Genetic data is personal data relating to inherited or acquired genetic characteristics of a natural person acquired through DNA or RNA analysis. Genetic samples are some of the most sensitive forms of personal data, and contain vast amounts of unique, both health and non-health-related information.

Standalone DNA and genetic data can reveal information about genetic disorders or a person’s predisposition to specific illnesses, enabling those with access to make inferences about a person’s ethnic origins and other sensitive data. Where databases link a person’s DNA and genetic information to a name or address, they can be used to track that individual.   

In addition to providing significant personal data in relation to the specific individual that the data is associated with, DNA and genetic data make it possible for genetic relationships between individuals to be identified. The implications of the use of one individual’s genetic data therefore extend beyond that individual, allowing for family members to be matched and identified.

What is the problem

Genetic data is undoubtedly a crucial information source in the healthcare and scientific research fields. However, governments are increasingly looking to create and search vast databases of genetic profiles for a range of purposes which interfere with privacy.

For example, genetic data obtained in a criminal investigation is often retained even after a person is proved innocent. Law enforcement bodies subsequently demand and obtain access to these genetic profiles in the hope of solving future crimes, causing an unwarranted interference with the privacy of innocent individuals.

Furthermore, obscure data-sharing agreements make it possible for an individual’s genetic data to be shared with other government departments and companies without their consent. In turn, individuals or companies gaining access to genetic data may target or otherwise discriminate against individuals on the basis of their genetic traits, without the affected individuals' knowledge.

What is the solution

Governments must only process genetic data with the individual's consent, disclosing any relevant data-sharing agreements and retention periods. Government must restrict the mandatory collection of genetic data to a range of limited purposes, in order to minimise negative impacts on privacy.

Governments must similarly ensure that the retention of DNA and genetic data is properly justified, namely that it is necessary and proportionate to the aim it seeks to achieve. In order to do so, a system of independent review of the grounds for retention of genetic data should be set up.  

Given the value attached to genetic data, databases containing genetic information are likely to be targeted by malicious actors. Appropriate technological safeguards must be implemented to ensure that genetic databases are safe from external intrusion.