The Website Doctissimo, in the crosshairs of the CNIL for violating the European Data Protection Regulation
In the course of last week, information could reveal on the famous medical news site called Doctissimo.
In recent months, the site may use user data, particularly depression data, without users even being informed beforehand.
This article will also interest you: Millions of medical data still stolen
It all starts on June 26, 2020. Privacy International, a British non-governmental organization, files a complaint with the National Commission for Informatics and Freedoms in short CNIL, in France against the website. It should also be noted that Doctissimo is part of the large TF1 group. It has about 60 million visitors per day. The charge against him relates to the illegal use of certain user data for profit. A use that does not come from the explicit consent of the latter.
Referring to the complaint filed by the British NGO, I can be held that Doctissimo illegally monetized some of the information from its users' depression test. In view of the many users of the platform, if the breach is proven, this can constitute a serious violation of the general data protection regulation, the European standard in this area.
It should be noted, however, that in 2019, this type of case was not fortunately handled by the CNIL. Indeed, the French administrative authority has faced several such complaints. It is on the side of Privacy International, the job has been to make a clear and clear observation of the business that takes place in the health sector around the world. The non-governmental organization has already published reports on this subject in September 2019 and February 2020.
The first report in September 2019 begins to highlight the problem mentioned above. The document said: "A small number of websites offering depression tests share your answers directly with third parties. Doctissimo is one of the platforms concerned."
The report, which was released in February 2020, was further described by the Actions of the French Site in terms of sharing user data for marketing purposes. It is in this context that the British organisation has asked the French administrative authority for further investigations into the site's investments.
In his complaint filed near the CNIL, it simply stated: "Doctissimo does not have a legal basis for the processing of personal data, as the conditions of valid consent are not met. Doctissimo also does not collect explicit consent for personal data of a particular category. However, the concept of consent is one of the pillars of the general data protection regulation."
If the charges are proven, there would have to be a big penalty for the French website.
In addition, during its investigations, the British mountain organisation allegedly discovered other acts of the health platform that did not comply with the rules in force. In particular, talking about security when processing users' personal data and the efficient management of cookies, which for some time has been a very important topic for companies that operate on the web.
For the time being, the administrative authority for the protection of personal data is expected to return. On this occasion the Doctissimo platform risks big. It is surely for this reason that the TF1 group wanted to react eminently by speaking out about the problem: "The security of the personal data of our Internet users is the priority of Doctissimo. That's why we take all measures to ensure the integrity of our users' data. We do so in accordance with our mission to provide free editorial content and quality services while ensuring the security of the personal data that our users entrust to us when they create a Doctissimo account and use our services."
Regarding the complaint, other websites were not mentioned. However, the British NGO's report makes the same case on other health platforms.
Now access an unlimited number of passwords: