As Mobile Safety reports, the appointment broker Doctolib has forwarded data to the Facebook and Outbrain advertising platforms. The app from the Google Play Store was tested in June, and version 2.2.26 was affected – so it cannot be said what it looks like with previous versions.
Doctolib is supposed to display a dialog the first time it is opened, stating that data protection has the highest priority – if you agree at this point, the app sends exactly that data to the two advertising platforms. The lawyer and member of the Pirate Party in the European Parliament, Patrick Breyer, said Mobile Safe: “If that is the only consent, of course that does not cover the transmission of content and keywords.” Doctolib even transmits search terms, such as dermatologist or urologist as well as associated treatments or the treatment request.
In addition to this information, Doctolib also sends a Marketer ID from Outbrain or the Facebook ID as well as the insurance status and, of course, the IP address. An appointment actually booked via the app or a selected doctor was not transferred.
Limits of transmission
The iOS version of the app and the website have not been tested. However, according to Mobile Safe, it can be assumed that they have also sent data to Facebook and Outbrain. Doctolib is said to have responded immediately and stopped the transmission, a second test by Mobile Security confirmed this. In addition, the provider arranged for the data on the platforms to be deleted. The transmission was for marketing purposes, they wanted to measure the success of a campaign – although it remains unclear why search terms are transmitted. “We could have explained that better – but then it would have become more complex. We have therefore decided to completely stop measuring campaigns via the two third-party providers,” explains Dr. Ilias Tsimpoulis, Managing Director at Doctolib.
Facebook has emphasized that the disclosure of health-related data is prohibited. If your own systems recognize these, they will not be recorded. This has also happened with Doctolib.