Oracle, the database software and cloud computing giant, has reached a $115 million settlement in a class-action lawsuit alleging invasion of privacy through unauthorised data collection and sale.

The preliminary settlement, filed in a San Francisco federal court, awaits judicial approval.

The plaintiffs accused Oracle of violating federal and state privacy laws, as well as California's constitution, by creating "digital dossiers" on hundreds of millions of individuals without their consent. These dossiers allegedly contained extensive personal information, including online browsing history, banking activities, shopping habits, and credit card usage.

According to the lawsuit, Oracle then sold this information directly to marketers or through products like ID Graph, which Oracle claimed helps marketers "orchestrate a relevant, personalised experience for each individual."

As part of the settlement, Oracle has agreed to cease collecting user-generated information from previously visited website URLs and text entered into online forms outside of Oracle's own websites. The company, however, denies any wrongdoing.

The settlement covers individuals whose personal information Oracle collected or sold since 19 August 2018. Named plaintiffs include privacy rights activist Michael Katz-Lacabe and Dr Jennifer Golbeck, a University of Maryland professor specialising in social media and privacy.

Lieff Cabraser Heimann & Bernstein, the law firm representing the plaintiffs, may seek up to $28.75 million from the settlement for legal fees.

This case highlights the ongoing tension between data-driven business models and individual privacy rights in the digital age. It also comes in the wake of Oracle's decision to exit the ad tech business by 30 September 2024, a move reportedly influenced by falling revenues and increasingly stringent global privacy regulations.

---