As many readers will be aware, the European Data Protection Directive introduced an EU-wide data protection regime imposing various obligations on those who collect and process data relating to individuals, and conferring broad rights on individuals about whom data is collected. A working party established under that Directive has recently produced a working document highlighting areas of concern regarding the processing of genetic data.
What are genetic data?
The working party describes the characteristics of genetic data as follows:
- they are unique but may also reveal information about and have implications for an individual’s biological family or they may characterise a group of persons;
- they are often unknown to the bearer herself and do not depend on the bearer’s will;
- they can be easily obtained or extracted from raw material; and
- they may reveal more information in the future and be used by an ever-increasing number of agencies for various purposes.
The Working Party’s Findings
Although important technological progress is being made in the collection and processing of genetic data, the working party was of the opinion that this brings with it an increased fear that the data might be misused. The key conclusions of the working party are as follows:
- The nature of genetic data gives rise to a great risk of misuse and/or reuse for various purposes and so must only be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes.
- In view of the information that the data may reveal about an individual’s health and/or genetic origin, rules are needed at the level of the EU member states to control their use for any purposes other than safeguarding the health of the individual in question and pursuing scientific research;
- To prevent discrimination in the workplace or when taking out an insurance policy, the use of genetic data in these areas should be prohibited in principle and only permitted in "really exceptional circumstances".
- Only qualified professionals should be permitted to process genetic data, and then only in accordance with clear rules.
- There should be strict regulations to prevent "identity theft", namely the subsequent extraction and use of genetic material without the individual’s knowledge; and
- European data protection agencies should take steps to ensure that the principles of the Data Protection Directive are complied with.
Conclusions
Although the opinions and recommendations of the working party are non-binding, they are illustrative of the many complex issues associated with the growing use of genetic data and will be influential to the European Commission’s thinking in this area. It is likely that we will see much more consideration given to the issues relating to genetic data in the near future.
Copyright © 2007, Mayer, Brown, Rowe & Maw LLP. and/or Mayer Brown International LLP. This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.
Mayer Brown is a combination of two limited liability partnerships: one named Mayer Brown LLP, established in Illinois, USA; and one named Mayer Brown International LLP, incorporated in England.
