AI, Search, Email, Ad, and Social Data Sit in Silos That the Combination Erases (and How Different Jurisdictions Handle It)
A person’s AI conversation data, their search history, their email, their advertising profile, and their social graph each sit in a separate compartment, governed by separate rules, examined by separate regulators. Each compartment on its own is a known quantity with known protections. Joined together, the five produce a behavioral and psychological model of a person that exceeds any single compartment by a wide margin, and that combined model falls under no regulator’s mandate. AI is the tech performing the convergence, and AI is also what makes the “performing of the join” difficult to see. It’s the convergence that is the risk and no legislation addresses this.
Canada’s online safety debate has so far stayed inside the compartments (see update below). A leading privacy and technology authority has raised a structural objection to the government’s direction on Bill C-34: assigning private-sector privacy oversight to a body that also polices online content breaks from how comparable countries organize their regulators. The consistent international model keeps data protection in a dedicated, independent authority. The United Kingdom runs privacy through the Information Commissioner’s Office and online safety through Ofcom. The European Union runs data protection through national authorities under the GDPR and platform regulation through a separate structure under the Digital Services Act. Australia keeps its Privacy Act reforms separate from its eSafety Commissioner. The objection is sound, and the institutional design matters.
The regulatory unit of analysis is wrong. Privacy law sees personal data. Safety law sees harmful content. Competition law sees market power. Convergence creates something else: a fused behavioural model that can act on a person before the person knows it exists. The separation of regulators by domain is also what keeps the convergence invisible. Each regulator examines its own slice. A privacy authority reviews data protection compliance. A safety regulator reviews content systems. A competition authority reviews market structure. The combined object lives in the space between them, and a privacy law organized around the compartments leaves the thing that erases them untouched.
The Combination Is the Asset
Earlier forms of data convergence worked through identity resolution. A person was matched across databases using shared identifiers: an email address, a phone number, a device ID. The data broker industry built this capability over decades. LiveRamp, formerly Acxiom, operates a system that recognizes individuals and links information about them across databases, platforms, and devices, connecting profiles across hundreds of data and advertising companies. The credit bureaus sit in the same tier as both data sources and resolution providers. This machinery was already powerful, and it already reached most of the adult population in the markets where it operated.
AI changes the operation from matching to inference. When the layers are combined and a capable model sits on top, the fusion generates information that no single input contained and that was never collected in any legal sense. A person types things to a chatbot they would never enter into a search box. Search history carries need and curiosity. Email carries correspondents, obligations, and the private record of a life. Advertising profiles carry inferred demographics and propensity. The social graph carries relationships and lines of influence. Joined together, these produce the model described above, built from facts no one gathered.
Purpose limitation, the main formal constraint in data protection law, has little grip here. Purpose limitation governs the repurposing of collected data. It was written for a world where the purposes could be named. An inferred fact was never collected, so the principle that restricts how collected data gets reused does not reach the inference. Existing privacy, safety, and competition regimes each see part of the problem. None clearly governs the fused object itself: the cross-domain behavioural model created when search, email, social graph, ad profile, location, device, and AI-conversation data are combined.
Gemini Shows What Native Convergence Looks Like
The firms that can fuse these layers without a contract are the ones that own the layers natively. Google holds search, advertising, a video and social graph, email, maps, and a frontier model. Gemini is where those holdings meet, and Google has wired them together in the consumer product.
Through late 2025, Google enabled Gemini access to Gmail, Google Chat, and Google Meet by default for users in the United States. By early 2026 the company had grouped this cross-application data flow under the name Personal Intelligence, which manages how Gemini connects to Gmail, Drive, Maps, and other Google services. When the feature is enabled, Gemini can read a user’s entire email history. In the United States the access was opt-out, requiring users to turn it off. In 2026 the default was changed to opt-in.
In Europe the same feature required opt-in before Gemini could reach Gmail, because the GDPR sets stricter requirements for default data sharing. The same product ships with convergence switched on in one jurisdiction and switched off in another, and the only variable is the data protection regime.
Google’s stated position is that this cross-application data powers features for individual users and is not used to train its public AI models. Google concedes the combination while contesting only the downstream training use. Convergence for personalization is the admitted function. The risk described here turns on whether the layers are joined, and Google states that they are joined.
The arrangement has drawn litigation. The case Thele v. Google LLC, in the Northern District of California, alleges a violation of the California Invasion of Privacy Act, arguing that Google used an existing Smart Features toggle to enable Gemini’s deeper data access without a clear second consent prompt. As of March 2026 the case was in discovery. The consent-backdoor allegation maps onto the structural concern directly: a single toggle enabling access the user did not knowingly grant.
