Privacy International files GDPR complaint against Oracle

Privacy International has filed General Data Protection Regulation (GDPR) abrogation complaints against seven companies, including Oracle.

The privacy rights organisation’s filing to the Information Commissioner’s Office says it is “gravely concerned at the data processing activities of the data broking and adtech industry”, adding: “We are therefore submitting this complaint against Acxiom and Oracle, together with two separate joined complaints against data broker/credit reference agencies Experian and Equifax and adtech companies Quantcast, Tapad and Criteo.”

Privacy’s complaint against Oracle over alleged breaches of the GDPR turns on the activities of companies it has acquired, namely Datalogix, AddThis, Crosswise, BlueKai, and DataFox.

It is particularly concerned with the Oracle Data Cloud, which it cites Oracle claiming to be able to help “advertisers connect with the right customer, personalise every interaction, and measure the effectiveness of each engagement… Oracle Data Cloud creates true cross-channel consumer understanding, so you know more about who your customers are, what they do, where they go, and what they buy”.

Privacy International also cites Oracle’s claim that Data Cloud “aggregates, analyses and activates consumer data, enabling marketers to connect to customers and prospects at all stages of the buying journey. Powered by Oracle ID Graph, Oracle Data Cloud lets you target the right consumers, personalise their experience, and measure the effectiveness of that engagement”.

The organisation puts its finger on what it considers fundamentally wrong with “data brokers” – in this case, Oracle and database marketing company Acxiom: “By using a variety of inputs, data brokers can make intrusive inferences about individuals, meaning that the output of the analysis is greater than the sum of its parts.”

It characterises “data brokers” in terms that might seem odd to IT professionals, as companies few have heard of: “A common feature of data brokers is that they are, on the whole, non-consumer-facing. Therefore, despite processing data about millions of people, data brokers are not household names and most people have never heard of them, do not know that they process their data and profile them, whether this data is accurate, for what purposes they are using it, or with whom it is being shared and the consequences of this processing.”

The rise of big data and associated big data analytics, commonly seen positively as the “new oil” by IT and information professionals, are deplored by the privacy rights group, which writes: “While the buying and selling of personal data is not new, what has changed over the course of the past few years is ‘the tremendous increase in the volume and quality of digitally recorded data – and the technological advances that have facilitated access to, storage, analysis and sharing of this information.”

Privacy International wants the information commissioner to conduct a “full investigation into the activities of Acxiom and Oracle”, and “in the light of the results of that investigation, [take] any necessary further [action]… that will protect individuals from wide-scale and systematic infringements of the GDPR”.