Dreist: Doctolib passes on patient data – this is how those involved fight back

In the corona pandemic, online platforms such as Doctolib have become significantly more popular. The platform takes advantage of this and, according to current knowledge, passes on data from users as well as non-users. And that of all things on Facebook.
Doctolib passes on patient data.
Doctolib passes on patient data.

TABLE OF CONTENTS
1″Looking for testicular cancer? Then Facebook found out about it too. ”
2 Doctolib passes on data: This is how the experts proceeded
3 Doctolib is fighting back
4th Facebook also speaks out

For more than half a year now, Facebook has been drawing attention to itself with negative headlines – primarily through the new guidelines for WhatsApp and the transfer of data to the social network . Now the data octopus shows up again – this time collecting patient data.

Because digitization is also making further progress in the medical field – not least because of the pandemic. The Doctolib platform in particular is now widely used in Germany, also in the wake of the overload of general practitioners and specialists due to the high demand for corona vaccination. Doctolib enables patients to book appointments with their doctors of choice. But the Berlin platform is now coming under massive criticism. Because: Doctolib forwards patient data to Facebook and Outbrain.

“LOOKING FOR TESTICULAR CANCER? THEN FACEBOOK FOUND OUT ABOUT IT TOO. “

No matter what illness you have or for what reason you visit which doctor. That should just be your business. Doctolib sees it differently and writes data protection small rather than big. In an analysis , the website mobilprüf.de , a project by iRights eV and the Institute for Technology and Journalism funded by the Federal Ministry of Justice, found that Doctolib passed on details about active users.

The crux of the matter: The data protection declaration, which is displayed on Doctolib at the beginning. If you agree to this, the platform regularly sends data to Facebook and the advertising web platform Outbrain. According to Mobilprüf.de Doctolib forwards all information made with the identification number (ID) and IP address to the Outbrain server. Facebook also gets the same details – only that the social network uses its own ID. Accordingly, the data is not anonymized, but allows conclusions to be drawn about the user. However, the cookies did not record any more detailed information on specifically booked appointments .

DOCTOLIB PASSES ON DATA: THIS IS HOW THE EXPERTS PROCEEDED

If you would like to book an appointment via Doctolib, you not only have to enter your name, email address, etc., but also whether you are privately or legally insured and the reason for the visit to the doctor. This is also how mobilsicherheit.de proceeded in the context of the tests. The experts do not use the web version of the platform for this, but rather the Android app in version 3.2.26. However, the experts assume that the data transfer also behaves in the same way in the iOS app and the web version.

They looked for urologists about the applications and gave the reason “vasectomy sterilization man consultation”. Furthermore, mobilsicherheit.de stated that it was privately insured. A specific doctor and an appropriate appointment were also selected for the visit. In the subsequent cookie evaluation, all search queries appeared.

DOCTOLIB IS FIGHTING BACK

The Berlin company behind Doctolib promptly defended itself against the experts’ allegations and refers to the active approval of the data protection guidelines. Nevertheless, it is not clear to the user which data the platform is passing on to whom, criticizes mobilsicherheit.de.

But: Doctolib removed the criticized cookies from the platform anyway. In addition, according to their own statement, they arranged for the data communicated on Facebook and Outbrain to be deleted. “We could have explained that better – but then it would have been more complex. We have therefore decided to completely stop measuring campaigns via the two third-party providers, ”defends Dr. Ilias Tsimpoulis from Doctolib the procedure towards mobilprüf.de.

At the beginning of the month, Doctolib came under fire because the Civil Courage association gave the platform the negative “ Big Brother Award ”. The reasoning stated that Doctolib was violating confidentiality obligations and misusing patient data for commercial purposes. And that also from patients who do not make appointments via the platform and have not even set up an account.

FACEBOOK ALSO SPEAKS OUT

Facebook also speaks out and emphasizes that personal health data must not be shared using business tools. A Facebook spokesman told inside digital: “Should companies mistakenly share this data with us, our filter mechanisms are designed in such a way that they can recognize health-related information and remove the recognized data before it is stored in our advertising systems. We are in contact with Doctolib to ensure the correct implementation of our tools in the future. ”