As the policy swells on the Health Data Hub platform and its contract with Microsoft Azure, the Cnil publishes its opinion on the subject. It calls for choosing a European provider not subject to American law.
In the concert of critics around the Health Data Hub, he lacked the opinion of the CNIL. This has just been published and the least we can say is that the controversy is not about to die out. Indeed, the committee would like “that, having regard to the sensitivity of the data in question, that its hosting and the services linked to its management can be reserved for entities falling exclusively within the jurisdiction of the European Union. “
Today, the health data platform is hosted on the Microsoft Azure cloud. Certified as a health data host and with data centers in France, the American publisher is nonetheless subject to the Cloud Act. The CNIL underlines “the concerns repeatedly raised by the European Data Protection Committee (EDPS) regarding access by the North American authorities to data transferred to the United States, in particular the collection and access to data personal for national security purposes under section 702 of the US FISA Act and the Executive Order (” Executive Order “) 12,333”. It also recalls the obligations of the GDPR which “prohibit any request for access from a court or administrative authority of a third country, addressed to companies whose processing is subject to the GDPR, outside of an international agreement applicable or, according to the interpretation of the EDPS, the application of a derogation relating to the vital interest of the data subject ‘.
Arms pass with OVH and referenced to freedom before the Council of State
Microsoft’s choice as a cloud service provider is therefore in the crosshairs. In recent weeks, voices have been raised as to why a French service provider like OVH was not selected for the HDH. Octave Klaba has split several tweets to return to the controversy. “No specifications. No invitation to tender. The POC with Microsoft which turns into an imposed solution. All of this at the limit I don’t care. But to say that the ecosystem we represent is unable to offer better and cheaper, that’s no! “, Can we read in an exchange with Stéphanie Combes, director of Health Data Hub.
The fact remains that the subject of accommodation has moved into high gear this week with the filing of a summary liberty with the Council of State. The InterHop collective (French hospitals for interoperability and the free sharing of algorithms), the CNLL and the doctor Didier Sicard are, with several other associations and people, initiating this appeal. They criticize that the platform set up “seriously and surely irreversibly infringes the rights of 67 million inhabitants to have the protection of their privacy, in particular that of their most intimate data, absolutely protected by secrecy. medical: their health data ”.