Credit: Marco Piunti / Getty Images A class action lawsuit filed last week in the Northern District of California accused Oracle of running a “worldwide surveillance machine” and violating the fundamental privacy rights of hundreds of millions of people. The suit alleges that Oracle has violated California’s state constitution by compiling and selling off personal data and makes a common law tort claim for intrusion upon seclusion, along with five further causes of action ranging from state data protection laws to the federal wiretap act.Lawsuit claims Oracle created profiles without consentThe plaintiffs in the suit are two privacy rights activists in the U.S. and one in Ireland, all of whom assert that they have data to show that Oracle has created profiles of them without their consent. The amount of relief sought isn’t specified, but the suit – in addition to asking for certification as a class action – demands a halt to Oracle’s data collection activities, as well as restitution of profits made from data collected without consent.“As a data broker, Oracle effectuates ongoing, comprehensive surveillance of the Plaintiffs and Class members which grievously intrudes upon their privacy,” the complaint states. “Ordinary people, such as the Class members, do not and cannot possess an appropriate level of knowledge about the substantial threats that Oracle’s surveillance poses to their own autonomy.” Latest in a series of actions against Oracle’s data collection practicesIt’s not the first time that Oracle has dealt with legal trouble over its data collection practices, having faced a GDPR-based class action in Holland in 2020. (That case was dismissed earlier this year for a lack of standing, although the plaintiff, an activist group called The Privacy Collective, has said it plans to appeal.) UK courts also shot down a similar lawsuit against Google last year, saying that plaintiffs alleging that Google partially overrode iPhone privacy settings in the Safari browser couldn’t demonstrate that they’d suffered damage or a loss as a result. Whether the results will be different in U.S. federal court remains to be seen, but privacy experts will doubtless be watching the case closely. EU countries like Holland are subject to the wide-ranging GDPR, while the UK also has the Data Protection Act. By contrast, the U.S. is still without a national-level data protection rule, so legal action in this area has to take place in different contexts. Related content feature Whitelisting explained: How it works and where it fits in a security program Whitelisting locks down computers so only approved applications can run. Is the security worth the administrative hassle? By Josh Fruhlinger and CSO Staff Jun 07, 2024 10 mins Email Security Application Security Data and Information Security interview How Amazon CISO Amy Herzog responds to cybersecurity challenges Amazon CISO for devices and advertising products and services describes how her team works with product and devops teams to ensure products are cybersecure. By David Strom Jun 07, 2024 5 mins Security Practices Vulnerabilities Security news FBI offers to share 7,000 LockBit ransomware decryption keys with CISOs It’s not clear how many of the decryption keys are still viable, but it’s likely to be a boon for many enterprise victims who did not pay the ransom. By Evan Schuman Jun 06, 2024 4 mins Ransomware how-to Download our password managers enterprise buyer’s guide While it may seem counterintuitive to entrust security to a single password manager app accessed by a single password, using a password manager is in fact a very good idea. Here’s what you need to know to choose a password manager for your busi By Josh Fruhlinger and Tim Ferrill Jun 06, 2024 1 min Password Managers Enterprise Buyer’s Guides PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe