Health data and use of cookies: DOCTISSIMO fined €380,000

      Background information

Following a complaint by the PRIVACY INTERNATIONAL association, the CNIL carried out four investigations into DOCTISSIMO. The website mainly offers articles, tests, quizzes and discussion forums related to health and well-being for the general public. During its investigations, the CNIL noted several infringements, in particular concerning the duration of data retention, the collection of health data via online tests, the security of data as well as the waycookies are deposited on the terminal of users. Consequently, the restricted committee — the CNIL body responsible for imposing sanctions — imposed two fines against DOCTISSIMO:

a fine of €280,000 for infringements of the General Data Protection Regulation (GDPR). This fine was taken in cooperation with all the CNIL’s European counterparts within the framework of the one-stop shop procedure, as the website has visitors from all the Member States of the European Union. a fine of €