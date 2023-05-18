Digital rights

France's digital rights watchdog, the National Commission for Information Technology and Civil Liberties in front of its headquarters in Paris.

The health website Doctissimo has been fined €380,000 for breaches of personal data, the French digital rights watchdog CNIL has said.

Owned by the Reworld Media group, the website has been ordered to pay €280,000 under the European Data Protection Regulation (RGPD) for personal and health data kept without time limits and collected without consent, CNIL said in a statement.

It must also pay a fine of €100,000 for violations relating to cookies.

The sanction follows a complaint filed in June 2020 by UK body Privacy International.

The CNIL found that data relating to tests and quizzes carried out on the site were kept for too long, initially for 24 months.

No consent

It also criticised Doctissimo for having collected health data from around 5 percent of these tests without consent, even though this information is considered "particularly sensitive".

The CNIL noted a lack of security for personal data, with the use of an unencrypted communication protocol, and the storage of passwords in "an insufficiently secure format".

ℹ️🔴 The CNIL fined DOCTISSIMO EUR 380,000 because it failed to comply with obligations under the #GDPR and because it didn't comply with the rules on #cookies 👉 https://t.co/1RZpvPWHpl pic.twitter.com/nJ3oF1PwOo — CNIL_en (@CNIL_en) May 17, 2023

The watchdog also noted a cookie used for advertising purposes on the terminal as soon as a user arrives on the site, and the use of two others despite the "refuse all" option on the information banner.

According to the authority, this failure to obtain consent affected every visitor to the site, or "hundreds of millions of Internet users".

(with wires)

