The case of a software giant selling personal data to a third party is troubling, Iris Akwetey, senior research analyst at Info-Tech Research, said today.
Akwetey was responding to news of a class action lawsuit filed last Friday against Oracle Corp., which said the company had detailed personal information about the shopping habits of about five billion consumers.
“Oracle, in most cases, will act as a data processor for other or most companies (the data controllers),” she said. “(It) may clearly violate part of their contracts or even abuse their responsibility as data processors not to share or sell personal data to third parties without the knowledge of the data controller or the consent of the data subjects. .”
The regulations, Akwetey said, “require that data is not stored indefinitely. Each category of data (personal and sensitive) has its own retention period, which must be respected. Additionally, organizations should delete all data as soon as they reach their goal.
“Oracle should be aware of these practices and the consequences of a violation. Selling billions of people’s personal data in today’s age of technological advancement is reckless and unacceptable, and regulators will most likely scapegoat it.
Larry Ellison, founder and chairman of the company, freely admitted in a Scheduled speech he said in San Francisco six years ago that the company tracks the buying trends of billions of consumers.
Speaking at Oracle OpenWorld 2016, he said that “one of the most famous machine learning applications, of course, is trying to predict consumer purchases. And here it’s really a combination of looking in real time at all of their social activity, looking in real time at where they are, including micro locations.
Ellison then said it “scares the lawyers, they’re shaking their heads and putting their hands over their eyes.”
He went on to say that Oracle collecting “information about consumers, and you combine that with their demographics and past buying behavior, we can do a pretty good job of predicting what they’re going to buy next.
“Now, where do these demographics come from? Where do these past purchases come from? Well, Oracle Data Cloud is the biggest database. There are two large databases that track consumers, if you will, that contain a lot of consumer information.
“One is very famous, it’s called Facebook. The other is less known. This is Oracle’s Data Cloud. We actually have more consumers in our data cloud than they have in theirs. They have great data, don’t get me wrong, Facebook has amazing data resources, but so do we.
“And in our data cloud, marketers are able to target consumers and do a much better job of predicting what they’re going to buy next. I believe five billion consumers are in our identity graph – five billion. How many people are there on earth? Seven billion – only two billion left.
According to a statement Released by the Dublin-based Irish Council for Civil Liberties (ICCL) on Monday, the organization’s lead researcher Dr. Johnny Ryan is one of three class representatives in a lawsuit filed in the US District Court for the District northern California on the last Friday.
The others are Michael Katz-Lacabe, a US-based privacy rights activist, and Dr. Jennifer Golbeck, a professor at the University of Maryland, who is described in a court document as a social media expert, social media, privacy and web security.
“Oracle is an important part of the tracking and data industry,” the statement said. “He claimed to have amassed detailed records on five billion people and generated $2.4 billion in annual revenue.
“Oracle’s records of people include names, home addresses, emails, online and real-world purchases, real-world physical movements, income, political interests and opinions, as well as a detailed account of online activity.”
Ryan added, “We are taking this action to shut down Oracle’s surveillance machine.”
Akwetey said the EU GDPRas well as other privacy regulations around the world, such as California law CPRArequires data subjects to consent to how their data will be used and which third parties will have access to their personal information, whether domestically or internationally.
“Most regulations also require consent if the purpose of the data collected changes at any given time. The controller and the processor (through contracts) must comply with these requirements.
“Data processors and data controllers are also required to know what data they have, whether that data is relevant to the purpose for which it was collected, and where that data is stored. So far, almost all regulations have required that an organization collecting data predict the use of data to avoid collecting excess data.
Comments are closed.