Even setting aside the voluminous evidence showing that true anonymization of data is virtually impossible, Facebook’s stated intent was never to leave the data anonymized. But requesting the hospitals’ data in that form would allow Facebook to sidestep the issue of obtaining patients’ consent, as required by federal law.

The company has reason to believe that, if asked, patients would not consent to this practice. In 2016, Facebook was sued by a metastatic cancer patient who accused the company of violating his privacy by collecting data about his participation on cancer websites outside of Facebook. The case was dismissed and is under appeal, but this clearly has not stopped the company from pursuing data initiatives in health care.

Indeed, Zuckerberg admitted in his congressional testimony last week that Facebook does collect some medical data from users. Considering the large number of patient support groups on Facebook that use the site for peer-to-peer health care and social support, there is plenty of medically-relevant data to be mined. Membership in some patient groups numbers in the tens of thousands, with average daily posts of several hundred or more. A sampling of the types of data users post includes “tests, treatments, surgeries, sex drive, and relationships” on a breast cancer support site. Other data include location, personal profile information such as age, race, sex, educational background, employment, even cellphone numbers. In addition, many posts include photos that can be subjected to facial recognition software.