To adapt to the challenges of digital health and bring agile regulation to innovation, the CNIL is launching a call for “sandbox” projects. Presentation.
In a logic of agile regulation and open to innovative issues, the CNIL is launching a call for “sandbox” GDPR projects. This system will allow the three winners of this first edition to benefit from enhanced support to achieve a technological solution that complies with regulations and respects privacy.
In an approach of modernization and adaptation to the challenges of digital health, the CNIL wished to supplement its traditional instruments of support for innovation by setting up a “sandbox”. It will provide enhanced support, for a fixed period, to leaders of emblematic projects in terms of personal data protection.
This sandbox will not be able to lead to lifting the regulatory constraints, even temporarily, because the European texts on data protection (GDPR) do not provide for an exemption for this reason. However, it does have an experimental vocation, a Review, to resolve a difficulty or an uncertainty, identified in partnership with the project leader.
The sandbox is open to all innovative projects, whatever their status (public or private), size, maturity (start-up or already existing player), or sector (industry, services, etc.). This experimental approach aims to implement “privacy by design” at an early stage in the development of the project. Thus, it does not target operational or already launched projects.
A call for projects in digital health
In 2021, for its first year, the CNIL sandbox is open to three innovative projects in the field of digital health. In fact, current events demonstrate every day the value of having secure technical solutions in this area, services giving the patient confidence in new uses, and clear rules in terms of information, consent and reuse of data. data.
To select the winners, a call for projects is open until April 2, 2021.
The selection criteria will relate to:
- The benefit to the public : the project must respond to a public health issue or contribute to a collective interest in terms of the service provided (including as an alternative to an existing service);
- Interest in data protection : a CNIL wishes to retain files allowing to highlight or establish good sectoral practices (resolution of a new or important legal question or definition of technical choices, making it possible to clarify the CNIL doctrine). In the field concerned, projects relating to tele-health, access to research data, sharing of information between health professionals or artificial intelligence in health (in particular learning, prevention and bias management, transparency and explainability), for example, would be a plus.
- Finally, the project should bear witness to a strong commitment to its approach to GDPR compliance : Priority will be given to projects that have already developed reflections on the subject, with a real commitment to take into account the recommendations made and having sufficient operational resources to devote to them, commensurate with the strong investment of the CNIL services for the project.
After examining the applications, an evaluation committee comprising expert external personalities will meet to hear the project leaders who best correspond to the priorities of the CNIL. Three main criteria will be taken into account: the benefit for the public, the interest in data protection, and a strong commitment of the project leader in the process.
For the three digital health projects selected, relating to an innovative good or service linked to the processing of health data, the enhanced support will last until the end of 2021.