Oracle agreed to pay US$115 million ($172 million) to settle a lawsuit accusing the database software and cloud computing company of invading people’s privacy by collecting their personal information and selling it to third parties.
A preliminary settlement of the proposed class action was filed late last week in San Francisco federal court and requires a judge’s approval.
Oracle denied wrongdoing.
The plaintiffs, who otherwise have no connection to Oracle, said the company violated federal and state privacy laws and California’s constitution by creating unauthorised “digital dossiers” for hundreds of millions of people.
They said the dossiers contained data including where people browsed online, and where they did their banking, bought gas, dined out, shopped and used their credit cards.
Oracle then allegedly sold the information directly to marketers or through products such as ID Graph, which according to the company helps marketers “orchestrate a relevant, personalised experience for each individual.”
The settlement covers people whose personal information Oracle collected or sold since August 19, 2018.
As part of the settlement, the company agreed to not to gather user-generated information from URLs of previously visited websites, or text that users enter in online forms other than on Oracle’s own websites.
Oracle did not immediately respond to requests for comment.
The named plaintiffs include privacy rights activist Michael Katz-Lacabe and Jennifer Golbeck, a University of Maryland professor specialising in social media and privacy.
Lieff Cabraser Heimann & Bernstein, which represents the plaintiffs, may seek up to US$28.75 million from the settlement for legal fees.