He also pointed out that the plaintiffs’ claim is based on the assumption that Google was aware it would receive personal health information, but Santacana argued that this was speculative. The alleged issues stemmed from the actions of third parties, such as healthcare providers who may improperly use identifiable URLs.
Judge Chhabria appeared to agree that the plaintiffs’ theory seemed overly generalized. He noted that while the plaintiffs suggested that Google’s practices were problematic, there was insufficient evidence to support claims of intentional data misuse.
Encryption and Privacy
Santacana also addressed the plaintiffs’ concern that Google’s encryption of user data was unlawful, explaining that the U.S. Department of Health & Human Services approves of the encryption methods Google uses to protect patient privacy. He further emphasized that Google does not connect the anonymized data to specific individuals.
However, Gardner contended that Google’s system is not secure and that the sensitive data could still be misused. Judge Chhabria, while acknowledging the privacy concerns, noted that the plaintiffs failed to provide convincing evidence that Google’s practices were directly responsible for the transmission of sensitive health data.
Privacy Violations and Lack of Specificity
In his remarks, Judge Chhabria pointed out two key issues with the lawsuit. First, he noted that Google had explicitly warned healthcare providers not to transmit personal health information through its services. Second, he emphasized that the plaintiffs’ allegations were too vague to establish a clear link between Google’s practices and any specific privacy violations.
