At least in the US, "going to the doctor" is encumbered by several laws oriented toward the protection of a person's information conveyed in the course of a visit.
What is the mechanism by which these laws are sidestepped in providing patient information to third-parties?
signed up for your local grocery store's membership rewards program?
Does e.g. Catalina give their information to Red Plum directly? Is it sold? How much?
I went to Pavilions grocery store the other day, and when I got home, the Facebook app said, "Have you been to Pavilions recently? Click here." I want Facebook to find friends and events nearby me, not track where I go.
I can only imagine all the location data Google, Apple and Facebook is collecting and what they're actually doing with it.
Unlikely to be your doctor, even releasing your name in combination with the health provider's name provides evidence of a patient relationship and violates HIPAA.
well, don't underestimate the idiotic forms that many doctor's offices (in the US) want you to fill. Almost every time, I have seen forms that ask for everything about you. Personal information, Social Security Numbers, Employer information, heck even salary (not kidding). I just don't fill those of course but I am sure many people just fill them out because it is on the form.
Again: I see information out there that doesn't fall in these categories. And again: even for the information that does, that still wouldn't tell me which companies are the main ones aggregating them and selling them off to other aggregators. That's what I'm trying to find out.
Political Party? Views & Opinions? Relatives? Education history even if it's outside the country? Check out all the categories, here's [1] a random example. And yes, I know all of this information exists out there somewhere (resumes, mailing lists, social sites, whatever); my question is who is the first layer aggregating them from these sources.
who is the first layer aggregating them from these sources.
You clearly understand that you could get this data from various places, but maybe you don't understand how relatively easy this data is to procure (physical presence requests being the hardest). Why do you think there exists a "first layer" as some distinct class of business, and not a large number of primary source gathers, and a large number of aggregators.
There are a lot of business models here, and I think you may be underestimating the complexity. Like you want X number of companies to point the finger at, but that's not reality.
Instead, there are at least 3 axes. Does the company buy data from someone else, do they gather it in house, or both. Does the company sell data to other companies, or not. Does the company use data themselves. All of those combinations are going to be present.
1.) A company that generates it's own data, but never sells, and uses it itself
2.) A company that generates it's own data, but buys additional data, sells it's own gathered data, and uses the data itself
3.) A company that buy it's data, sells that data, and never uses the itself
etc for all of the rest of the combinations
I can say that within my sector, my company used to purchase data from a data broker (not PII, or anything you mention, but industry specific), then decided it was too expensive, and started gather our own data. Now we use the data we gather, and also sell it. Suggesting that there is some "first layer", and that you might be able to identify them all, is just a basic misunderstanding of the entire business of data brokerage.
Political party is fairly easy in the US via voter rolls for primary elections. Even if this list is held privately by the Party, they have an incentive to trade it for data about independent or undecided voters.
Views & opinions are likely from member lists of organizations like the NRA. Again, these organizations will trade their data for valuable data on other people whom they want to reach.
Relatives is pretty easy to figure out if you have address history over time. People who are related tend to share an address at one time or another. Relationship status is similar when a couple moves in together. Obviously, there are also marriage records.
Education history is often verifiable by employers, even outside the country.
>> yes, I know all of this information exists out there somewhere (resumes, mailing lists, social sites, whatever); my question is who is the first layer aggregating them from these sources.
That's how they get your information.