Abstract
Each person shares genetic code with others. Thus, one individual’s genome can reveal information about other individuals. When multiple individuals share aspects of genetic architecture, they form a ‘genetic group’. From a social and legal perspective, two types of genetic group exist: Those which map to social groups – ‘genetic classes’ – and those which are perceived through interrogation of shared genetic code – ‘genetic categories’. Both of these groups may be seen to have legitimate interests affected when data about them are processed. This contribution considers if these interests can be effectively protected by the Data Protection Regulation. The contribution finds that the Regulation explicitly excludes genetic groups only in a relation to a limited number of provisions. Yet, the contribution also finds that the use of the Regulation to protect genetic groups would raise significant technical and substantial problems. In light of these problems, the contribution suggests a way forward based around guidance and ex ante oversight.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
http://www.geneticseducation.nhs.uk/genetic-conditions-54/710-tay-sachs-disease-new. (Last consulted 27.05.2015).
- 2.
Further observations may be made from this genetic information. Tay-Sachs is particularly prevalent in the Ashkenazi Jewish population. If I know that John has the architecture related to Tay-Sachs, I might also assume that there is an above average chance that he is of Ashkenazi Jewish descent.
- 3.
http://www.downs-syndrome.org.uk/. (Last consulted 27.05.2015).
- 4.
For a full discussion of eugenics to the present day see: Bashford and Levine 2010.
- 5.
We argue that, due to the uniquely individual nature of each genome, it is very difficult to claim any genetic data is anonymous.
- 6.
A Regulation is a specific type of legal instrument which is directly applicable in all EU states. This instrument is to be opposed to a Directive. Directives require transposition into national law. In the case of the Data Protection Directive, the divergence in national transpositions caused significant legal fragmentation.
- 7.
See for example the methodology outlined by the SAPIENT Project: Wright et al. 2014.
- 8.
The Regulation recognises the necessity to take a broad approach to impacts, and to potentially affected parties, when conducting a DPIA. For example, Article 35(1) elaborates a DPIA is necessary when processing is ‘likely to result in a high risk to the rights and freedoms of natural persons’ – not just to data subjects.
- 9.
The Regulation states that processing operations which result in the identification of a ‘high risk’ by a DPIA and whose risk has not subsequently been mitigated are also subject to the relevant Data Protection Authority’s (DPA) prior authorisation and consultation – Article 36. The purpose of the impact assessment procedure is thus partially to provide relevant information for the supervisory authority related to the risks implied in an act of processing. If genetic groups were to be recognised as important in the assessment phase, this would mean they would also be important for a DPA when conducting a prior check and granting authorisation.
- 10.
These obligations are predominantly laid out in Article 5
- 11.
These obligations are predominantly laid out in Chapter IV
- 12.
For clarification of the concepts of ‘data subject’ and ‘personal data’, see: Article 29 Data Protection Working Party 2007. See also Article 4(1) of the Regulation
- 13.
The Regulation outlines the power to monitor and enforce data protection and to investigate on a Data Protection Authority’s own volition, or on the basis of a complaint. See Article 58.
- 14.
See Article 80 of the Regulation. In relation to ensuring that the provisions of the Regulation are followed and that the oversight and complaint function has an impact, Article 58 outlines broad sanctioning powers for the DPA. Article 83 then set out that breaches of the Regulation are associated with potentially heavy financially penalties which can be levied by Data Protection Authorities.
- 15.
See Article 80
- 16.
For a discussion of identifiability and how data must relate to a person, see: Article 29 Data Protection Working Party 2007.
- 17.
See: https://ico.org.uk/for-organisations/guide-to-data-protection/principle-4-accuracy/. (Last consulted 27.05.2015).
- 18.
See Article 68 of the Regulation.
Bibliography
Article 29 Data Protection Working Party. 2004. Working document on genetic data, WP 91
Article 29 Data Protection Working Party. 2007. Opinion 4/2007 on the concept of personal data, WP136, 2007.
Article 29 Data Protection Working Party. 2011. Advice paper on special categories of data (“sensitive data”), Ares (2011) 444105.
Aubret, F., R. Shine, and X. Bonnet. 2004. Adaptive developmental plasticity in snakes. Nature 431: 261–262.
Bashford, A., and P. Levine (eds.). 2010. The Oxford handbook of the history of eugencis. Oxford: Oxford University Press.
Beisson, J. 2008. Performed cell structure and cell heredity. Prion 2(1): 1–8.
Beyleveld, D. 2004. An overview of directive 95/46/EC in relation to medical research. In The data protection directive and medical research across Europe, ed. D. Beyleveld et al., 5–23. Aldershot: Ashgate.
Beyleveld, D., and R. Brownsword. 2007. Consent in the law. Oxford: Hart.
