TL;DR
The Dutch suicide prevention website 113 shared sensitive visitor data with third-party tech companies without explicit consent. After being confronted, the organization temporarily suspended data sharing and launched an investigation. The incident raises concerns about privacy and GDPR compliance.
The Dutch suicide prevention website 113 shared visitor data with third-party tech companies, including Google and Microsoft, without obtaining user consent, according to research by ethical hacker Mick Beer. This revelation has raised privacy concerns and prompted the organization to suspend all data sharing practices pending an investigation.
Research by Mick Beer of Hackedemia.nl found that the website 113, which provides critical mental health support, transmitted sensitive technical data to third parties without explicit user consent. The data included location, device information, browsing history, and in some cases, screen recordings of website visits. Beer stated that, until recently, data was shared with Google regardless of cookie consent, and with Microsoft only if cookies were accepted.
Stichting 113, the organization operating the site, confirmed that it temporarily disabled all measurement and analysis tools after being confronted with the findings. A spokesperson clarified that only technical metadata, not substantive chat or conversation content, was shared, and expressed regret over the privacy concerns. The organization indicated it is investigating how the data sharing occurred and what the potential impact might be.
Why It Matters
This incident matters because it involves the potential violation of GDPR regulations, which mandate strict protections for sensitive personal and health-related data. Sharing such data without consent could undermine public trust in essential mental health services and raises broader concerns about data privacy, especially when dealing with vulnerable populations.
SightPro Magnetic Laptop Privacy Screen 14 Inch 16:9 – Patented Removable Laptop Privacy Filter Shield and Protector
【Instant Snap-on Magnetic Attachment】- The Patented Magnetic Privacy Screen – Protected by U.S. Patents 9,829,669 and D844,012. Simply…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
The incident comes amid increased scrutiny of data privacy practices by online services, especially those handling sensitive health information. The Dutch organization 113 is a key resource for individuals in crisis, and any breach of privacy could deter vulnerable users from seeking help. Previously, there have been concerns about how health and mental health data are handled online, but this case highlights potential gaps in compliance with privacy laws.
“Anyone who surfed to the 113 website left a digital footprint behind. Google and Microsoft can use this information to build general user profiles.”
— Mick Beer, ethical hacker
“It concerns technical data regarding a website visit, so-called metadata. We realize that visitors must be able to trust that their privacy is protected and regret that concerns have arisen.”
— Stichting 113 spokesperson
Mullvad VPN | 12 Months for 5 Devices | No-Log Security VPN Service | Protect Your Privacy
PRIVACY-FIRST VPN: This 12-month Mullvad VPN code gives you a full year of privacy protection without monthly renewals….
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It remains unclear exactly how the data sharing occurred, whether it was intentional or accidental, and what specific impact it has had on users. The scope of data collected and shared, as well as the duration of the practice, is also still under investigation.
Google Chrome User Guide For Beginners and Seniors: Step-by-Step Instructions to Browse Efficiently, Manage Tabs, Use Extensions, Secure Data, and Customize Settings
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
The organization plans to complete its investigation, determine whether GDPR violations occurred, and decide whether to resume data collection and sharing practices. Further updates are expected once the investigation concludes and appropriate measures are implemented.
Lovell DESTRUCT PRO – USB Hard Drive Eraser & Data Destruction Tool – 3 Phase Crytopgraphic Wipe – Super Fast SMART Technology – Multi-Drive Compatibility – Works With HDD, SSD, & External Hard Drives
PERMANENT DATA DESTRUCTION: Factory resetting is a flawed process that isn’t enough to keep deleted data from being…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
Did the data sharing include sensitive personal or health information?
No, the organization stated that only technical metadata related to website visits was shared, not substantive chat or conversation content.
Has the organization taken steps to improve privacy protections?
Yes, they have temporarily disabled all measurement and analysis tools and are investigating how the data sharing occurred.
Could this data sharing violate GDPR regulations?
According to experts, sharing this type of metadata without proper consent could constitute a violation of GDPR, which requires strict protections for sensitive personal data.
Will the organization resume data sharing in the future?
It is not yet clear; the organization has not made a decision and is currently assessing the situation.
