The Cnil notably criticizes the site specializing in health subjects for having collected health data without consent and for having kept them without time limit.
The site specializing in health topics Doctissimo was fined 380,000 euros for several breaches relating to personal data, announced on Wednesday May 17 the National Commission for Computing and Liberties (CNIL). Ihe authority responsible for data protection carried out several checks on Doctissimo, to following a complaint from the British association Privacy International filed in 2020.
The website, owned by the Reworld Media group, will have to pay a fine of 280,000 euros under the European Data Protection Regulation (GDPR) for health data kept without time limit and collected without consent. Doctissimo is also fined 100,000 euros for offenses relating to cookies, explains the Cnil in a statement.
The authority also noted a lack of security of personal data, with the use of an unencrypted communication protocol, and the storage of passwords in “an insufficiently secure format”. For the time being, Doctissimo has not yet commented on this sanction.
View comments
