EXECUTIVE SUMMARY:

Vaccine scheduling websites and healthcare technology designed for coronavirus prevention and are under international scrutiny. In Europe, advocacy groups are concerned that certain online platforms fail to protect the privacy of citizens. In France, nonprofits are petitioning courts to weigh in.

Medical unions, open-source software organizations and human rights groups argue that using a US-based cloud service provider, such as Amazon Web Services, undermines Europe’s General Data Protection Regulation (GDPR).

Why? Europeans’ personal health data may be subject to federal US surveillance.

In July of 2020, Europe’s highest court issued a decision stating that EU-based organizations may only share data with American service platforms under the condition that the US-based organizations arrange for special data privacy protections.

Could US-based cloud companies simply store data in Europe? Privacy advocates state that US-based companies would still be subject to US legal requirements, which can require sharing data with US authorities.

“It’s difficult to put Europeans’ data on US clouds,” stated Adrien Parrot, President of Interhop, an organization dedicated to the use of open-source software in healthcare. “It’s like a no man’s land of justice for European citizens”.

For vaccine scheduling websites, what now?

European courts and regulators may force big technology companies to alter their approaches to data storage. Alternatively, fines could be issued or cloud service providers could be prohibited from operating in the EU.

The US approach

In early 2020, the US Department of Health and Human Services (HHS) stated that companies would not be penalized for telehealth operations or rolling out vaccine scheduling services that violate the privacy rules in the Health Insurance Portability and Accountability Act (HIPAA).

In relaxing the rules, the intention was to increase the accessibility of critical health services. For better or for worse, it’s also led to new commercial endeavors.

“Pharmacies are collecting data from customers who receive vaccines and creating profiles…”, reports the Wall Street Journal.

Retailers plan to use consumer data to promote stores and to create targeted marketing messages. “Every one of these customers is coming through our digital front end, so we have their email…we have the ability to communicate with them regularly”, says one COO.

For more on data privacy during the pandemic, visit The Wall Street Journal.