France’s knowledge regulator CNIL has issued some suggestions for French providers that deal with well being knowledge, as Mediapart first reported. These providers ought to keep away from utilizing American cloud internet hosting firms altogether, comparable to Microsoft Azure, Amazon Internet Providers and Google Cloud.
These recommandations observe a landmark ruling by Europe’s high courtroom in July. The ruling, dubbed Schrems II, struck down the EU-US Knowledge Privateness Protect. Below the Privacy Shield, firms might outsource knowledge processing from the EU to the US in bulk. As a consequence of issues over US surveillance legal guidelines, that mechanism is now not allowed.
The CNIL goes one step additional by saying that providers and corporations that deal with well being knowledge also needs to keep away from doing enterprise with American firms — it’s not nearly processing European knowledge in Europe. As soon as once more, that is all about avoiding falling beneath U.S. regulation and rulings.
The regulator despatched these suggestions to one in all France’s high courts (Conseil d’État). SantéNathon, a gaggle of organizations and unions, initially notified the CNIL over issues about France’s Well being Knowledge Hub.
France is at the moment constructing a platform to retailer well being knowledge on the nationwide stage. The thought is to construct a hub that makes it simpler to review uncommon illnesses and use synthetic intelligence to enhance diagnoses. It’s speculated to mixture knowledge from totally different sources and make it doable to share some knowledge with private and non-private establishments for these particular instances.
The technical selections have been controversial because the French authorities initially selected to companion with Microsoft and its cloud platform Microsoft Azure.
Microsoft, like many different firms, depends on Commonplace Contractual Clauses for EU-US knowledge transfers. However the Courtroom of Justice of the EU has made it clear that EU regulators should intervene if knowledge is being transferred to an unsafe nation in relation to privateness and surveillance.
The CNIL believes that an American firm might course of knowledge in Europe however it might nonetheless fall beneath FISA702 and different surveillance legal guidelines. Knowledge would nonetheless find yourself within the arms of American authorities. In different phrases, it’s being further cautious with well being knowledge for now, whereas Schrems II remains to be unfolding.
“We’re working with well being minister Olivier Véran on transferring the Well being Knowledge Hub to French or European platforms following the Privateness Protect bombshell,” France’s digital minister Cédric O told Public Sénat.
The French authorities is now different options for the Well being Knowledge Hub. Within the close to future, if France’s high courtroom confirms the CNIL’s suggestions, it might even have some results for French firms that deal with well being knowledge, comparable to Doctolib and Alan.
#Frances #Well being #Knowledge #Hub #transfer #European #cloud #infrastructure #keep away from #EUUS #knowledge #transfers #PJDM