You are right. This example isn´t really about privacy. It´s more about “what can happen if some part of my information gets into the internet”.
I´ll give you a better example:
You know these “free” fitness apps for smartphones and watches?
What happens if you use these apps?
1.) What you´d expect from this app.
It´s tracking your walking and cycling and whatever sport you do and, of course, always your exact position.
It´s calculating your burned calories with information about your heart beat rate from your smartwatch and from the gender, age and weigth and more information you wrote in the formular, when you started this app.
Of course this is only possible with an online account from this app/watch provider.
2.) For your (it´s own) convenience the provider will save all your tracks and personal information on his server, so you (theirselve) always have that data available, no matter where you are.
3.) Since the app doesn´t cost anything (or even if it cost money), the provider will ask you in his general terms if he is allowed to use your data internally and “with bussiness partners”. If you don´t accept, then you can´t use this app or even the watch you already bought.
4.) Now they start selling your data to whoever wants it. There are some scientists interested in this data, too but they normally don´t care about your name or exact address. But most buyer want to know YOU for their own purposes. That might be for advertisements or whatever reason - even illegal ones. Luckily for your app provider and the data krakens, your data is worth way more, the more detailed it is. Even only the watch provider has at least this data about you from the smartwatch:
- heart rate data
- exact position, down to the building → home and work addresses are easy to guess, because you are mostly there
- name
- age
- height
- weight
- gender
- blood type
- phone number
- (probably) the whole contact list → with the phone numbers companies like Google or Facebook can easily see who else has an app with one of their trackers installed (pretty much everyone). With this, they know who knows who and can even guess relationships between people.
- many more information like your interests and such
This gets even more exact if the providers connect data parts from different pools. These can be other apps on your smartphone, computer, smartwatch, smart TV, Meta Quest (VR Headset from Meta/Facebook), ect. or from websites, where you made an account for whaever reason and gave away personal information (even the Fairphone forum has the googletagmanager script - I think Fairphone should remove that). So, Google also knows, that you are on this website at this moment and probably what you will see there (if it was able to read it - Google will try it for sure, even if it´s only for it´s search engine).
All these bits and pieces of information about you will be sold and sold and sold from one data pool to the next until it all merges somewhere.
Some automatic programs (maybe even called KI) will search and filter all your information and will try to connect it with other informations, which might be related but you don´t know about at all.
And since no software is perfect it might create harmful connections under your name.
For example, you are often in a building, which isn´t marked as shop or rental building right beside a adult store, then an automatic programm might just note down: “unhealthy and unethical habits” and “not trustworthy with money/insurances/guaranties/important posts/…”.
Since you as a normal person will never know what kind of information about you is in these data pools - but you can bet your data will find it´s way in unregulated foreign data pools somewhere in the world, where every other person/company, which doesn´t care about regulations or privacy, can see and use it. Theoretically even someone, who wants to rob your house, when nobody is there and is too lazy to watch your house for a week.
A more concrete example is the app “Runtastic” (bought later by Adidas).
Some people analyzed the communication from this app (and many others) and found out, that the app has a multitude of connections to whatever data kraken in this world. Google, Facebook, you name it.
They found out that the app even sents the whole heart rate data (which wasn´t covered by the general terms, actually) to Google.
So, what will Google do with any data they get and what´s Google`s business model?
It´s making money with data!
Google will find companies or people, which want to buy your data. That´s sure like the amen in the church.
What company could be interested in your heart rate, other health data and personal information?
For example live insurances. Now you would think: “Hey, then it´s good I´m always tracking my fitness program! They can see I´m fit and healthy!” “They will probably sell their insurance to me.”
But, what is if your heart has the habit to skip a beat every minute? This doesn´t necessarily needs to be a problem (no guarantees - I´m not a doctor) and you can still become 100 years old, but this can be a big warning sign for a risk analysis tool from the insurance company.
In the end they never will tell you why you don´t get the insurance or why you need to pay much more than others, because they won´t tell you either where they bought your data.
You can only wonder or be angry but then it´s too late. The other insurance companies will surely use data based risk analysis tools, too and will probably get the same data about you from one of many mirrored and merged data pools.
I hope I was somehow able to explain why data privacy is very important for everyone. And I didn´t even talk about political reasons depending where you live or visit.
