2023-05-17 11:42:51
A big fine for many breaches. The French site specializing in health topics Doctissimo has been fined up to 380,000 euros by the Cnil, the authority announced in a press release on Wednesday.
The website, owned by the Reworld Media group, will have to pay a fine of 280,000 euros under the European Data Protection Regulation (GDPR) for personal and health data kept without time limit and collected without consent. , as well as a fine of 100,000 euros for infringements relating to cookies, she said.
Data kept too long
The sanction follows a complaint filed in June 2020 by the British association Privacy International. The Cnil considered that the data relating to the tests and “quizzes” carried out on the site were kept for too long, initially for 24 months. The authority also criticizes Doctissimo for having collected, without a mechanism for obtaining consent, the health data from around 5% of these tests, while this information is considered “particularly sensitive with regard to the GDPR”.
The Cnil also noted a lack of security of personal data, with the use of an unencrypted communication protocol, and storage of passwords in “an insufficiently secure format”. Finally, with regard to French law on the deposit of digital tracers, the Cnil noted the deposit of a cookie used for purposes on the terminal as soon as a user arrives on the latter’s site, and the filing of two others despite the choice of the “Refuse all” option on the information banner. According to the authority, this lack of collection of consent concerned each visitor to the site, “i.e. hundreds of millions of Internet users”.
1684325801
#Cnil #condemns #Doctissimo #fine #euros