France: Issued CNIL ruling in investigation into DOCTISSIMO over alleged GDPR violations

On 11 May 2023, the French data protection authority (CNIL) closed its investigation into Doctissimo and imposed two fines over Data Protection Regulation (GDPR) violations. The platform Doctissimo publishes information on health and wellness. The CNIL identified that Doctissimo breached the GDPR data handling requirements, including the provisions related to retention periods, health data collection, data security and cookie usage. Doctissimo was fined EUR 280’000 for violations of the GDPR and an additional EUR 100’000 for cookie usage breaches.