Oracle Didn’t See the Data Reckoning Coming
(Bloomberg Businessweek) -- Oracle Corp. has spent five years and billions of dollars getting really good at following people around the internet. Six acquisitions reportedly totaling at least $3 billion since 2014 helped make the database company a big name in the field of advertising software. That’s an inoffensive term for a suspect practice: scooping up personal data and selling it to big brands, letting them track customers’ browsing activity and connect purchases to social media profiles. But in the time it took Chief Executive Officer Mark Hurd to assemble this miniature panopticon, the panopticon business started to look a lot riskier.
Facing tough questions about its practices over the past year, Oracle’s advertising software division, known as Data Cloud, has implemented previously unreported dismissals. While Data Cloud has always been a small part of Oracle’s overall sales, Hurd, co-founder Larry Ellison, and other executives repeatedly cited it over the years as a bright spot in their otherwise humdrum business. That appears to be over. Investment bank Stifel Nicolaus & Co. estimates that Data Cloud delivered only about $500 million of Oracle’s $40 billion in sales last year. “What happened over the past couple years is, the nebulous concerns people may have had about what companies were doing with personal data all of a sudden became very real,” says Blair Hanley Frank, an analyst at ISG, a technology research and advisory firm. “The risk to Oracle in all of this is what seemed like a somewhat ignorable value-add business a few years ago could all of a sudden become a big scary bugbear.”
Oracle said in a statement that it eliminated some positions while reorganizing the divisions, partly to account for recent acquisitions.
Data Cloud’s software enables an advertiser to target people based on what they buy in stores; the websites they visit; their likes, interests, and musings on social media; and even what they’re looking at on their screens. It also helps an advertiser manage its Facebook and Twitter campaigns. If Company X wants to, it can ask Oracle to find people looking at images of its SUV, add the information to its consumer profiles, and then upload the data to Facebook, where the carmaker can target those people with ads for the same model.
That last part has gotten tougher in the past year. In March, after the Cambridge Analytica scandal revealed just how casually Facebook Inc. had shared user data with other companies for years, the social network’s clampdown on its own systems became a serious problem for Oracle, say two former staffers and another person familiar with the matter, all of whom spoke on condition of anonymity for fear of reprisal. By fall, Facebook promised, Oracle and other companies would have to get more consumer consent to use data that helped brands target ads on its network, and Facebook would stop selling ad data on behalf of such third parties. Facebook confirmed that it canceled two partner programs but declined to comment further.
Before the Cambridge story broke, it wasn’t uncommon for Oracle account managers to do 40 percent of their business on Facebook, says one of the former staffers. So while Oracle tried to get Facebook workarounds in place, account managers scrambled to push clients toward Twitter, Pinterest, and other alternatives that at least kept them spending money, that person says. At the same time, the list of companies supplying Oracle with profile data fell by as much as half, they say, because many of those companies couldn’t comply with Europe’s new General Data Protection Regulation ahead of its enforcement deadline last May. Oracle says it doesn’t push clients to favor one platform or another, that it has more than made up for its lost data inputs with new partners in other markets, and that Facebook remains a key partner.
Oracle says Data Cloud has grown more than fourfold in the last four years, but on a private conference call with analysts in June, Oracle executives warned that the Data Cloud unit was facing a growth slowdown, says a person familiar with the matter. On July 16, Oracle fired more than 100 people, about 5 percent of its Data Cloud staff, amid a restructuring, two people familiar with the matter say. (Oracle wouldn’t comment on the numbers.)
Oracle, like its rivals, still has access to Facebook’s restricted ad platform, and now it has to accept all the liability for violating GDPR or other privacy rules. That’s already come back to bite: In November, consumer advocate Privacy International named Oracle as one of seven GDPR scofflaws in a complaint to U.K. authorities. (Also on the list: hacked credit rating agency Equifax Inc.) The consumer advocate said Oracle collected education and family status details about members of Privacy International’s staff, pegged to their names and postal addresses, without their consent, and that the dizzying amount of other information it can collect from a wide range of sources— about everything from online dating to political beliefs—makes it difficult to trace the origin of that data and correct or delete that data.
Oracle says the Privacy International claim is inaccurate and will be disproven. The Information Commissioner’s Office in the U.K. hasn’t begun reviewing the claim, according to Privacy International. “We don’t know what’s going to happen from a public perception and regulatory standpoint,” says Frank, the ISG analyst. “But I think it’s clear we’re not in 2015 anymore.”
To contact the editor responsible for this story: Jeff Muskus at email@example.com
©2019 Bloomberg L.P.