The Berlin Senate worked together with the doctors’ platform Doctolib to schedule vaccination appointments online during the Corona crisis – and from the point of view of the state’s data protection officers, they paid too little attention to data protection.
In principle, there is nothing to be said against the fact that the Senate Administration has commissioned a private company to schedule vaccination appointments online, according to the current report by the Berlin Commissioner for Data Protection, which was published these days. The “Tagesspiegel” had previously reported.
However, it is criticized that citizens open their own user account with Doctolib and therefore “must necessarily enter into their own contractual relationship with the private company”. As a result, the company is “leaving its role as a processor for the responsible Senate administration and is itself acting as the person responsible for data protection”.
The user accounts thus served the company’s own purposes. The Senate was instructed to order the deletion of user accounts as soon as they had served their purpose.
The Senate administration rejected the criticism on Thursday on request. “Basically, we would like to point out that in November 2020 the primary goal was to provide a functional system for booking appointments within four weeks, which was also achieved by carrying out an allocation procedure,” said a spokeswoman.
The contract with Doctolib regulates the “purpose and scope of the storage of the data”. The data protection officer was involved in the vote. Users have the option of deleting their accounts at any time.