Covid, Health Data and Microsoft

“Legal Europe must wake up, driven by France and the pressure of public opinion. It must propose a third way to guarantee a digital future compatible with our democracies,” called for in this forum-petition many health and digital professionals, among others. A link is online to sign it.

Sign this article

Loyal and informed information

The digital literacy rate - the ability to read and write computer language - is extraordinarily low1. Our technophile world is flying into complexity, leaving the citizen out of the political debate. However, the implications are fundamental: they concern the sustainability of our freedom of thought and our mutualist health system.
We want to inform about recent developments in information technology and health to refocus the debate politically around the citizen and close the door to techno-scientific illusions.

Towards shared professional secrecy

Recently, the French Medical Association reminded that the secrecy of persons is the basis of the trust placed in health care personnel2.
Historically, the care relationship is built on a singular doctor-patient colloquium.
With the arrival of new technologies and the digitisation of the world, formal medical secrecy is gradually disappearing. State administrative staff already process the medical information of the insured of the Assurance Maladie3. Contemporary developments tend to multiply the number of players in the healthcare process in a logic of collective and multidisciplinary care. How can this ethical requirement be reconciled with the 21st century, at a time of massive data processing carried out by increasingly sophisticated algorithms?

The notions4 “care team” and “shared secret” redefine the contours of secrecy in the digital age. Medical information that is strictly “necessary for continuity of care” can circulate between the different members of the care team to improve the overall management of the person. Moreover, opposition to data sharing5 is an essential right for the patient. The prerequisite for any refusal is the right to clear and precise information on the expected benefits, the forces involved and the course of the medical data. The digital divide6 and the eagerness to deploy IT tools no longer allow these rights to be guaranteed.

Technophily and centralization

“Science without conscience is the ruin of the soul.” Rabelais

It is a fundamental ethical principle: “technologies must be at the service of the individual and society” rather than “enslaved by technological giants”7.

Blind confidence in technology, and in particular in new statistical tools, could lead to the legitimization of pyramid schemes and potentially freedom-reducing systems.
Thus, the new information systems initiated in the context of the state of emergency are all centralised: collection of identities and risk contacts, blood test results, surveillance of mobile phones. These systems will feed the national health data platform or “Health Data Hub”8. This one-stop shop for access to all de-identified health data aims to develop artificial intelligence applied to health. All this data is hosted by the Microsoft company and its commercial offer, the Azure platform9.

The problem is that American law applies to the whole world!
In 2018, the American government adopted a text called “Cloud Act”10, which allows the American justice to have access to data stored in third countries11. Microsoft is subject to this text which is in conflict with our European data protection regulation12.

How can we support this choice when the President of the National Agency for the Security of Information Systems publicly opposes the digital giants which would represent an attack on our “mutualist health” systems13?
How can we support this choice when the CNIL mentions in the contract linking the “Health Data Hub” to Microsoft “the existence of data transfers outside the European Union as part of the platform’s day-to-day operation”14?
How can we support this choice when there are dozens of French and European industrial alternatives15?

Third way: autonomy / Europe

Brutally, the Snowden case showed the use of our data through globalized monitoring programs16.
Brutally, confinement has made us live in our flesh with imposed and necessary deprivations of liberty.

At the heart of the economy of the 21st century, data has gradually taken on crucial importance. They are the oil of our modern economies17 and the one who controls them, imposes himself. They are exploited by platform states dependent on market forces (Google, Apple, Facebook, Amazon, Microsoft) or authoritarian regimes (Baidu, Alibaba, Tencent and Xiaomi)18.

We need to go back to basic political principles[^prefiguration] and understand that “the health data heritage is a national asset… The sovereignty and independence of our health system from foreign interests, as well as the competitiveness of our research and industry, will depend on how quickly France grasps the issue.”

The autonomy of individuals must be strengthened. The provision of enlightened and transparent information bringing together patients, healthcare professionals and legislators must be achieved. Then people will be able to oppose the sending of data concerning them outside the legal framework that defends them.

Legal Europe must wake up, driven by France and the pressure of public opinion. It must propose a third way to guarantee a digital future compatible with our democracies. “The fundamental challenge for Europeans is to be able to maintain their autonomy of thought.”[^liberty]
It is therefore up to European and French legislators to protect democracy in the age of surveillance capitalism. The Court of Justice of the European Union19 as well as national personal data regulators must take a stand on the possibility of contractualization with companies subject to US laws.

The Franco-German initiative GAIA-X20, which wants to provide a technical framework of transparency and good conduct to globalized platform states, must be propelled by the European Union. This is an absolute necessity.
For an autonomous Digital Europe, it is necessary to use “Free/Libre software and open formats in the development”21 of information systems. To ensure that everyone has access to quality care in the future, let us demand the publication of architecture plans for IT platforms, data flows, algorithms and medical terminologies.

In addition, the quality of research is co-constructed with multidisciplinary teams and interactions between care and research. On the spot, within hospitals and structures involved in public service, the “commonality” and autonomy of a fabric of teachers, researchers, computer scientists, carers and a network of people in trust with the whole system must be encouraged. Within this network, the role of the regions and hospitals must be strengthened.

If the legal and theoretical framework is to come from Europe, compliance with reality will remain local.


Signing this paper

See original article in Médiapart


Summary

Sources

  1. L’alphabétisation numérique et la participation familiale à l’école 

  2. Plan de déconfinement et garantie du secret médical 

  3. “Le secret médical sera préservé” 

  4. Comment concilier respect du secret professionnel et efficacité des soins ? 

  5. Opposition et information 

  6. Les quatre dimensions de la fracture numérique 

  7. Médecins et Patients dans le monde des data, des algorithmes et de l’intelligence artificielle 

  8. Données de santé : l’arbre StopCovid qui cache la forêt Health Data Hub 

  9. Modalités de stockage du « health data hub » 

  10. Rapport Gauvain : Rétablir la souveraineté de la France et de l’Europe et protéger nos entreprises des lois et mesures à portée extraterritoriale 

  11. Évaluation du CCBE de la loi CLOUD Act des États-Unis 

  12. Commission spéciale Bioéthique : Auditions diverses, Mme DENIS 

  13. Audition de M. Guillaume Poupard, directeur général de l’Agence nationale de la sécurité des systèmes d’information (ANSSI) 

  14. Délibération n° 2020-044 du 20 avril 2020 portant avis sur un projet d’arrêté complétant l’arrêté du 23 mars 2020 prescrivant les mesures d’organisation et de fonctionnement du système de santé nécessaires pour faire face à l’épidémie de covid-19 dans le cadre de l’état d’urgence sanitaire 

  15. Annuaire des hébergeurs aggréés AFHADS 

  16. Trente-cinq chefs d’État étaient sous écoute de la NSA 

  17. The world’s most valuable resource is no longer oil, but data 

  18. “Enquête. Quand Internet sera chinois” 

  19. Données personnelles : le transfert vers les Etats-Unis validé par la CJUE 

  20. Franco-German Position on GAIA-X 

  21. LOI n° 2016-1321 du 7 octobre 2016 pour une République numérique