You'd think big tech companies would learn by now that many consumers don't like their data being collected without their explicit consent. Or maybe they just don't care. One has to wonder that after reading The Wall Street Journal's report on Google's latest mass data-gathering project.

What is happening?

Google is reportedly aggregating millions of patient records from 21 US states in secret, via an effort called Project Nightingale. It partnered with Ascension, a Catholic health care system, to gather this data and design an AI and ML-powered software that personalises individual patient care, according to The Wall Street Journal. Neither doctors nor patients were made aware of this practice.

Why is Google collecting health data?

Google reportedly collects patients' lab results, diagnoses, hospitalisation records, and more categories from Ascension, amounting to a complete health history, including full patient names and dates of birth. Forbes said Ascension uploads this data to Google’s Cloud servers. In return, Ascension health providers use a tool, called Patient Search, to find patient information like known medical issues, test results, and medications.

Is this legal?

It's hard to say. A press release published by Ascension earlier today officially announced its partnership with Google and said all work related to its "engagement with Google is HIPAA compliant" and "underpinned by a robust data security and protection effort and adherence to Ascension’s strict requirements for data handling". It did not acknowledge whether patient data was collected and used by Google without their consent.

Pocket-lint has contacted both Google and Ascension for a comment, and we will update this post with their responses if we hear back.