With the Health Data Hub, the government had been called to order by the CNIL concerning the hosting of French health data. Another piece of data is particularly sensitive in this area: the social security number (NIR).
The Cnil is therefore very attentive to its uses and protection. She has just recalled it as part of a new government project. In the name of the fight against social fraud, the executive plans to merge Vitale card and identity card.
The real ID card solution to fraud?
This is one of the scenarios considered, in addition to the implementation of a biometric vital card. Not all options are favored by the personal data protection authority, which also attaches conditions to them.
The NIR “is a piece of data unique to each French person and therefore particularly sensitive”, justifies the Cnil. It also renews its attachment to the principle of proportionality. It is understood that the use of the social security number is not necessarily the most suitable solution.
The authority insists “on the need to carry out rigorous work to assess social fraud, in order to be able to provide responses that are effective and proportionate.” A merger of cards should, for example, not impede essential acts.
And to quote in particular, “the faculty of entrusting to a third party his Vitale card.” This “should be maintained in order to take into account the particular situations of certain social security beneficiaries”, recommends the Cnil.
Card merging, the least intrusive solution
Regarding a CNI and Carte Vitale merger, the Commission considers that this is “the least intrusive and least risky solution.” At least on condition of providing certain guarantees for the integration of the social security number in the electronic identity card.
But the starting point is undoubtedly a well-founded justification for such a measure, which is likely to present risks. “It will be necessary to ensure that the use of the identity card instead of the Vitale card effectively reduces cases of social fraud”, recommends the Cnil.
This is not his only recommendation. If the State wants to embed the NIR on the identity card, it must register it in a partitioned compartment within the electronic chip. The use of a QR code or its inscription on the card itself is to be avoided.
Moreover, this “number would only be readable by tools and actors in the medical and medico-social sphere.” The Commission also wants special security measures to prevent the reading of the NIR by third parties outside the health sector.
Right of opposition, alternatives to the CNI, professional secrecy…
It also recommends “the application of professional secrecy to any person accessing the NIR on the identity card, in particular at the time of the creation of the title.” Since the Vitale card is not compulsory, an insured person must have the right to object to the writing of his NIR on the identity document.
Finally, “alternatives to the use of the identity card must be maintained.” With regard to the creation of a biometric vital card, the Cnil displays a constant position and therefore declares itself unfavorable to it.
Such a device comes up against deployment difficulties among healthcare professionals. It does not take into account the sensitivity of the data involved. In addition, it poses significant risks in the event of a cyberattack.
The College of the Cnil therefore considers “that the scenario involving biometrics presented the highest level of risk of invasion of privacy and individual freedoms.” Note that such a biometric card does not appear in the recent government announcements.