The commission nationale de l’informatique et des libertés, otherwise known as the CNIL, was born with great publicity in the 1970s. It has now achieved the metamorphosis which all State agencies go through: initially created to protect citizens from data-gathering entities, it is now little more than a rigid and cumbersome speed bump. This rigidity is heftily decried by French health professionals, who see how easily their foreign competition circumvent the French regulations and fully exploit the modern Web’s potential, using the data to better public health.
The first “public scare” goes back to 1974, when the government announced the creation of an administrative super-register (1). Designed to simplify French red tape, it was to link all French governmental registers together. But the public reacted: such a file would have handed unlimited power to the State, with full and absolute knowledge of everything in its citizens lives. So as to calm spirits down, the CNIL was created. It lists the legal obligations for any IS operator, public or private, and corrects the entities which don’t comply with regulations. Moreover, it holds influence over new regulations which are voted around technological innovations. However, it is often considered more as an obstructive administrative sandbag, than as a shield against the threats whose existence must sometimes yet be proven. Even the CNIL president, Isabelle Falque-Pierrotin, freely admits that the regulations and restrictions which companies are subjected to can be undecipherable, as reports Amaelle Guiton (2); “In fact, after consulting with the MEDEF (French business association, editor’s note), only 10% of French companies feel confident they will meet the deadline of new obligations, regarding the securing of data from the design phase on, of the information of users, of flaw notification… “They must absolutely get started!”, insists Isabelle Falque-Pierrotin, CNIL president. These companies, far more asphyxiated with regulations than are their foreign counterparts, are yet to be proven as a threat for citizens.
In the case of businesses harvesting medical, the risk is low, double-low and triple-low. Medical industries do not intervene directly on patients but deal with health professionals. The raw data which they need to know which to push developments is therefore nameless, which suits them perfectly well. Moreover, connected health equipment is purchased by people who wish to insert technology into their health management and fully understand that that requires sharing data – and that health businesses need data to perfect their offers. Finally, the use of real-time medical data would enable the saving of many lives. Geoffray Sylvain, who has specialized in connected objects on the French market, says (3) “According to a recent study by Swiss center Soreon Research, Wearables connected objects could save the lives of 1.3 million people by the year 2020”.
But, here again, the CNIL seems to be spending more time getting in the way than providing protection. A relatively small amount of solicitations is sent to the CNIL each year, and most are related to file updates, or typos (with some people wondering why they can’t get security clearances, not knowing they’ve been incorrectly tagged with someone else’s legal record). Nonetheless, the CNIL continues forbidding medical innovation, such as connected pacemakers, senior citizen surveillance systems, and other connected objects. This is difficult for medical professionals, who understand that the speed of intervention is critical in life-threatening interventions, and what technology can do for them in cutting down response times. Stephanie Roy, health reporter, explains (4): “When stroke symptoms appear, for instance, we must intervene fast because time is of the essence. The faster we can get to work, the better the patient will recover”. Connected objects, easily accessible to the greater majority, can monitor blood tension and heart rate, and send out automated alerts – instantly saving many lives, avoiding paralyses and reducing the costs shouldered by a French social system plagued with chronic deficit. According to the Health laboratory association (5), “The leads towards a better level of coordination are to be sought in the field of payment modes, which differ between urban areas and hospitals, in organization modes which lack in transverse capacities currently, and in new information and communication technologies which offer immense possibilities (remote surveillance, connected objects, patient online services and various applications). 15 to 25% of the work time in the hospital could be saved with a better health process organization.”. But for that to happen, the CNIL would need to lift it barriers. Gilles Babinet, a French entrepreneur nominated by Technology minister Fleur Pellerin, argues (6): “ I am outraged by our government’s incapacity, and the last ones, to see the opportunity within the digital age. My aim is qualified employment, and nothing is being done for it. With a little bravery, we could create one or two million jobs. But for that, we would need to stop considering particular interests. As an example, either the CNIL should be profoundly reformed, or outright shut it down. With its excessive regulations, it has become an enemy of the nation”.
The presumed protection, which many French citizens and businesses aren’t too sure of what they are being protected against, does not apply to foreign countries who seize the opportunity to overtake their French competition and push their research forward. In the United States and in China, industries have access to medical big data, which enables them to target developments towards the solutions most needed by the market. Doctor Philippe Massol reported (7) for E-gora, “According to a study published on Wednesday, February 7, by Cardiogram and the University of San Francisco, the Apple watch could detect up to 85% of cases of diabetes. These examples reported by newspaper Le Monde on February 12 show that the free circulation of medical data and public health information will increase exponentially. Big Data will be one of the stilts of tomorrow’s medicine”. This level of performance is unthinkable for government agencies, and all the more so if heavy organizations such as the CNIL is in the way. For instance, France has needed 14 years of tedious process, to cut through the complications within DMP (8) project (Online medical file), and finally gave birth to a diminished version. In the United States, health professionals are able to monitor real-time information (9) and remotely, their patients’ vitals, if patients have expressed such a wish and hired them to do so.
The true power at play, behind the red tape which causes much sighing from health professionals in France, is the good old legal umbrella. By shooting out as many regulations, constraints and obligations, the State ensures that it can never be held responsible for anomalies and mishaps, and that is still able to sanction whoever they catch and isn’t complying with the law. If a more flexible policy were chosen (as promised (10) Isabelle Falque-Pierrotin), the benefits to patients would be immensely superior to the possible malpractice. But it matters little that lives be saved, as long as the CNIL cannot be held responsible. And it matters just as little that the French medical world be running its race with a huge handicap, compared to their foreign counterparts, providing more energy, for fewer results.