What does the “Covid Vaccine” file provide, which worries the Internet?

Preparation of doses of vaccine against Covid-19 during the launch of the vaccination campaign in Sevran, on December 27.

-

THOMAS SAMSON-POOL / SIPA

• Created by decree on December 25, the "Covid Vaccine" file will compile the personal data of people vaccinated to ensure "the monitoring and management" of the vaccination campaign.

• This database is causing concern on social networks.

  In a Twitter publication, an Internet user is particularly alarmed at the systematic and unwanted registration of people vaccinated against Covid-19.

• Medical secrecy, personal data, personal consent…

  20 Minutes 

  explains the ins and outs of this decree.

It will compile the personal data of all people vaccinated against Covid-19.

New bowstring for the executive in the fight against the coronavirus epidemic, the “Covid vaccine” file, placed under the responsibility of the Ministry of Solidarity and Health and the National Health Insurance Fund (Cnam ), was created by decree on December 25.

It should allow "the implementation, monitoring and management of vaccine campaigns against Covid-19", which began Sunday, December 27 in France.

This large file - given that it should, in time, compile data "from a major part of the French population", as the National Commission for Informatics and Liberties (Cnil) underlined - , raises many concerns on social networks.

In a viral publication on Twitter, a user denounces in particular the "systematic filing" and not consented to patients.

According to him, the “Covid Vaccine” file would even violate medical confidentiality.

Medical secrecy violated by a decree published today: systematic registration of people likely to be vaccinated and those undergoing a medical examination for vaccination will see their health data necessarily recorded.

Health insurance in particular will have access pic.twitter.com/YR1IoAIylZ

- VirusWar (@VirusWar) December 26, 2020

20 Minutes

takes stock.

FAKE OFF

"Covid vaccine" has several concrete purposes, set out in the decree of December 25, 2020: to allow the identification of persons eligible for vaccination, the sending of vaccination vouchers, the recording of information relating to the consultation prior to vaccination and the organization of vaccination for these people.

The file will also be used to supply the premises with vaccines and will make it possible to recontact the patient in the event of "the appearance of a new risk".

This is called “pharmacovigilance”.

"This treatment is not intended to be extended to vaccinations other than that against the coronavirus", underlines the Cnil.

Health personnel are thus responsible for registering a set of personal data on the vaccinated persons: identification data (name, first names, date and place of birth, etc.), sickness insurance scheme, date and place vaccination, but also the patient's state of health.

The database will also be fed by other already existing health files.

The CNIL issued an opinion on the draft decree establishing the “Covid vaccine” file on December 10.

This body, which is responsible for ensuring the protection of personal data contained in files and computer processing, considered that the purposes of the file "appear to be determined, explained and legitimate".

Some data will be subject to pseudonymization measures

Contacted by

20 Minutes

, the General Directorate of Health (DGS) assures us: "the data processed within the framework of the" Covid Vaccine "information system are protected by medical confidentiality".

For example, the processing of your personal data does not imply that all healthcare professionals will have access to it.

"Only the data necessary for the performance of the missions at a given time will be accessible to the people responsible for carrying out such or such a task," explains Adèle Lutun, a lawyer in the health service within the Cnil, at 

20 Minutes.

"For example, if you go to see a nurse after receiving your vaccination voucher, the latter will not know what, in your state of health, justifies that you be vaccinated as a priority", develops the lawyer.

For the exercise of their missions, some professionals will receive for their part data which has been the subject of so-called "pseudonymization" measures, allowing the confidentiality of the identity of persons.

This will be the case in particular for agents of Public Health France or ARS.

Will your data be collected without your consent?

Through the connection with other health files, certain data will actually be collected in the file from the Health Insurance without the consent of the people.

It is this information that will allow the creation and sending of your vaccination voucher when you are among the eligible persons.

"Concretely, a person who would have received a voucher to be vaccinated and who would neither wish to be vaccinated, nor to appear in the information system can ask to be erased", specifies the DGS.

"In exceptional circumstances, exceptional measure, you will not however be able to request the erasure of your post-vaccination data", indicates Alain Bensoussan, lawyer specializing in the right to data protection, to

20 Minutes.

"These data, which ensure the follow-up of the vaccination campaign and allow a very high reactivity in the event of the appearance of potentially problematic side effects, are framed by a reason of general interest: the protection of the population", adds t -he.

Nevertheless, the DGS stresses that you can oppose "the transmission of [your] data for research purposes to the health data platform" Health Data Hub "and to the National Health Insurance Fund".

A balance between necessity and proportionality

For Alain Bensoussan, this decree is a balance between “protection of the person and defense of his private life”.

If the “Covid Vaccine” file does not worry him as it stands, two points of attention remain, underlines the lawyer.

First, the need to carefully monitor the subcontracting companies that may be required to work with the Ministry of Health and the CNAM and which have still not been detailed by the department, despite the recommendation of the CNIL.

Finally, he points out the importance of strengthening the penal response to illicit data collection: “Today, collecting personal data by fraudulent, unfair or unlawful means is punishable by five years' imprisonment. and a fine of 300,000 euros.

Considering the size of the file and the sensitivity of its data, it would be smart to double this penalty ”.

Health

Coronavirus: No, the CEO of Pfizer did not "refuse" to be vaccinated

Media

Report information that you believe to be false to the "Fake Off" team of "20 Minutes"

• Fake off

• Fact checking

• Covid 19

• Personal data

• Coronavirus

• Vaccine

• Society