The Royal Free NHS Trust in London, which gave Google the patient data, was previously told the move was illegal following an investigation by the Information Commissioner’s Office.
Looks like both The NHS trust itself and Google are going to have the ICO knocking on their doors pretty soon - and not without justifiable reason either. The NHS is also in scope for HIPAA so this is going to be an interesting space to watch.
Either way, the sale of any data that does not belong to you without formal consent is a breach of GDPR in Europe. I’m guessing Google will have a way of wriggling out of this one, but the fine would be four times the annual turnover of the firm, and not the €25m advertised.
Completely off-topic, but…is it me, or does the below sound like it was taken from a Json Bourne film 😕 (In the last film, the term “IronHand” made an appearance)
The company’s artificial intelligence arm, DeepMind
@crazycells good question. Gmail being provided by Google is going to be one of the more secure by default out of the box, although you have to bear in mind that you can have the best security in the world, but that is easily diluted by user decision.
Obviously, it makes sense to secure all cloud based services with at least 2fa protection, or better still, biometric if available, but email still remains vastly unprotected (unless enforced in the sense of 2fa, which I know Sendgrid do) because of user choice (in the sense that users will always go for the path of least resistance when it comes to security to make their lives easier). The ultimate side effect of taking this route is being vulnerable to credentials theft via phishing attacks and social engineering.
The same principle would easily apply to Proton Mail, who also (from memory) do not enforce 2fa. Based on this fact, neither product is more secure than the other without one form of additional authentication at least being imposed.
In terms of direct attack on the servers holding mail accounts themselves, this is a far less common type of attack these days as tricking the user is so much simpler than brute forcing a server where you are very likely to be detected by perimeter security (IDS / IPS etc).