The French start-up for booking medical appointments Doctolib, essential to obtain a vaccination window, is going through a delicate period. According to a survey published on June 21 in the German media dedicated to digital privacy Mobilsicher, Doctolib transmitted the searches of its German users to the advertising agencies of Facebook and Outbrain, a targeted distribution service for advertising articles and content.
Sensitive information was included: the medical specialty sought and, when the user specified these criteria, the treatment sought and the sector requested (public or private). Mobilsicher notes that Doctolib also shared the identifier number, or “IP address”, of the device used by each user. “The information transmitted could therefore hardly be considered anonymous”, German media note.
The boss of Doctolib, Stanislas Niox-Chateau, confirmed to the World the presence of these little advertising cookies, or “cookies”, on the German version of its service. According to him, they were deleted immediately after the investigation of Mobilsicher. “We also asked Outbrain to erase all the information that we had given them, which was done, assures the boss of Doctolib. And Facebook has never stored sensitive data. ” The social network has, in fact, informed Mobilsicher that a filtering of sensitive data has warned their memorization. Contacted about this, Outbrain did not immediately respond to requests from the World.
An in-house communication campaign
Stanislas Niox-Chateau minimizes the importance of these cookies. According to him, “They were not present on the French version of Doctolib. Their role was to follow the marketing campaigns intended to promote our own services on Facebook and Outbrain. These advertisements were not targeted according to the pathologies of our customers. The information sent to Facebook and Outbrain was not accessible to other companies wishing to do medical advertising, they were only used for us ”.
According to Doctolib, the sensitive information transferred was therefore not used. Stanislas Niox-Chateau defends himself: “The cookies we used were perfectly standard, of the same nature as those used everywhere. Our teams did not tell me that they could have deleted the sensitive information. ” However, according to our information, sorting the data before sending is possible, and even recommended.
In retrospect, the boss of Doctolib admits that the use of advertising cookies is inappropriate in the health sector. While conceding by way of Press release that“It is complex for users to clearly understand the impact of consent to a cookie”, He pointed out that the German users concerned had clicked on a button authorizing data sharing.