Blog

Doctors’ organisations and a human rights group recently challenged the storage of vaccine appointment data on a platform hosted in France and Germany by Amazon Web Services. They sought an urgent order to suspend the transfer of data from Doctolib (a French company contracted by the French government to provide a platform for vaccine appointments) to AWS. The judge concluded that there was a risk that data could be subject to access from the US through requests made under Article 702 of the Foreign Intelligence Surveillance Act or Executive Order 12333. However appropriate technical and organisational measures (encryption with key at third party, short retention periods and procedure to challenge any general access request from a US public authority) were in place to ensure that the personal data was provided with GDPR equivalent protection.