Google announced two new steps to protect user privacy — moving to scrub personal medical records from search results and halting its long-standing policy of scanning emails to deliver targeted ads.
Previously, Google surveyed the contents of emails to provide personalized ads to users of its free Gmail service. Although paying Gmail customers were never subject to such scanning, Diane Greene, a senior vice president at Google, told Bloomberg that there was confusion about the policy among businesses that pay for its service.
“G Suite’s Gmail is already not used as input for ads personalization, and Google has decided to follow suit later this year in our free consumer Gmail service,” Greene said in a Friday blog post.
The shift comes as Google tweaked its search engine to help hide results that include “confidential, personal medical records of private people.” The change was also first reported by Bloomberg.
The policy appears to be aimed at preventing data posted by individuals from appearing in search results more than data from institutional healthcare providers, where patient privacy is protected under federal law.
“This kind of policy can make it harder for malicious leak of medical records,” said Peter Swire, a privacy expert and professor at Georgia Institute of Technology.
He suggested it might make it harder for leaks of potentially embarrassing medical information about individuals, such as psychiatric records posted as an act of revenge, from gaining attention online.
Google has previously taken steps to mask search results that included individuals’ financial information and revenge porn — explicit photos uploaded without a person’s consent.
In the business of making information accessible for everyone, search engines such as Google carefully weigh which types of information they exclude, said John Verdi, vice president of policy at the Future of Privacy Forum.
Massive breaches in healthcare data over the last few years — compromising more than 100 million records in 2015 alone, according to federal data — present another glaring privacy problem.
But that could be much more challenging to address.
”Social Security data is straightforward. It’s the sort of thing that a computer program can readily identify,” Verdi said. “Health records are not as easily characterized — it is a more complex task for a search engine that is going to try to programmatically identify them.”