CNIL fines health website €380,000 for non-compliance with GDPR and cookie requirements
The French Data Protection Authority (CNIL) recently conducted four investigations into Doctissimo’s practices in light of a complaint filed by Privacy International. The results revealed several infringements of data privacy regulations, including prolonged data storage, the collection of health information through online tests and polls, lax data security, and the misuse of cookies on the user’s terminal.
In recognition of these violations, CNIL has imposed two separate fines: one for €280,000 as part of a multi-national agreement across EU member states due to the widespread nature of the website, and another for €100,000 for non-conformity with cookie usage rules.
When determining the amount of the fine, CNIL took into account the degree of violations, categories of personal information affected (e.g. health data), number of individuals involved, and company financial standing. Further, as Doctissimo specializes in providing digital health-related services, CNIL was particularly concerned about their lack of attention to consent before collecting individuals’ health data.
Source: Health data and use of cookies: DOCTISSIMO fined €380,000 | CNIL
