Hash1 I'd guess that google has a "database" of thousands of users, each of which is a "key" called, e.g.: /Hash1/youtube acct/IPAddress/browser fingerprint/(gmail acct)/. This key was constructed when you established your youtube acct. If you have a gmail account, then that is added to the key and they have a lot more information based upon scanning your mail (which I believe happens). This makes your identification - and interests - very valuable to advertisers
When the connection from your new phone occurred, they constructed a new "key" acct /IPAddress/browser fingerprint/ about which they knew nothing other than your movie interest. They had to send some sort of ad (google, after all) and could either send out a random ad from a near infinitude of sponsors, or they could send out an ad related to the last connection from that IPA - which they did.
They know that there could be multiple users at your IPA, and they had no history on the fingerprint, so they sent an ad that just might be relevant to you.
As /IPAddress/browser fingerprint/ becomes more active, more information will be associated with it and more focused advertising will be directed toward it. Eventually you'll go somewhere where they'll be able to connect you to your desktop identity.
Sigh.....You can confound this process by using TOR browser; but then the security of TOR browser is not as good as Vanadium.
FWIW my top cellphone priority is security. If I want to "walk on the wild side", I'll use TOR via my Qubes laptop
I'm guessing there is no easy solution to the privacy issue, and using a VPN to an exit node which blocks advertising, malware and tracking (e.g. Proton) is reasonable for my threat model. They likely know who I am, but I don't see much irritating, focused, possibly dangerous advertising.