Doctolib acquired start-up Tanker to secure end-to-end health data

Doctolib announced this Friday, January 21 the acquisition of start-up Tanker, a specialist in end-to-end encryption. The amount of the transaction was not disclosed.

Doctolib is already using the technology
The two companies already know each other very well. In fact, the telemedicine company has been using Tanker technology since 2019 to encrypt the health data of its users end-to-end. “The acquisition of Tanker is the logical evolution of our relationship and we can be proud that such technology remains in Europe, while the world’s technology leaders are on their radar.”, said Stanislas Niox-Chateau, president and co-founder of Doctolib.

Thus, this union does not interfere with the operation of Doctolib tools that will continue to “deploy“Tanker Technology”on a larger scale“. So far, Doctolib claims 60 million private users and 300,000 professional health users in France, Germany and Italy, countries where it bought its competitor. On the other hand, Doctolib did not specify the list of data that benefit from end-to-end encryption or not.

Tanker was founded in 2015 by Guillaume Pontallier, Clément Ravouna and Cédric Gestes. It provides developers with an embedded end-to-end encryption solution as an SDK. It is implemented directly in the code of SaaS applications. “The personal health data of patients using Doctolib is only accessible by patients and their health professionals at all times.“, Doctolib explained in a previous presentation. In other words, only the people talking – the healthcare professional and his patient – can read the messages exchanged.

A health data security strategy
This acquisition is part of a context of Doctolib’s increasing personal data security considerations. He earned two certifications in November, one in information systems security and one in health data hosting.

This technique also responds to accusations about tricolor unicorn data protection. In June 2021, it was accused of using two cookies to collect data of its German users, such as the specialty of medicine, treatment and sector (public or private) sought as well as the IP address of the device. used for search. These were sent to Facebook and Outbrain, two advertising giants.

In response, the unicorn confirmed that it had not collected health data on these cookies and added that it had “jnever sent medical data to a third party, whether in France or Germany“. He claimed to have requested users’ consent, as required by the General Data Protection Regulations (GDPR).

AWS data hosting is controversial
In France, Doctolib was accused of poorly protecting user data because Amazon – as the host – and the company itself would have access to this information, according to an investigation published by France Inter published in March 2021. Stanislas Niox-Château, CEO and founder of Doctolib, dismissed the charges in a blog post.

The choice of an American cloud provider, in this case, Amazon Web Services (AWS), is also disputed by the physician and patient associations that occupy the Council of State. They felt that health data was less protected because it was hosted by AWS, which was subject, as a company located in the United States, to the arbitrary power of American intelligence services.

The administrative judge denied this request. He said the data was adequately protected thanks to amendments to the hosting contract that establish an accurate procedure in the event of requests for access by a public authority. He also mentioned that Doctolib implemented an encryption method, designed by Tanker, in which only Atos has the key. This will prevent a third party from reading the data.

Leave a Comment