Secretary of State for Digital Cédric O announced Thursday, October 8, that he was considering revoking the Health Data Hub storage agreement by the American Microsoft. The Health Data Hub, this health data platform that brings together the medical information of the French (from hospitals, health insurance, etc.) to enable research based on artificial intelligence, has been hosted since 2019 by Microsoft’s Azure computing cloud service. The data is stored in Europe but on servers belonging to this American company, which sparked an outcry on the pretext that there would be risks for the confidentiality of this data, and for questions of digital sovereignty.
Initially, health data was legally protected by what is called the “Privacy Shield”, an agreement between Europe and the United States, authorizing certain transfers of data from Europe to the United States. – United (for example for maintenance). But, last July, the “Privacy Shield” was invalidated by the European Court of Justice. That changes everything. Cédric O even spoke of a “thunderclap”, Thursday during his hearing by a senatorial committee. In addition, the CNIL is getting involved and is now asking to stop the storage of health data on Microsoft servers.
The minister spoke of French or at least European servers. European players exist, but if they had not been chosen at the time, it is because they had been judged technically and economically less expensive. So the risk could be that our data stays nice and warm in Europe, yes, but maybe less well protected or less usable. However, since last year, these European players may have upgraded. This is what the government will have to study.