On May 21, I had the opportunity to write about our health data and sovereignty by taking the example of the Data Hub Health project (platform for aggregating Health data and promoting their exploitation) which saw its launch. accelerated during the corona virus crisis. The way in which this project is carried out raises many questions.
Why is this an emblematic example?
We are first of all facing a major contradiction of our government which professes digital sovereignty and declare wanting to put an end to the domination of GAFAMs, and another imposes the use of the Microsoft Cloud in the construction of the Health Data Hub . Everything seems to have been done without a tender if we believe a certain amount of information circulating on the net (Forum Atena), bypassing public procurement regulations.
According to an article published on the EI Portal: “The SantéNathon collective in a letter requesting information and reporting under article 40 al 1 of the criminal procedure code” addressed to the Minister of Health Olivier Véran , the collective requests the pronunciation of the nullity of the contract concluded between the French government and Microsoft Azure and the compensation for the losses of chance to conclude the contract ”.
The actors of the project justify the decision to use the Microsoft Cloud, arguing that it would be the first Cloud to have obtained hosting certification for Health Data (LeBigData), this statement is however false, indeed OVH had obtained approval Health Data Host in 2016 followed by a new certification (HDS certification) in 2019 at the expiration of the previous approval
The highlight of the imposture is to assert that there is no French or European player capable of supporting the computing power needs for studies based on Artificial Intelligence, as Cédric O, secretary of state responsible for digital technology… This position provoked the reaction of OVH, one of our French players who is, as we have seen, certified in hosting health data and this well before Microsoft (nextinpact.com)
The main reason for the choice of Microsoft taken in defiance of our own rules of transparency and fairness seems to be that the American company offered to test the concept for free, a classic commercial string!
We can find all the questions and risks in this excellent summary of Le Vent Se Lève. In the way of managing this type of ambitious project, there is also the question of possible conflicts of interest, as this article in Le Monde highlights. He underlines that Jean-Marc Aubert who was involved in this project as the boss of DREES (Direction of Research, Studies, Evaluation and Statistics) recently joined the iQuivia group, an American group specialized in the processing of health data and clinical research…
What can we do ?
Even if our means of action remain limited on an individual scale, they still exist.
We can specifically support initiatives intended to counter this GAFAM control over our data, our health data. And these initiatives exist: the April 9 call from French digital players, or the SantéNathon collective. You can influence future decisions by relaying their publications on social networks and showing your awareness of the processing of your personal data, the most precious of which is your health data. There are even petitions calling for the withdrawal of the agreement with Microsoft.
For my part, I suggest that you use the tools that are at our disposal:
- At your doctor, pharmacist or hospital, remember to signify that you do not authorize the transfer of your data to the Health Data Hub.
- Log into your personal space fr, go to the messaging space to create a message whose subject is ‘Exercise computer rights and freedoms’, then I offer the following message: “Hello, I have read the information concerning the setting up of the Health Data Hub with Microsoft as operator. I note that the protection of my personal health data is seriously degraded by the choice of this operator taking into account the “Cloud Act” and certain parts of the contract which suggest the possibility for Microsoft to send data outside the EU. For this reason I inform you that I oppose the use or sending of my health data to this health data hub. A parallel notification will be made to the CNIL to assure me that any CPAM health administration, hospital, doctor, etc. will in no case be able to transmit my data to this Health Data Hub. Please take this request into account. Best regards. They have a month to respond.
- At the same time, you can contact the CNIL, to signify the process you have started with the CPAM. Without a satisfactory response from the CPAM, you can open a complaint to the CNIL for non-compliance with the RGPD (General Data Protection Regulations).
Our health data are in essence the most intimate data there is. If they are precious for us, they are also precious for commercial companies. It is normal to mobilize to protect our good and our interests.
Through this example, we come to be aware of all the issues related to data, we must ensure that they cannot be used without our consent, which will clearly not be the case with Microsoft (For the record a French actor will not depend on American legislation: the Cloud Act and the Patriot Act ..) In addition, if whatever their type, data is the source of economic growth of the future and of our jobs, we cannot let the American or Chinese digital giants, appropriating our data.
This article is intended to be informative, but it is also and above all a word of humor! May our government and our administrations wake up! May the notion of Digital Sovereignty not be an empty slogan, but that it translate into the facts and the choices of the solutions implemented within the framework of the digitization of our country!