The storage of information from the Health Data Hub, the French platform for centralizing population health data, raises questions. It was indeed entrusted without the usual tendering procedure to Microsoft, the only company capable of meeting the specifications of the specifications, says Mediapart . As an American company, the high-tech giant must comply with the law of its country, including the Cloud Act, which authorizes the United States government to access hosted data, notes BFMTV.
The situation reacted to the National Commission for Data Protection (Cnil). "Any request for access from a court or an administrative authority of a third country, addressed to the subcontractor [...] could not [...] be considered lawful", warns the president of the organization Marie- Laure Denis in a deliberation on April 20.
Sensitive personal data
The Cnil points out that the storage of information "at rest" is guaranteed in the European Union but that elements are likely to be transferred outside the territory. These operations can occur "within the framework of the current operation of the platform, in particular for maintenance or incident resolution operations". The Health Data Hub project director, however, denied this assertion.
Data protection within the platform is all the more worrying since the Covid-19 crisis has accelerated the development of the Health Data Hub. A decree of April 21 oversees the launch of the system "in the context of the state of health emergency". Among the personal information on the health of French people that the platform contains, we will eventually find the elements compiled in the SIDEP files, laboratory database, and Contact Covid.
The Health Data Hub also hosts data related to pharmacies, urban care, digital health apps or tools, emergency services and elements present in the National Health Data System (SNDS).
World
Cyber attack: Data of 9 million Easyjet airline customers has been hacked
High-Tech
Cybersecurity: Microsoft and Intel want to turn malware into images to better analyze them
- Cybersecurity
- Personal data
- Government
- CNIL
- Microsoft
- High-Tech