var _paq = window._paq = window._paq || []; /* tracker methods like "setCustomDimension" should be called before "trackPageView" */ _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u=""; _paq.push(['setTrackerUrl', u+'matomo.php']); _paq.push(['setSiteId', '1']); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.async=true;'//'; s.parentNode.insertBefore(g,s); })();

FRANCE | CNIL Publishes Results from its Digital Health Regulatory Sandbox

Please login to view this page.

FRANCE | CNIL Publishes Results from its Digital Health Regulatory Sandbox2023-09-10T11:42:36+00:00

Real World Evidence (RWE) 201 – France – CNIL Regulatory Sandbox: Digital Health

RWE 201 – France – CNIL Regulatory Sandbox: Digital Health

The French Data Protection Agency (CNIL) has been actively supporting digital health technology innovators through its regulatory “sandbox.” These projects range from federated learning across health data warehouses to building diagnostic tools in oncology, statistical indicators for medical research, and a therapeutic game for minors with eating disorders. The CNIL provides crucial guidance on overcoming regulatory challenges, including the nature of data, legal frameworks, and data security measures.

Benefits for RWD, RWE, and Digital Health Innovators:

  1. Navigating Regulatory Challenges: The CNIL’s sandbox provides a safe environment to test solutions and understand regulations. For RWD and RWE developers, this means an easier path to compliance with GDPR and other privacy laws.
  2. Interconnected Data Sources: For projects like Resilience in oncology, CNIL’s guidance enabled the interconnection of various data sources. This has implications for RWD, as it becomes easier to integrate data from disparate sources for more comprehensive Real-World Evidence.
  3. Data Security: With its focus on secure data processing, the sandbox offers a blueprint for ensuring the safety of health data, which is invaluable for digital health innovators dealing with sensitive patient information.
  4. AI and Machine Learning: Projects like the one carried out at Lille University Hospital utilized federated learning protocols, offering a roadmap for implementing machine learning algorithms in healthcare. This aids RWD and RWE applications where machine learning could provide new insights.
  5. Specialized Use-Cases: The Vertexica project focusing on minors with eating disorders shows how data protection can be maintained even in specialized healthcare solutions, thereby ensuring the ethical use of Real-World Data.
  6. Knowledge Sharing: The joint work and multiple exchanges with CNIL have generated lessons that could be useful for the broader health sector, facilitating faster and more secure innovation.
  7. ‘Privacy by Design’: The emphasis on integrating GDPR compliance from the design phase benefits all stakeholders by baking in data protection from the outset, which is a fundamental need in RWD and RWE applications.
  8. Stakeholder Collaboration: The sandbox projects involve multi-disciplinary teams, demonstrating a collaborative approach that could benefit digital health innovators, RWD and RWE developers in addressing complex regulatory and ethical issues.

In essence, the CNIL’s regulatory sandbox serves as an invaluable resource, not just as a testing ground but as a knowledge base for RWD, RWE, and digital health innovators. It provides practical insights into overcoming regulatory challenges and implementing secure, effective healthcare solutions.

Share this story...

Real World Evidence (RWE) 201 – France – CNIL Regulatory Sandbox: Digital Health2023-09-03T18:17:48+00:00

Real World Evidence (RWE) 201 – France – CNIL Reference Methodologies: Facilitating Access to Real World Data

RWE 201 – France – CNIL Reference Methodologies: Facilitating Access to Real World Data


The CNIL (Commission Nationale de l’Informatique et des Libertés) is the French data protection authority. CNIL has issued various “Reference Methodologies” (Méthodologies de Référence or MRs) which are guidelines/frameworks for compliance with data protection regulations in specific areas e.g., MR-001 (interventional research) and MR-003 (non-interventional research) which cover research involving direct interactions with people (RIPH), or MR-004 for research involving secondary use of existing personal healthcare data i.e., research not involving direct interaction with people (RNIPH).

By declaring conformity to the applicable reference methodology to the CNIL, research sponsors do not need to seek individual authorisation for each research project that involves non-anonymous data, making this an efficient and effective form of self-regulation.

Key features of MR-004 conformity include:

  1. Data Minimisation: Only collect the data that is strictly necessary for the research or healthcare activity.
  2. Purpose Limitation: Use the data only for the specified, explicit, and legitimate purposes for which it was collected.
  3. Consent: Access to and use (re-use) of existing patient health data is subject to informing the affected patients (patient information).
  4. Security: Guidelines for data storage, encryption, and access control, in line with GDPR requirements.
  5. Data Subject Rights: Details about how to facilitate data subjects’ rights like access, rectification, deletion, and data portability.
  6. Data Retention: Sets time limits on how long the data can be stored and provides guidance on secure deletion practices.
  7. Accountability and Governance: Stresses the importance of record-keeping, conducting impact assessments, and potentially appointing a Data Protection Officer (DPO).
  8. Data Sharing: Provides guidelines for sharing data with third parties, including cross-border data transfers.
  9. Legal Compliance: Ensures that the data processing activities are compliant with other relevant laws and ethical considerations.

By adhering to MR-004 or similar CNIL Reference Methodologies (as applicable), healthcare organizations and researchers can use real-world data while fulfilling their legal obligations and ethical responsibilities for data protection (GDPR). Note that these guidelines are subject to change, so it’s crucial to consult the most current version and seek legal advice for complex scenarios.

Share this story...

Real World Evidence (RWE) 201 – France – CNIL Reference Methodologies: Facilitating Access to Real World Data2023-09-03T18:11:56+00:00
Go to Top