Skip to main content
Log in

Risk stratification, genomic data and the law

Journal of Community Genetics Aims and scope Submit manuscript

Cite this article


Risk prediction models have a key role in stratified disease prevention, and the incorporation of genomic data into these models promises more effective personalisation. Although the clinical utility of incorporating genomic data into risk prediction tools is increasingly compelling, at least for some applications and disease types, the legal and regulatory implications have not been examined and have been overshadowed by discussions about clinical and scientific utility and feasibility. We held a workshop to explore relevant legal and regulatory perspectives from four EU Member States: France, Germany, the Netherlands and the UK. While we found no absolute prohibition on the use of such data in those tools, there are considerable challenges. Currently, these are modest and result from genomic data being classified as sensitive data under existing Data Protection regulation. However, these challenges will increase in the future following the implementation of EU Regulations on data protection which take effect in 2018, and reforms to the governance of the manufacture, development and use of in vitro diagnostic devices to be implemented in 2022. Collectively these will increase the regulatory burden placed on these products as risk stratification tools will be brought within the scope of these new Regulations. The failure to respond to the challenges posed by the use of genomic data in disease risk stratification tools could therefore prove costly to those developing and using such tools.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions


  1. EU Data Protection Directive Article 8 stipulates that the processing of special categories of data including health data shall be prohibited but sets out a list of exemptions in the rest of this Article.

  2. EU Data Protection Directive Article 8(2)(a).

  3. EU Data Protection Directive Article 8(3) provides that these purposes include preventative medicine, medical diagnosis, the provision of care or treatment or the management of health care services where those data are processed by a health professional subject to obligations of professional secrecy or another person owing an equivalent obligation of secrecy.

  4. Article 25(1)(2) requires that prior authorization be given by the National Commission of Informatics and Liberties.

  5. Article 21(4) stipulates that personal data on hereditary properties may only be processed in respect of the person from whom the data has come unless for a ‘serious medical interest’ or that processing is necessary for scientific research or statistics.

  6. As defined in Article 4(13) of the EU General Data Protection Regulation (2016)

  7. Article 9(4) stipulates that Member States ‘may maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or data concerning health’.

  8. Article 22 of the General Data Protection Regulation. This might be addressed on a sectoral basis through codes of conduct pursuant to Article 40 GDPR.

  9. ‘The information provided by the software is based on data obtained with IVD medical devices only or possibly combined with information from medical devices. European Commission (2016) pages 25 and 26.

  10. EU IVD Regulation (2017) Article 2 clarifies that this assistance must be limited to the medical functionality of the device for its intended purpose.

  11. EU IVD Regulation (2017) Recital 17

  12. These include mHealth products for which a legal framework is being developed at European level.


Download references


We gratefully acknowledge the participants in the international workshop for their valuable contributions: Ms. Teresa Bienkowska-Gibbs, Dr. Anne Cambon-Thomsen, Mr. Edward Dove, Dr. Christian Gleißner, Professor Aart Hendriks, Mr. Julian Hitchcock, Dr. Stephen John, Dr. Kiran Patel, Dr. Rupert Payne, Dr. Emmanuelle Rial-Sebbag, Dr. Mark Taylor, Dr. Holger Tönnies and Professor David Townend.


This work was part of the European Prospective Investigation into Cancer and Nutrition—Cardio Vascular Disease (EPIC-CVD) (, funded by the Seventh Framework Programme of the European Commission under grant agreement 27923.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Alison Hall.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Rights and permissions

Reprints and Permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Hall, A., Finnegan, T., Chowdhury, S. et al. Risk stratification, genomic data and the law. J Community Genet 9, 195–199 (2018).

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: