TL;DR
The Dutch suicide prevention website 113 shared visitor data, including location and browsing info, with Google and Microsoft without user consent. The organization has temporarily halted data sharing pending investigation.
The Dutch suicide prevention website 113 has temporarily suspended all data sharing and measurement tools after reports that it shared visitor data with third-party companies without user consent, raising privacy concerns under GDPR.
Research by ethical hacker Mick Beer of Hackedemia.nl revealed that the Dutch suicide prevention site 113 shared sensitive technical data, including location, device type, and browsing history, with companies such as Google and Microsoft. This occurred even when visitors did not accept cookies or provide explicit consent, according to Beer.
After being confronted with these findings, Stichting 113, the organization managing the site, responded by temporarily disabling all measurement and analysis tools. They stated they are investigating the incident to understand how this occurred, its potential impact, and what steps to take next. The organization emphasized that no substantive conversations or chat data were shared, only technical metadata related to website visits.
Why It Matters
This incident raises significant concerns about privacy and data protection, especially given the sensitive nature of the website’s purpose—supporting individuals in mental health crises or contemplating suicide. Sharing such data without consent may constitute a violation of GDPR, which mandates strict protections for personal and health-related data. The case underscores the importance of data security and privacy compliance for organizations handling vulnerable populations, and it could lead to regulatory scrutiny or legal action.
Magicmoon 15.6" Privacy Filter Screen Protector, Anti-Spy/Glare Film for 15.6 inch 1920 x 1080 Resolution Widescreen Notebook Laptop with 16:9 Aspect Ratio (Not for 16:10) (Touch Screen Not Compatible)
Compatible Models: Width: 13 9/16" (13.5 inch/344 mm), Height: 7 5/8" (7.6 inch/194 mm), Diagonal: 15.6" (396.24 mm)…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
The website 113 is a critical resource for those in the Netherlands seeking help for mental health issues, including suicidal thoughts. The site offers contact options and information, and it is expected to handle user data with care. Prior to this incident, there had been no public reports of data sharing practices by the organization. The revelation follows broader concerns about digital privacy and data handling by health and social services online, especially in sensitive contexts.
“Anyone who surfed to the 113 website left a digital footprint behind. Google and Microsoft can use this information to build general user profiles.”
— Mick Beer, ethical hacker
“It concerns technical data regarding a website visit, so-called metadata. We realize that visitors must be able to trust that their privacy is protected and regret that concerns have arisen.”
— Stichting 113 spokesperson
VPN for online privacy
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It is not yet clear how long the data sharing occurred, whether any data was misused, or if legal action will follow. The full scope of the data shared and the technical details of the breach remain under investigation, and the organization has not specified whether the trackers will be reactivated in the future.
secure browsing extension
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Stichting 113 will conduct a thorough investigation into the incident, review its data handling practices, and determine if any further action is necessary. The organization has indicated it may update the public on the findings and whether measures will be implemented to prevent recurrence.
Lovell DESTRUCT PRO – USB Hard Drive Eraser & Data Destruction Tool – 3 Phase Crytopgraphic Wipe – Super Fast SMART Technology – Multi-Drive Compatibility – Works With HDD, SSD, & External Hard Drives
PERMANENT DATA DESTRUCTION: Factory resetting is a flawed process that isn’t enough to keep deleted data from being…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What specific data was shared by the Dutch suicide hotline?
The data included technical metadata such as location, device type, browser information, the website visited prior to 113, and screen recordings of the website visit.
No, the organization stated that no substantive information from conversations or chats was shared; only technical metadata was involved.
Could this data sharing have legal consequences?
Yes, experts suggest that sharing this data without proper consent likely violated GDPR regulations, which require strict data protection measures for sensitive health-related information.
Will the organization resume data sharing in the future?
The organization has not specified whether the trackers and data sharing practices will be reactivated after the investigation concludes.
