In what is being deemed as a major “breach of medical confidentiality”, coronavirus vaccination details of French president Emmanuel Macron were leaked earlier this week on social media.
Officials investigating the case had revealed that a QR code containing Macron's immunity data started circulating on social media Monday, allowing people to see basic information such as the president's date of birth, the type of vaccines he received, and when they were administered.
While Macron himself has made no secret of getting vaccinated, it does underscore risks linked to the immunity scheme.
Macron’s vaccine data
For the unversed, France had come in July announced the health pass scheme as a bid to increase vaccinations against the coronavirus infection.
As per the scheme, a person receives a digital certificate on being vaccinated which has to be shown for entry into movie theatres, other major events, and even bars and restaurants.
The pass is also mandatory for those travelling on long-distance trains or on airplanes. The health pass has also been made mandatory at museums such as the Louvre and iconic sites including the Eiffel Tower.
On Monday, social media was agog when the QR code containing Macron's immunity data started circulating on social media.
According to Le Parisien daily, which cited national health insurance officials, as many as 50 health care workers had been able to access the president's data on a national COVID-19 vaccine registry before it was leaked.
Those identified have been sent a letter of reprimand and the order of doctors has threatened sanctions against the leaker — but their identity remains unknown.
Leakers "may be subject to disciplinary sanctions by the departmental authorities," said the professional body, adding that the leak was a "serious breach of medical confidentiality."
On Wednesday, the national health insurance agency CNAM said the health professionals who had abused their access to Macron's details had been "identified" and they would now be referred to their oversight body for possible sanctions.
According to AFP, a presidential official, who did not wish to be named, said it was still unknown if the leak was "either through negligence or malevolence".
Macron has since been given a new QR code.
Not the first time
Macron’s vaccine data leak isn’t the first case in the country.
A similar mishap befell Prime Minister Jean Castex earlier this month, although his pass was snared using different means.
In Castex's case, a photo of the prime minister taken by a professional photographer led to the breach.
Castex’s leaked QR code has since been deactivated – but not before, it is believed, it was fraudulently used to gain access to venues that demand health passes but are legally not allowed to confirm pass holders’ identity.
This is the second time that Macron’s health details have been leaked. Earlier, on 26 August, Mediapart, a media house, had said that it had viewed the president’s official medical certificate. The certificate showed the date of vaccination on 13 July, while the president had announced that he had completed the vaccination schedule on 31 May.
Stung, the Elysee had reacted to Mediapart, specifying that all this was “the result of a data entry error made at the time of the late generation of the vaccination certificate”, but refusing to “communicate evidence that the president had been vaccinated on 31 May”.
Why is it a problem?
Under Europe's privacy law, the General Data Protection Regulation (GDPR), health data is considered the most sensitive category, subject to special protections.
The breach has laid open the issue with France’s system in which one could steal someone else’s vaccine data and use it for entry into places.
Moreover, currently, the process of replacing the QR code does not allow the holder to invalidate their old QR code. This means that technically, both the old one and the new one can still be used.
However, work is now underway to remedy this, with a new tool being rolled out to prevent fraudulent use of old QR codes (where people use others’ codes to get access to venues in which they would not otherwise be allowed).
In response to the leaks, MP Éric Bothorel sought to play down the risk of possible stolen QR codes.
He told FranceInfo: “There is no foolproof system as such. But the harm to someone who has their QR code used without their permission is relatively small.”
Yet, he said that “checks must be intensified in order to identify those who trade” the codes illegally.
Inputs from agencies