Oracle’s own dubious practices. That Oracle may face a comeuppance for this destructive market activity can only be a good thing.

The complaint itself is replete with many specific allegations, including alleged quotes from Larry Ellison regarding the staggering extent of Oracle’s surveillance. We wrote:

According to Spiceworks, Oracle ID Graph is one of the Oracle services under fire. In a 2016 presentation, Larry Ellison, Oracle co-founder and CTO, bragged that there were five billion consumers in the service almost a year after the launch of ID Graph. “How many people are on Earth? Seven billion,” Ellison said at the time. “Two billion to go.” 

Bart Willemsen, analyst and VP at Gartner, expressed that Ellison had no business boasting of Oracle, a primarily enterprise-focused company, having so much user data. He wrote, “To present a slide like this, advertising you have *5 billion consumer profiles* and are proud of it, while being Oracle, a company hardly any regular digital consumer even thinks they’re actively interacting with or connected to…is BEGGING for attention.”

It bears remembering that Lieff Cabraser, class counsel, is a well-established plaintiffs’ law firm that, at minimum, has spearheaded numerous high-profile class actions and knows what it takes to bring a complex matter against a formidable defendant to verdict. 

Oracle’s Motion to Dismiss

In November of last year, Oracle filed a robust motion to dismiss/motion to strike Plaintiffs’ complaint. [Dkt 23.] Oracle’s motion made multiple claim-specific allegations, but it primarily turned on the notion that Plaintiffs failed to specifically allege that Plaintiffs’ data was sold to any party. [Dkt. 23: pp. 6, 8.] While the court acknowledged that the complaint “would indeed be much better served by the inclusion of more allegations specifically tying their … general allegations … to the named plaintiffs,” the court declined to dismiss the case [Dkt. 49: pp. 8-9.], finding Plaintiffs had sufficiently alleged that an “electronic profile” was compiled on named Plaintiffs and that they were “harmed through the abrogation of their autonomy and their ability to control dissemination and use of information about them.” [Dkt. 49, p. 9.] Citing Ninth Circuit precedent, the court also noted that “invasion of Privacy can be a harm in and of itself.” [Dkt. 49, p. 9.]

On a claim-by-claim basis, the bulk of Plaintiffs' claims survived Oracle’s motion. Plaintiffs’ claims for Invasion of Privacy and Intrusion Upon Seclusion were found to be sufficiently based on allegations that Oracle was tracking online “and offline activity” and, further, that “sensitive health and personal safety information” as well as data on race and politics “would go well beyond the ‘routine commercial” behavior of collecting contact information for sending advertisements. [Dkt. 49, p. 12.] (Emphasis in original.)  Certain of Plaintiffs’ tertiary claims failed, such as Unfair Competition Law (which failed for lack of specific monetary or economic loss), Federal Wiretap law (for failure to show Oracle was a party to any communications) and Unjust Enrichment (failure to show that Plaintiffs were in direct privity with Oracle). [Dkt 49, pp. 15, 16, 18.]

Plaintiffs File Amended Complaint

On May 22, 2023, Plaintiffs filed their First Amended Class Action Complaint.” [Dkt. 54.] Responding to some concerns the court had regarding the applicability of California law, Plaintiffs created a “Florida Sub-Class,” added allegations regarding Florida law (the residence of a named Plaintiff), and added certain Florida causes of action. [Dkt. 54, pp. 12, 53, 64, 85.]

Due to the robustness of the amended complaint, we consider it highly likely that Oracle will, again, move to dismiss the new causes of action. However, no matter how successful the renewed motion is, it is a virtual certainty that the class action will move forward into the next stage which will likely be discovery.  And, while there are already intimations that much of this matter will unfold outside of the public eye (see Docket Entries 57 and 48 regarding filing under seal), we are nonetheless waiting with anticipation to determine what we will learn about Oracle’s allegedly extensive surveillance practices.

* * *

As we stated in September, Beeman & Muchmore’s software licensing practice is not directly concerned with Oracle’s alleged efforts to collect and sell consumer data. However, our practice is very much concerned with Oracle’s preternatural ability to engage in deeply unpopular licensing tactics that are an open secret in the industry yet continue to be all but unknown by the public. It is our position that the more Oracle’s practices are known – by the public and otherwise – the greater the chance it will be forced to curb those practices. 

With the impending dismissal of The Oracle Securities Litigation, this matter could be just what is needed to help draw scrutiny to Oracle and, hopefully, curb its ability to keep its unpopular practices in a number of spheres under the radar.

Published on June 23, 2023

Software licensors are known for vague contracts—they’ve made a business of it. 

Read the latest industry news.

Recommended Reading