The information site dedicated to health, Doctissimo (a subsidiary of Reworld Media), was sentenced by the Cnil to a fine of 380,000 euros, the Commission announced on May 17, in a press release.
Health tests and sensitive data
This sentence follows a complaint filed in 2020 by the NGO Privacy International, which accused the site of illegally collecting personal data under the GDPR, the European regulation on the matter.
Fears that were confirmed after the Cnil investigation, which found an excessive retention period of the data related to the tests carried out by Internet users. All of this without an information anonymization procedure, which, however, can be particularly sensitive given the nature of the topics covered in Doctissimo.
As the Cnil points out, this collection of personal health data was carried out illegally, without the consent of the Internet user. The Commission also notes the absence of a contractual framework regarding the communication of this information to third parties, who could use it for advertising purposes.
Finally, the CNIL points out that the storage of this data was not carried out securely until 2019, even for the passwords of users with a Doctissimo account.
Source: BFM TV
