January 27, 2023


Breaking News Breaf

The CNIL calls for the stopping of the hosting of French health data by Microsoft

Will French health data be repatriated to France? The CNIL has sent the Council of State a brief in which it requests the stopping of the storage of health data by Microsoft, indicated “Mediapart” which published the document this Friday, October 9.

Our health data at Microsoft? “We offer Americans a national wealth unique in the world”

The medical data of the French are gathered on the Health Data Hub database, a platform intended for research. The only thing is: the management and hosting of this data has been entrusted to Microsoft. A choice that had sparked an outcry: experts and professionals believed that it was not wise to entrust data to the American web giant.

Cnil requests another hosting solution

In his memoir, the Cnil “Believes that the change of the hosting solution of the Health Data Hub and other health warehouses hosted by companies subject to US law should take place as quickly as possible.”

These elements were presented Thursday, October 8 to the summary judge of the Council of State, seized of a request to suspend the device. The Cnil specifies:

“A transition period is necessary, in order to ensure these changes without loss of data or technology and without compromising the uses which are today made of this data in the context, for example, of emergencies linked to the health crisis or of medical research. “

The duration of this phase will be limited to what is strictly necessary, assures the Cnil.

Are our health data well protected?

These recommendations found an echo Thursday, October 8 through the voice of Cédric O, Secretary of State for Digital. The latter assured to work on this file with Olivier Véran, Minister of Health and Solidarity, and expressed the wish to repatriate the Health Data Hub to European or French platforms.

The EU considered the level of data protection insufficient

In July 2020, the European court of justice invalidated the agreement “Privacy Shield”, the legal basis on which Microsoft relied, like 5,000 American companies, to transfer certain data to its servers across the Atlantic, a judgment which “Has radically changed the situation of resorting to hosting solutions provided by American actors”.

INFO OBS. How Microsoft obtained health data from the French

“Mediapart” recalls that the body had justified its choice by indicating that American legislation did not make it possible to guarantee a sufficient level of protection of the data of European citizens.

Microsoft, which holds the encryption keys for data stored in Europe, is likely to carry out certain transfers to the United States for administration operations, explains the CNIL. Above all, the web giant is subject “To injunctions from the (American) intelligence services obliging it to transfer to them data stored and processed on the territory of the European Union”.

EXCLUSIVE. Microsoft as the host of our health data: the surprising legal tinkering of the Health Data Hub

Contacted by AFP, Microsoft said it “Did not comment on the strategic decisions of the French government and awaited the decision of the Council of State”, expected next week.