What Each Assistant Already Retains
Data retention is already part of the controversy over C-34. The convergence issue sits on top of a retention question, and the retention issue is the one most directly relevant to Canada’s bill, because it is already happening.
Google’s Privacy Hub, updated 19 May 2026, states the retention figures directly. Gemini conversations default to deletion after 18 months, a window a user can change to 3 or 36 months or switch off. Conversations reviewed by human reviewers, along with related data including language, device type, location information, and feedback, are kept for up to three years and are not deleted when a user deletes their activity. Turning the Keep Activity setting off does not produce zero retention: chats are still saved for 72 hours so Google can respond and protect the service, and Google states that even with the setting off it still uses chats to respond and to protect Google, its users, and the public, with help from human reviewers. Once a reviewer has read a conversation, it sits disconnected from the account for up to three years, and deleting activity does not reach it.
The same Hub describes the cross-service flow in Google’s own terms. Data shared between Gemini and Connected Apps includes information from chats, location, and content from connected apps such as emails, files, events, photos, and videos, and Google states that deleting Gemini activity does not delete data those other services have already received. The convergence and its retention are documented by the firm performing it.
OpenAI retains consumer ChatGPT conversations until a user deletes them, after which the data remains on its servers for up to thirty days under normal conditions. Two facts complicate the normal case. ChatGPT’s memory feature stores extracted memories separately from chat history, so deleting a conversation does not remove the memories drawn from it. And the New York Times copyright litigation has pulled deleted conversations back into reach. A magistrate judge issued a preservation order in May 2025 requiring OpenAI to retain user logs, including conversations users had deleted, and that order was lifted in September 2025. The fight then moved to production: in November 2025 the court ordered OpenAI to turn over 20 million de-identified ChatGPT logs, a sample drawn from what OpenAI describes as tens of billions of preserved logs. The district judge affirmed the order in full, OpenAI exhausted its appeals, and by its own account the company has complied and handed the logs over. The plaintiffs have signaled they may seek more, including deleted conversations.
Anthropic retains consumer Claude conversations until deletion, then for up to thirty days on its back-end systems. In August 2025 the company announced a change effective 28 September 2025, introducing a setting that lets it use consumer chats and coding sessions to improve its models, with existing users given until 8 October to make a selection. For users who allow it, conversations are retained for five years and used for training, applied only to new or resumed chats. Users who decline stay on the thirty-day window. Deleted conversations are excluded from training in either case. The change does not apply to commercial plans.
Across all three, the enterprise and API tiers carry stronger protections than the consumer products. Each of the three states it does not use enterprise conversations for training by default. The API windows are short, measured in days, with zero-retention options for qualifying customers.
In Messaging, The Phone Number Is the Spine
What makes one account’s layers “joinable” (to use database jargon) is a shared key, and the most powerful key in consumer technology is the phone number. Google joins on the Google account. Meta joins on the phone number, and that changes what its social layer contains. WhatsApp is built on a verified phone number and the user’s address book, which makes it one of the richest sources of the social graph in existence: who a person talks to, how often, in which groups, mapped to real identities rather than usernames. Meta owns WhatsApp, Instagram, Facebook, and Messenger, and the phone number runs through all of them as a common identifier alongside its advertising graph.
The message content is the one layer in this whole picture that stays sealed. WhatsApp encrypts messages end to end using the Signal protocol, so Meta does not read what is said the way Google can read Gmail. What feeds the convergence is the metadata: the contact graph, group memberships, timing and frequency of contact, device and subscriber information, and the phone-number identity itself. Meta’s advertising systems can profile a person from communication patterns, who they talk to and when they are active, without reading a message. WhatsApp uploads the entire address book, including contacts who are not WhatsApp users, so the graph extends to people who never agreed to it. The content-is-sealed position, while Meta’s stated and long-marketed design, is contested: a 2026 US lawsuit alleges Meta can access message content despite the encryption, a claim Meta calls categorically false. Cloud backups to Google Drive or iCloud also sit outside the encryption unless a user separately enables encrypted backup.
