Processing of genetic data under GDPR: Unresolved conflict of interests

Abstract

Over the last decades, developments in the fields of genetics and bioinformatics caused a marked increase in the processing of human genetic data by various companies and institutions. This results in the adoption of several international documents and the emergence of legal norms on the protection of genetic data. The paper examines how and to what extent the interests and rights of the data subject with regard to the processing of genetic data are protected in the European Union. It is concluded that under the GDPR this task is implemented through classifying genetic data as sensitive, reliance on anonymisation and pseudonymisation, as well as introduction of the procedure of data protection impact assessment. Nevertheless, given the unique characteristics of genetic data distinguishing them from other categories of personal data, these measures cannot be regarded as sufficient and effective. The paper argues that current EU data protection legislation creates favourable conditions for genetic research, thereby ensuring particular public interests, but does not establish a special regime for genetic data processing appropriate to potential threats in this field and risks to the rights of data subjects.