The Dutch suicide prevention hotline 113 faced backlash after ethical hacker Mick Beer discovered it shared website visitor data with third parties like Google and Microsoft without consent, per BNR’s report. This included sensitive metadata such as IP addresses, browser details, and screen recordings, raising alarms about GDPR violations.

The breach exposed users’ digital footprints, with data collected even when visitors declined cookies. While Microsoft only received data from consenting users, Google accessed information regardless of consent. Stichting 113 suspended all analytics tools temporarily, admitting, "We regret that concerns have arisen." The foundation emphasized no conversation content was shared, but critics argue metadata still risks profiling vulnerable individuals.

Technical scrutiny focuses on how third-party trackers were integrated without safeguards. GDPR mandates stricter protections for medical data, which includes anonymous crisis hotline interactions. The incident underscores risks of poor privacy engineering in tools meant to save lives, with Google and Microsoft at the center of data misuse debates.