On June 2, 2026, Le Canard enchaîné reported that Doctolib was sharing user information with major U.S. AI companies—Microsoft, Google, and Anthropic—and that this data was being used to train models. The company strongly denies this: the notes processed by its assistant do not feed into the training; the processing remains isolated. At the heart of the matter is a tool launched in 2024, priced at 79 euros per month, which listens to the consultation, transcribes it, and produces a summary in less than fifteen seconds. Half a million healthcare providers use the platform.

We’ll set the court case aside for now. Who is right about model training will be decided based on the evidence, not on outrage. The issue that concerns us lies elsewhere, and it endures regardless of Doctolib’s response, whatever it may be.

Behind the Doctor, a Line of People

We tend to imagine doctor-patient confidentiality as a face-to-face encounter: the patient, the doctor, a closed door. The reality is more like a set of Russian nesting dolls. Behind the doctor is the software publisher. Behind the publisher is the cloud host. Behind the host is the AI model provider. And behind each of them are their own subcontractors. Each layer is a box that you open only to find another one inside.

A consultation assistant that transcribes and summarizes doesn’t run this on the practice’s computer. It relies on models provided by U.S. companies. The conversation exchanged behind closed doors thus passes through a technical chain whose links and jurisdictions the physician—who is, after all, responsible for maintaining confidentiality—knows nothing about. For once, the public debate has asked the right question: Who technically controls health data when AI enters the doctor’s office?

The label covers the shelf, not the outlet

The solution we keep hearing about is certification: Health Data Host, GDPR compliance, processing in Europe. All of this exists, all of it matters, and none of it is enough. The HDS certification regulates hosting. It does not specify under which jurisdiction the model inference takes place, nor who might be compelled, in the future, to produce the data they have processed.

That’s where the vulnerability lies. The U.S. CLOUD Act authorizes U.S. authorities to require a U.S. company to hand over the data it holds, regardless of where it is stored. Encryption, data compartmentalization, and a compliant contract reduce the risk, but they do not eliminate it if the technology and the entity operating it are subject to foreign law. The document says yes. The data remains accessible to someone else.

Neither Ban It Nor Turn a Blind Eye

Let’s be clear: the consultation assistant provides a genuine service. Doctors know the value of the time saved on paperwork. The issue is not to ban AI from the practice, nor to decree that a French tool is sufficient to protect anything. The issue is to look at the entire chain and make an informed decision: what data, for what purpose, processed by whom, governed by which law, and enforceable by whom as a last resort.

The sovereignty of health data isn’t determined by the nationality of the app you open. It lies within the Russian nesting doll, right down to the very last box. Until you’ve opened every single one, you haven’t truly protected a secret. You’re simply placing your trust in it—which is not the same thing.

Sources