Bygrave, L. 2002. Data protection law: Approaching its rationale, logic and limits. The Hague: Kluwer Law International.
Council of Europe. 2005. Additional protocol to the convention on human rights and biomedicine, concerning genetic testing for health purposes, CETS No. 195. Available at http://conventions.coe.int/Treaty/EN/Treaties/Html/195.htm
De Hert, P. 2009. Citizens’ data and technology: An optimistic perspective. The Hague: Dutch Data Protection Authority.
De Hert, P., and A. Galetta. 2015. The proceduralisation of data protection remedies under EU data protection law: Towards a more effective and data subject-oriented remedial system. Review of European Administrative Law, Special Issue, 123–148.
European Commission. 2012. Proposal for a regulation of the European Parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), COM(2012) 11 final.
European Parliament and Council, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personaldata and on the free movement of such data, and repealing Directive 95/46/EC (General Data ProtectionRegulation), O.J., L 119/1
European Court of Human Rights. 2005. Leyla Şahin v. Turkey, no. 44774/98.
European Court of Human Rights. 2008. S. and Marper v United Kingdom, no. 30562/04 and 30566/04.
European Parliament and Council, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ, L281/31, 1995
Floridi, L. 2014. Open data, data protection, and group privacy. Philosophy and Technology 27: 1–3.
Greely, H. 2001. Informed consent and other ethical issues in human population genetics’. Annual Review Genetics 35: 785–800.
Hallinan, D., M. Friedewald, and P. de Hert. 2013. Genetic data and the data protection regulation: Anonymity, multiple subjects and a prohibitionary logic regarding genetic data? Computer Law & Security Review 29(4): 317–329.
Hartl, D.F., and M. Ruvolo. 2012. Genetics: Analysis of genes and genomes, 8th ed. Burlington: Jones and Bartlett Publishing.
Juengst, E. 1998. Groups as gatekeepers to genomic research: Conceptually confusing, morally hazardous, and practically useless. Kennedy Institute of Ethics Journal 8: 183–200.
Kosta, E. 2013. Consent in European data protection law. Leiden: Brill.
Laurie, G. 2002. Genetic privacy: A challenge to medico-legal norms. Cambridge: Cambridge University Press.
Lowe, A., et al. 2001. Inferring ethnic origin by means of an STR profile. Forensic Science International 119: 17–22.
Nomper, A. 2005. Open consent – A new form of informed consent for population genetic databases, Doctor Iuris, Budapest/Oxford/Tallinn: 2005. Available at http://dspace.utlib.ee/dspace/bitstream/handle/10062/818/nomper.pdf?sequence=5
Nuffield Council of Bioethics. 2007. The forensic use of bioinformation: Ethical issues. Available at http://nuffieldbioethics.org/wp-content/uploads/The-forensic-use-of-bioinformation-ethical-issues.pdf
OECD. 1980. OECD guidelines on the protection of privacy and transborder flows of personal data. Updated version available at: http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm
Raab, C. 2012. Privacy, social values and the public interest. In Politik und die Regulierung von Information [‘Politics and the Regulation of Information’], Politische Vierteljahresschrift Sonderheft 46, eds. A. Busch, and J. Hofmann, 129–151. Baden-Baden: Nomos Verlagsgesellschaft.
Rees, J. 2003. Genetics of hair and skin color. Annual Review Genetics 37: 67–90.
Rouvroy, A. 2008. Human genes and neoliberal governance: A foucauldian critique. Abingdon: Routledge-Cavendish.
Taylor, M. 2012. Genetic data and the law: A critical perspective on privacy protection. Cambridge: Cambridge University Press.
UNESCO. 1997. Declaration on the human genome and human rights. Available at: http://portal.unesco.org/en/ev.php-URL_ID=13177&URL_DO=DO_TOPIC&URL_SECTION=201.html
Van Assche, K., S. Gutwirth, and S. Sterckx. 2013. Protecting dignitary interests of biobank research participants: Lessons from Havasupai tribe v Arizona board of regents. Law, Innovation and Technology 5(1): 54–84.
Wright, D., et al. 2014. A guide to surveillance impact assessment, D 4.4. Available at http://www.sapientproject.eu/D4.4%20-%20SIA%20Manual%20%28submitted%2001%20August%202014%29.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Hallinan, D., de Hert, P. (2017). Genetic Classes and Genetic Categories: Protecting Genetic Groups Through Data Protection Law. In: Taylor, L., Floridi, L., van der Sloot, B. (eds) Group Privacy. Philosophical Studies Series, vol 126. Springer, Cham. https://doi.org/10.1007/978-3-319-46608-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-46608-8_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-46606-4
Online ISBN: 978-3-319-46608-8
eBook Packages: Religion and PhilosophyPhilosophy and Religion (R0)