GCP is not an ad company

Neither are Chrome or Android (or all of the other Google products that were once silo'd from each other through privacy agreements and could have been monetized in other ways)

Now they all do their best to feed your data straight into Google, while other similar products do their best to protect it. How long until GCP says 'let's pool all of our data for machine learning' or 'centralize your network traffic for security analysis' and 'We've updated our privacy policy, please leave immediately if you don't agree to the updates'

Thank you. These people cheering seem to live in an alternate reality where google has been trustworthy and not a corporate psychopath

The income of the owning company comes to 85% from advertising. It is pretty save to say that they are an ad company.

It is also very likely that any data collected is used to reinforce and consolidate their main business.

Oh come on. There are contracts with GCP customers in place. There is a massive set of regulations around data misuse. Do you really think Google would risk the company-destroying liability of being caught using data improperly (something that‘s not in their T&c)? Who‘s to say there wouldn‘t be whistleblower tomorrow.

A company can do more than one thing. It probably would be a decent idea to make GCP a subsidiary, just so it‘s absolutely clear to everyone. Their capabilities in data analysis and ML make this an ideal project.

Like why is no one saying Amazon might be misusing data from AWS to benefit themselves. This just seems like the usual HN bias.

Has any company ever been punished for data misuse (i.e. severely, enough to make other companies think twice before doing the same thing)?

Apple listens to Siri conversations, whatever. Experian leaks private data, no biggie. Experian gets hacked, oops. Grindr sells your sexual orientation data, business as usual.

Different scenario. Voice assistant customers are regular users. The opposing side is a government agency who collects fines.

In a cloud data misuse case the civil liabilities are actually terrible, because you’re going up against other cash-rich corporations. Insert saying: stealing from the poor vs stealing from the wealthy.

Actually a lot of people point out that Amazon abuses it's storefront data as market research for it's own first party products on a scale nobody else can match. (And then, in turn, gives its first party products better placement in the store, to then crush the competition.)

The difference is, Amazon hasn't demonstrated a massive desire to collect and use health data, and fundamentally, isn't an ad company.

The other thing you're forgetting is that Google regularly changes the terms of the agreements it makes. When it bought DoubleClick, it swore that DoubleClick would never be able to access people's Google account data and that there would be a clear firewall of ad personalization information. Up until they changed their terms of service so that they could: https://www.propublica.org/article/google-has-quietly-droppe...

Google literally embodies the classic "I am altering the deal. Pray I do not alter it any further." Just because they claim they won't abuse the health data they are zealously collecting today doesn't mean they won't change their mind tomorrow.

An ad company should not be allowed to hold your health data.

Amazon using it‘s marketplace data for their own purposes, while obviously also problematic, is not the same thing as going behind their AWS clients back and using their data. The data literally belongs to the client.

I‘m pretty sure they are only accessing their data as allowed by the contracts for maintenance for example. Likewise for GCP and Azure.

Regarding your second argument. Doubleclick is on the consumer side. That‘s why GCP has it‘s own CEO, it‘s own buildings and org in general. They are seperate from the consumer side.

Put yourself in Google‘s shoes. They can make tons of money by revolutionizing the health care sector, improving patient care at the same time. Why would they fuck it up by feeding data to the ad side illegally. The risk is too high. No one would ever trust them again and they‘d probably be sued out of existence.

Is it not feasible that they are simply trying everything they can to become less reliant on ads. They have stated several times that the cloud side will be the dominant revenue source in the future. Is that possible? No idea. But strategically it makes sense to push cloud with all possible force.

I doubt that the data flow will be contained within these "mini companies". Formally they are the same company and even with the inefficiency of large corps, I doubt that Google doesn't have the capabilities to efficiently exchange information.

That aside, I do not want to rely on the inefficiency of internal processes for data protection.

The data flow is quite well-contained. I obviously can't offer you proof that you'd be likely to accept, but I do work on GCP and have experience with how data is partitioned.

I believe you.

I do not, however, believe that Google has any incentive to keep it that way, once there's buy-in. What Google's doing here is great, but on the other hand it's Google that's doing it.

Let's assume Google pulls a "gotcha" five years down the road and meshes its medical data into its advertising data.

What incentive do doctors and patients have to keep vending the data to Google at that point? And what incentive would other Cloud customers have to trust their data wouldn't get aggregated?

The GCP business model is different from Google's other business models and they know it.

> What incentive do doctors and patients have to keep vending the data to Google at that point?

Inertia, if nothing else. Moving platforms, especially in a highly-regulated industry, is no small thing.

That argument seems insufficient, or inertia would prevent people from moving onto the platform in the first place.

The problem here is that even if that is the case at the moment, the same organisation still has possession of the data and those partition walls can probably be moved later if the leadership of the organisation decide to do so.

Regardless of your personal good intentions and honesty, or anyone else's working there right now, a lot of people are never going to trust an organisation with the track record and potential conflicts of interest that Google has to process sensitive personal data responsibly. Its leaders and the investors backing them made their bed by helping to create the culture of pervasive involuntary surveillance that we all now suffer, and they will forever have to lie in that bed as a result.

It's unfortunate, because clearly there is considerable potential for improving patient outcomes through better use of big data and automation in medicine, and no doubt many of the people working on these kinds of projects have nothing but good intentions. However, until the culture of the technologists operates on the same kind of ethical and legal level as the culture of the clinicians, I don't see how the trust is ever going to be there now. The individuals doing the work need to be personally responsible for behaving ethically, even if they are directed to do otherwise by their superiors, like doctors and real engineers. Organisations that fail to meet the required standards need to face penalties that are an existential threat, so their investors stand to lose everything and their leaders can end their own careers if anyone breaks the rules deliberately or through gross negligence. Without those kinds of obvious, strong incentives, with the way so many players in the tech industry have exploited people's data in recent years, I think the barrier may simply be too high to clear.