| Provider | Identity key | Reads message or chat content | Holds social graph | Native ad profile | Joins across its own layers |
|---|---|---|---|---|---|
| Google (Gemini) | Google account | Yes, including Gmail when enabled | Via YouTube and contacts | Yes | Yes, on one account |
| Meta (WhatsApp) | Phone number | No for WhatsApp content (E2E, contested); yes for metadata | Yes, strongest of the set | Yes | Yes, on phone number |
| Apple | Apple ID, phone number | No, iMessage is E2E | Limited | Limited | Limited by design |
| OpenAI (ChatGPT) | Account email | Yes, its own chats only | No | No | No other layers to join |
| Anthropic (Claude) | Account email | Yes, its own chats only | No | No | No other layers to join |
| Data brokers | Matched identifiers | No | Assembled, probabilistic | Yes | Across third parties, lossy |
| Palantir | Client’s own keys | Only what the client holds | Only if the client holds it | No | Across the client’s layers, under contract |
The standalone assistant providers hold one layer and have nothing to join it to. The platform holders sit on several layers under a single key, and for them the combination is close to a lookup. The phone number gives Meta a key that reaches across not just its own users but their entire address books, which puts WhatsApp in the social silo as one of its strongest contributors even though its message content is the most protected layer in the diagram. Meta does not need to read the messages to know an enormous amount from the shape of who a person talks to.
The Enterprise Versions Switch the Convergence Off
Google’s enterprise Gemini retains prompts on an admin-defined basis, does not human-review them, and does not train on them without permission. The API runs on a short abuse-monitoring window with no Gmail integration. The versions of the product sold to organizations leave the convergence out. The fusion runs in the consumer product, where users hold the least ability to refuse it, and stops in the enterprise product, where a procurement team negotiated the terms.
The product functions for enterprise customers while reading none of their other data. The convergence in the consumer product exists by choice, in the configuration where users have the least leverage and the least visibility.
Palantir Aggregates Data Held by Its Clients
Palantir occupies a different position in the convergence picture. Palantir holds no consumer data layer of its own. Its platforms integrate data that a client already controls. Gotham, its government and intelligence platform, and Foundry, its commercial counterpart, take structured, unstructured, and semi-structured sources a client possesses and unify them into a single analytical object. Wired addressed the common belief that Palantir keeps a centralized database of information collected from all its clients, and reported that this is untrue: the company’s work does not change how each organization collects data, customers must already hold the data they want to work with, and Palantir itself supplies none of it.
The capability is the fusion, performed on someone else’s data under contract. Gotham can, in the words of a former employee cited by Wired, centralize everything an agency knows about a person in one place. In federal use, that has meant integrating travel histories, visa records, biometric data, and social media data across agencies, with Immigration and Customs Enforcement alone spending more than 200 million dollars on Palantir contracts. Because Gotham is proprietary, the public and even elected officials cannot see how its algorithms weight data points or surface particular connections.
Palantir is the contract version of the same operation Gemini performs natively. Google fuses the five layers because it owns them. Palantir fuses whatever layers a client brings, and adds the analytical machinery the client lacks. Convergence can reach Canada two ways: built into a consumer platform the government does not control, or purchased as a service and pointed at data the government does control, including any new identity layer a verification mandate creates. The verification data that C-34 would generate is exactly the kind of structured source a Foundry or Gotham deployment is built to integrate.
How the Verification Layer Becomes a Linkage Key
C-34 proposes an age restriction on social media access. Enforcing an age restriction requires verifying age, and verifying age requires identity data: government identification, biometric age estimation, or third-party assurance. The mechanism intended to protect children creates a new high-value identity layer attached to platform behavior, collected for safety, and available for the same fusion described above. How much of an anchor it creates depends on how it is designed, and three jurisdictions have now designed it three different ways.
Australia built the most invasive version. From 10 December 2025, age-restricted platforms must take reasonable steps to prevent Australians under 16 from creating or keeping an account, enforced jointly by the eSafety Commissioner and the Office of the Australian Information Commissioner, which oversees the privacy provisions written into the same scheme. Platforms judged to be in scope include Facebook, Instagram, Snapchat, Threads, TikTok, Twitch, X, YouTube, Kick and Reddit, and they face penalties of up to 49.5 million Australian dollars for failing to take reasonable steps. By mid-December 2025, eSafety reported that platforms had removed access to 4.7 million accounts judged to be held by under-16s. In March 2026 the Minister amended the Rules to better target the obligation, three months after it took effect. An account ban requires the platform to form a view about the age of every account holder, which makes age a property the platform now records and acts on across its user base.
The United Kingdom gates content access. The first Protection of Children Codes for user-to-user and search services came into force on 25 July 2025, requiring what Ofcom calls Highly Effective Age Assurance to keep children from pornography and from self-harm, suicide and eating disorder content. Penalties run to 18 million pounds or 10 percent of global revenue, whichever is higher, with senior managers exposed to prosecution and, in serious cases, court orders cutting off a non-compliant service’s payment processors, advertisers, and UK internet access. Ofcom left the specific method to providers, which routes the work to the commercial age-verification industry and its identity-document, credit-card, and facial-estimation products. UK privacy oversight stays with the Information Commissioner’s Office, separate from Ofcom.
