AI
Konieczny Wierzbicki || Kancelaria Radców Prawnych
Contact
13.05.2021

French Conseil d’Etat about the use of cloud services provided by AWS

Michał Czuryło

March 12, 2021. The Conseil d’Etat – France’s highest administrative judicial body – issued a decision in the COVID-19 vaccination booking platform case. The court ruled that the personal data – managed by Doctolib and hosted by Amazon Web Services – was sufficiently protected because sufficient safeguards, both legal and technical, were provided in the event of a request for access by US authorities.

The case, however, was special. The court’s decision is multi-layered and may also have significant meaning for Polish entities using cloud solutions, in particular from US providers.

The French court indicated that although Doctolib did not transfer personal data to the US (because it concluded an agreement with AWS Sarl in Luxembourg and kept the data on servers in Europe), there is nevertheless a risk of access to the data by US authorities resulting from the fact that AWS Sarl in Luxembourg is a subsidiary of an American company.

However, this court reviewed the safeguards used by AWS Sarl. According to it, it is sufficient for data protection that:

  • the contract between Doctolib and AWS Sarl provides for a specific procedure in the event of a request for access to data by a foreign administration. In particular, AWS Sarl guarantees in its contract with Doctolib that it will challenge any general access requests by such authorities;
  • the data stored by AWS Sarl is encrypted. The key, in turn, is stored by a trusted third party in France to further prevent the data from being easily read by unwanted parties;
  • data is deleted after max. The data is deleted after a maximum of 3 months and in addition each time at the request of the data subjects.

This case proves that safeguards for personal data must always exist, regardless of the circumstances. The legitimate transfer of personal data outside the European Economic Area (e.g. to the USA) is possible. Even if it concerns special categories of data (such as health data). However, it is then necessary to meet the conditions and take an individual approach to the assessment of each transfer.

Our law firm supports you in conducting such an assessment with its expertise and experience. You can learn more about the topic during the Data Centre Trends conference.

See also

Do you want to be up to date? Sign up for our newsletter

By subscribing to our newsletter, you consent to the sending of information by e-mail on important events in the field of law, legislative changes and the activities of the Law Firm.

read more

The administrator of your personal data is KWKR Konieczny Wierzbicki i Partnerzy S.K.A. with headquarters in Krakow, ul. Kącik 4, 30-549 Krakow. Your data will be processed for the purpose of sending our newsletter. You have the right to request access to your personal data, their copies, rectification, deletion or limitation of processing, as well as the right to object to the processing and to lodge a complaint with the supervisory authority. More details can be found in our Privacy Policy.

Contact

KWKR Konieczny Wierzbicki and Partners Law Firm

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    Administratorem Twoich danych osobowych jest KWKR Konieczny Wierzbicki i Partnerzy S.K.A. z siedzibą w Krakowie, ul. Kącik 4, 30-549 Kraków.
    Przetwarzamy Twoje dane wyłącznie w celu udzielenia odpowiedzi na wiadomość przesłaną przez formularz kontaktowy i dalszej komunikacji (co stanowi nasz prawnie uzasadniony interes) – przez czas nie dłuższy niż konieczny do udzielenia Ci odpowiedzi, a potem przez okres przedawnienia ewentualnych roszczeń. Masz prawo do żądania dostępu do swoich danych osobowych, ich kopii, sprostowania, usunięcia lub ograniczenia przetwarzania, a także prawo wniesienia sprzeciwu wobec przetwarzania oraz wniesienia skargi do organu nadzorczego. Więcej szczegółów znajdziesz w naszej Polityce Prywatności.
    Kraków

    ul. Kącik 4

    +48 12 3957161

    kontakt@kwkr.pl

    Warszawa

    Rondo ONZ 1,

    00-124 Warszawa

    +48 12 3957161

    kontakt@kwkr.pl

    Chcesz być na bieżąco? Zapisz się do naszego newslettera

    Zapisując się do naszego newslettera wyrażasz zgodę na przesyłanie drogą e-mail informacji na temat istotnych wydarzeń z dziedziny prawa, zmian legislacyjnych oraz działalności Kancelarii.

    czytaj więcej

    Administratorem Twoich danych osobowych jest KWKR Konieczny Wierzbicki i Partnerzy S.K.A. z siedzibą w Krakowie, ul. Kącik 4, 30-549 Kraków. Twoje dane będą przetwarzane w celu wysyłki naszego newslettera. Masz prawo do żądania dostępu do swoich danych osobowych, ich kopii, sprostowania, usunięcia lub ograniczenia przetwarzania, a także prawo wniesienia sprzeciwu wobec przetwarzania oraz wniesienia skargi do organu nadzorczego. Więcej szczegółów znajdziesz w naszej Polityce Prywatności.

     

    Do you want to be up to date? Sign up for our newsletter

    By subscribing to our newsletter, you consent to the sending of information by e-mail on important events in the field of law, legislative changes and the activities of the Law Firm.

    read more

    The administrator of your personal data is KWKR Konieczny Wierzbicki i Partnerzy S.K.A. with headquarters in Krakow, ul. Kącik 4, 30-549 Krakow. Your data will be processed for the purpose of sending our newsletter. You have the right to request access to your personal data, their copies, rectification, deletion or limitation of processing, as well as the right to object to the processing and to lodge a complaint with the supervisory authority. More details can be found in our Privacy Policy.