Doctissimo fined 380,000 euros for multiple violations of personal data law

Doctissimo was fined a total of 380,000 euros for a series of breaches of the texts on the protection of personal data, a announced on Wednesday May 17 the National Commission for Computing and Liberties (CNIL).

The personal data policeman thus followed a complaint against the site specializing in health filed in June 2020 by the non-governmental organization (NGO) Privacy International.

Doctissimo in particular offers its visitors the opportunity to carry out tests related to health issues: the CNIL considered that Doctissimo had not respected the retention period for certain result data. Inactive user data was also stored for a long time “without anonymization procedure”. The site, assures the CNIL, did not properly collect the consent of the users carrying out these tests to have their data used.

GDPR-related penalties

The CNIL also criticizes Doctissimo for not having secured by contract its relations with technical service providers responsible for the display of advertising inserts on its site. The administrative authority also sanctioned Doctissimo for not having sufficiently secured the personal data of its users (in particular by only using an “https” connection from October 2019).

All these shortcomings concern the General Data Protection Regulation (GDPR), the European text which is the reference in this area. To decide on this first penalty of 280,000 euros, the CNIL specifies that it has reached an agreement with its European counterparts, concerned, since “the website has visitors in all member states of the European Union”.

In addition, the administrative authority condemned Doctissimo to a second fine, of 100,000 euros, for not having respected the legislation on cookies (separate from the RGPD), by depositing these files intended for the collection of personal data without the agreement – ​​and sometimes even in spite of refusal – of the user. This second sanction was taken by the CNIL alone.

The instance specifies that Doctissimo has “took steps to comply with all breaches”. The Reworld media press group bought Doctissimo – as well as several other sites, such as Marmiton or AuFeminin – to the TF1 group in 2022. The fine pronounced by the CNIL represents 0.075% of its turnover.