Why this French court decision has far-reaching consequences for many businesses

Written By

willy mikalef module
Willy Mikalef

Partner
France

I am a tech-friendly lawyer based in Paris, specialising in data protection, communications and satellites, with a commitment to providing business-oriented, sustainable advice.

ariane mole module
Ariane Mole

Of Counsel
France

I am Global Chair of Data Protection. Thanks to many years of experience dedicated to data protection, I can provide innovative and practical solutions to clients around the world.

On March 12, 2021, the Conseil d’Etat — France's highest administrative court — ruled that personal data on a platform used to book COVID-19 vaccinations, managed by Doctolib and hosted by Amazon Web Services, was sufficiently protected under the EU General Data Protection Regulation because sufficient safeguards, both legal and technical, were put in place in case of an access request from U.S. authorities. The judge thus rejected a claim filed by professional associations and unions that asked for the suspension of the service because Doctolib referred to AWS for hosting the platform. The plaintiffs unsuccessfully argued that because the processor was a company bound by U.S. law, the risk of access by U.S. authorities was incompatible with the GDPR under the "Schrems II" decision by the Court of Justice of the European Union.

Read more here >

*This article has been previously published on the IAPP website and shared with its members.

Latest insights

More Insights
featured image

4 Things to Know About Australia's New Statutory Tort of Privacy

5 minutes Jun 10 2025

Read More
featured image

A game-enhancer, not a game-changer: key takeaways on the new UAE Media Law penalties

5 minutes Jun 10 2025

Read More
Curiosity line yellow background

China Cybersecurity and Data Protection: Monthly Update - May 2025 Issue

May 26 2025

Read More