Is the protection of personal data compatible with world Olympism? The question has been agitating the French authorities for months, and for good reason: among the small fifteen “top sponsors” of the International Olympic Committee (IOC) is Alibaba, a Chinese giant of online commerce and services. A partner of the Games since 2017 and until 2028, the Asian Amazon aims to provide national organizing committees with both«infrastructure» and “cloud services” – in other words, benefits of cloud -, only “ticketing and e-commerce platforms”. Thus, it was he who, in particular, provided the ticketing system for the last Winter Olympics, in Beijing at the start of the year.
Problem: as underlined by the pre-report of the Court of Auditors on “the security of the 2024 Olympic and Paralympic Games”, revealed by the chained Duck and viewed by ReleaseAli Baba “does not meet French and European standards in terms of data protection”. And the Hangzhou group, particularly watched by the Chinese authorities, poses as a bonus particular risks in terms of computer security, insist the magistrates, whether it is a question of possibilities of“exfiltration of databases […] for strategic purposes or economic espionage” or of “prepositioning” in networks “for further action”. The difficulty is all the more glaring as the accreditation management system planned by the Organizing Committee for the 2024 Summer Olympics and Paralympics (Cojop), in particular, will have to process a lot of personal data, including that of policemen.
“Working Assumptions”
Contacted, the Cojop indicates that the Chinese giant “hosts the Organizing Committee’s applications, including its website” but that the ticket office will be “operated by a European specialist”. As for the data of the accredited, “the works are in progress and are the subject of specific discussions with the authorities”. According to the pre-report of the Court of Auditors, the National Agency for the Security of Information Systems (Anssi) and the National Commission for Computing and Liberties (Cnil) have indeed worked, with the delegation interministerial body and the National Coordination for Games Security, on two “working hypotheses”. The first would consist of using Alibaba’s technologies by entrusting the implementation of personal data processing to a “trusted third party”, in a secure environment; the second, to rely entirely on another actor. For the time being, writes the institution on rue Cambon, it is the first option that holds the rope, with accommodation in a data center European and the impossibility for Alibaba to access the data, neither physically nor technically.
“It is important that this choice is now arbitrated as soon as possible”, concludes the Court of Auditors. Especially since the case is not without an extension of the bill: the additional cost could be 19 million euros, while the subsidy paid by the Hangzhou group to the Cojop would drop by 17.5 million euros.