- If you have a call with your doctor that probably is specialized in that specific condition, that metadata would be good enough to guess that condition.
- Some doctors send appointment reminders via email, if you use gmail that would explain the youtube ad
- If you use the wifi/gps at that doctor office, and some other patient also uses the wifi/gps and they use google to search for those conditions, that would be enough to link you with them. This could be any website making the link and tying all those people as similar.
- Close friends and family that research about your condition, would also point to you having that condition. Would probably use google to research, that would explain ads on youtube. They would also see ads for that and actually even might click on them because they would be interested on it.
While this may be true, recently I started using Google Flights and couple of days later I started receiving email ads (ads in Gmail) about flight cancelation insurance.
Language is not clear enough, scan is different from metadata. I can see a lawyer defining scan as checking every word of the content and metadata being account Foo sends email to account Bar. That would be enough to make the connection. Foo account later uses google to search about topic A then topic A is presented to account Bar.
It’s also possible it was stolen. Though a FOI request against my hospital I was able to find the URLs where they store documents (they printed them and sent them to me, with the URLs at the top), which appear (though I obviously didn’t try) to be vulnerable to enumeration attacks. The files I was supplied with have sequential identifiers.
Assuming they live in the US, that is against HIPAA and in my experience it is taken very seriously since what you described is crime punished by a fine of up to $250,000 and up to 10 years in jail.
None of these sound reasonably ethical to me. I think we all agree that medical information shouldn't be sold. If you disagree then what do we do about HIPPA? Get rid of it? I feel like the things you listed above basically skirt around HIPPA. Legal, but definitely violates the spirit of the law.
That's how Google operates, all they see is bits flowing one way and another and the algorithm makes the connection. That's the problem, there is no safeguards or way of saying don't make those connections since they leak personal info.
- If you have a call with your doctor that probably is specialized in that specific condition, that metadata would be good enough to guess that condition.
- Some doctors send appointment reminders via email, if you use gmail that would explain the youtube ad
- If you use the wifi/gps at that doctor office, and some other patient also uses the wifi/gps and they use google to search for those conditions, that would be enough to link you with them. This could be any website making the link and tying all those people as similar.
- Close friends and family that research about your condition, would also point to you having that condition. Would probably use google to research, that would explain ads on youtube. They would also see ads for that and actually even might click on them because they would be interested on it.