Doctissimo sanctioned by the Cnil: what is he accused of?

Doctissimo sanctioned by the Cnil what is he accused of

It’s a blow for Doctissimo. The French site, specializing in health issues, was fined up to 380,000 euros by the National Commission for Computing and Liberties (Cnil). In a press release published this Wednesday, May 17, it announces that it has ordered Doctissimo to pay two fines: one of 280,000 euros for breaches of the European Data Protection Regulation (GDPR) and one of 100,000 euros for breaches relating to cookies. .

This sanction comes after a complaint filed in June 2020 by the association Privacy International. She accused Doctissimo, owned by the Reworld Media group, of “particularly serious and systemic” breaches. In her complaint to the Cnil, she said she was “very concerned” about the practices of the site, “whose processing of personal data concerns in the foreground millions of people in France and probably in other countries”. The association welcomed the decision taken by the Commission. “Medical sites collect sensitive data about us. We have the right to ask them to be 100% transparent on this subject, and to give us control over the sharing of our personal information”, recalled Privacy International on Twitter. “That wasn’t what Doctissimo was doing.”

Data stored without consent

Concretely, Doctissimo was sanctioned for keeping the personal data of its users for too long. The tests and quizzes offered by the site made it possible to collect information which was then stored for an initial period of 24 months, deemed “excessive” by the Cnil. She also points out that “no particular warning or mechanism for obtaining consent” was provided for about 5% of these tests. A very problematic absence, while health data is considered “particularly sensitive” under the GDPR.

Especially since, according to the CNIL, personal data was not even kept safe. They were exposed to the risk of “computer attacks or leaks”. This defect is mainly explained by the use of an unsuitable communication protocol.

Finally, the Commission criticizes Doctissimo for its cookie policy. She noted that the site deposited a first cookie for advertising purposes as soon as a user arrived, followed by two others even if he chose the “Refuse all” option on the information banner. These practices have concerned each visitor to the site, “i.e. hundreds of millions of Internet users”. This is an offense relating to the French law on the deposit of digital tracers. Consequence: Doctissimo will have to pay a fine of 100,000 euros.

lep-life-health-03