This is why California needs a GDPR type law
It needs much stronger data protection laws than exist in the USA.
Both Blue Shield & Google top executives should receive massive fines if this is shown to be true. Fining the corporation will not change future behaviour.