Why this French court decision has far-reaching consequences for many businesses

Written By

willy mikalef module
Willy Mikalef

Partner
France

I am a tech-friendly lawyer based in Paris, specialising in data protection, communications and satellites, with a commitment to providing business-oriented, sustainable advice.

ariane mole module
Ariane Mole

Of Counsel
France

I am Global Chair of Data Protection. Thanks to many years of experience dedicated to data protection, I can provide innovative and practical solutions to clients around the world.

On March 12, 2021, the Conseil d’Etat — France's highest administrative court — ruled that personal data on a platform used to book COVID-19 vaccinations, managed by Doctolib and hosted by Amazon Web Services, was sufficiently protected under the EU General Data Protection Regulation because sufficient safeguards, both legal and technical, were put in place in case of an access request from U.S. authorities. The judge thus rejected a claim filed by professional associations and unions that asked for the suspension of the service because Doctolib referred to AWS for hosting the platform. The plaintiffs unsuccessfully argued that because the processor was a company bound by U.S. law, the risk of access by U.S. authorities was incompatible with the GDPR under the "Schrems II" decision by the Court of Justice of the European Union.

Read more here >

*This article has been previously published on the IAPP website and shared with its members.

Latest insights

More Insights
Curiosity line pink background

China Cybersecurity and Data Protection: Monthly Update - May 2025 Issue

May 26 2025

Read More
featured image

Neurotechnologies Under The AI Act- Where Law Meets Science

9 minutes May 13 2025

Read More
featured image

Saudi Arabia: Public consultation on draft changes to the Data Protection Regulations

6 minutes May 08 2025

Read More