A troubling privacy breach has come to light involving one of the Netherlands' most sensitive services. The Dutch suicide prevention hotline 113, which people turn to in their darkest moments, was quietly sharing website visitor data with major tech companies — without asking for permission. The findings, uncovered by ethical hacker Mick Beer of Hackedemia.nl, have sparked serious concerns about digital privacy in mental health services.
3 hours Ago
What Data Was Shared and With Whom
The scope of the data sharing was wider than many might expect. When someone simply opened the 113.nl website, clicked on the chat option, or navigated toward the call menu, that activity was being tracked and passed on.
According to Beer, this alone counts as sensitive information — because even visiting a suicide prevention page says something deeply personal about a person's state of mind.
The data handed over to third parties included details like the visitor's location, browser type, device information, the website they had come from just before visiting 113, and even screen recordings of their time on the site. Google received this data regardless of whether visitors had accepted cookies.
Microsoft also received some information, though in that case, only when cookies had been accepted.
Beer put it plainly: anyone who visited the 113 website left a digital trail behind. That trail, he warned, could be used by companies like Google and Microsoft to build broader profiles on individual users.
Stichting 113 is likely to have broken the General Data Protection Regulation with this practice. Under GDPR rules, medical and health-related personal data — which includes contact with an anonymous mental health service — requires an especially high level of protection.
Foundation Responds, Shuts Down Tracking Tools
.
Copyright @ 2024 IBRA Digital