the Council of State maintains the partnership with Doctolib for the management of appointments


The Council of State validated, Friday, March 12, the partnership between the Ministry of Health and the Doctolib platform for the management of vaccination appointments against Covid-19. PSeveral associations and unions argue that this partnership does not sufficiently protect medical data. Concerns deemed unfounded by the highest administrative court, which rejected their request to suspend the contract between Doctolib and the state, signed in January.

>> Covid-19: follow the latest information on the epidemic in our direct

The 13 applicants, including the Federation of Doctors of France and the Syndicate of General Medicine, “considered that the hosting of Doctolib data by a subsidiary of an American company entailed risks with regard to access requests by the American authorities”, details the Council of State in a press release. Doctolib, for its part, argues that legal protections have been put in place to protect data hosted by Amazon from US authorities, reports Le Monde (paid article).

>> Four things to know about AWS, Amazon’s lucrative business you’ve never heard of

The summary judge concluded that “the level of protection of the data concerned is not manifestly insufficient in view of the risk invoked by the associations and unions requesting”, adding that the contract with Doctolib includesa specific procedure in the event of access requests by a foreign authority providing for the contestation of any request that does not comply with European regulations “.

The summary judge also argued that “The data collected during vaccination appointments do not include information on the medical grounds for vaccination eligibility, but only relate to the identification of people and the appointment scheduling”, explains the Council of State.

The decision sparked the“indignation” of the applicants. Legal guarantees are insufficient, according tossociation InterHop, one of the parties. “LThe judge considers that the data in question are not health data “, add the applicants. This interpretation (…) contravenes the legal definition as provided for by the GDPR [règlement général sur la protection des données].

The parts further regret that the National Commission for Informatics and Freedoms (Cnil), the gendarme of personal data, has not been entered “despite the many requests” by the applicants’ lawyer.


Leave a Reply

Your email address will not be published. Required fields are marked *