Genetic data are not always personal - disaggregating the identifiability and sensitivity of genetic data

Abstract

In both the EU and USA, genetic data are recognized as a special category of data that requires heightened privacy protection. Identifiability and sensitivity are central pillars of the regulatory framework in both jurisdictions: the privacy concerns stem from the assumption that genetic data are capable of identifying the individual and reveals sensitive information about them. But not all genetic data are identifiable and sensitive, nor are genetic data necessarily different from other types of big data in terms of these issues. This article argues that a more nuanced approach is needed to assess the threat to privacy interests posed by uses of genetic data. The privacy interests involved should be distinguished in terms of proposed use, the amount of data in question, and its uniqueness and informational content. When these factors are disaggregated, it is clear that both regulatory schemes could better achieve their goals by focusing more on the ways genetic data can be used rather than on their status as a special category of data.