The European Union has mandated no account ban and no binding verification requirement, and it is building the one verification design that avoids the anchor. The Commission is urging Member States to roll out age verification by 31 December 2026, while DSA enforcement runs ahead of any rule: the Commission preliminarily found Meta in breach in April 2026 for failing to keep under-13s off Facebook and Instagram, and opened an investigation into Snapchat in March 2026. The EU age verification app, piloting through 2026 in France, Denmark, Greece, Italy, Spain, Cyprus and Ireland, is built on the European Digital Identity Wallet framework and uses zero-knowledge proof cryptography, letting a user prove age eligibility while disclosing nothing else, with unlinkability achieved by design.
The Australian and UK approaches create the identity anchor that cross-domain fusion needs. The EU blueprint proves that age assurance can be built so that proving age reveals nothing else and links to nothing else. Canada could mandate verification the Australian way or the European way, and C-34 does not say which.
The Canadian Civil Liberties Association and the Privacy Commissioner have flagged the invasiveness of mandatory age verification. A regime that verifies every user can manufacture the exact identity anchor that the convergence requires, in the name of safety, inside a bill whose institutional design leaves the convergence itself ungoverned. Digital rights groups raise the same concern about the European pilot, warning that even biometric or document-based age checks can become tools for broader profiling, which keeps the zero-knowledge design a better option under scrutiny rather than a settled one.
Privacy law can say that inferred personal data may count as personal data. But that only matters if the person affected can discover:
- that an inference exists;
- what data contributed to it;
- which system generated it;
- who acted on it;
- whether it was shared;
- whether it was wrong, discriminatory, manipulative, or harmful;
- how to challenge it.
The law may technically reach inference once it is exposed. But convergence systems are designed in ways that make exposure unlikely. The burden falls on the person being modelled to detect an invisible process, connect it to a consequence, identify the responsible actor, and then complain, litigate, or appeal. That is not meaningful protection. That is after-the-fact archaeology. A right that can only be exercised after a hidden system reveals itself is not a right in practice; it is a remedy by accident.
The Layer That Needs to be Built
The independence that protects data protection as a discipline is the same structural feature that leaves combinatorial fusion effectively ungoverned. Keeping privacy oversight separate from content regulation is the right institutional choice, and it guarantees that no regulator’s unit of analysis is the combined data object.
What the separation needs is a layer above it whose unit of analysis is the combination itself. Such a layer would treat inference as a regulated act, see across the fused object that the platform firms hold natively, and govern the verification layer as part of that same combined object. The jurisdictions examined here have built the regulators, the content codes, and the verification mandates, and left the combination itself outside all of them.
The convergence is being done by AI, on data that the firms holding it have wired together by their own account, and the public record of how it is combined does not exist. That missing record is the privacy risk that Canada’s bill, organized around the pre-convergence shape of the industry, was built too early to reach.
Update: Bill C-36 (and the Naming Problem)
Since this was published, the government has tabled a second bill that changes the institutional picture described above. Bill C-36, the Protecting Privacy and Consumer Data Act, introduced on 15 June 2026, strips the Privacy Commissioner of Canada of authority over private-sector privacy law and hands that authority to the same five-member commission created days earlier to police online harms. The Privacy Commissioner, an Agent of Parliament reporting directly to the legislature, is replaced as the private-sector regulator by a Cabinet-designated member of that commission, with the Commissioner’s remaining mandate narrowed to the public-sector Privacy Act.
The separation of regulators that this piece describes as the international norm is what C-36 abolishes in Canada. The relevant point for convergence holds regardless: the merger consolidates oversight without giving the resulting body any mandate over the combined data object. Whether privacy sits in an independent watchdog or inside a content-and-data super-regulator, the unit of analysis is still each layer on its own, and the fusion still falls between the cracks. The merger also raises a question its proponents have not answered, namely whether it threatens Canada’s adequacy finding with the European Union, which requires an independent data protection authority as a condition.
C-36 also has a direct effect on the verification analysis. Bill C-34 required the new commission to consult the Privacy Commissioner when developing age-verification technologies. The government plans to repeal that consultation requirement once C-36 takes effect, removing the one privacy check that sat between the verification mandate and the identity layer it creates.
A note on the names, because they have become genuinely confusing. Bill C-34 created the Digital Safety Commission of Canada. Bill C-36, tabled less than a week later, renames it the Digital Safety and Data Protection Commission of Canada and adds private-sector privacy to its powers. References to “the Commission” across these two bills point to the same body under two different names, acquiring two different mandates, in the span of a single week. Where this piece refers to C-34 and the Digital Safety Commission, the privacy-merger described here is the work of C-36 and the renamed commission.
