Re‐identifiability of genomic data and the GDPR: Assessing the re‐identifiability of genomic data in light of the EU General Data Protection Regulation
Reads0
Chats0
TLDR
Questions remain about when and if genomic data can be truly irreversibly de‐identified, and a decentralized, context‐specific and risk‐based approach to data protection with emphasis on the accountability of data controllers is recommended.Abstract:
EMBO Reports (2019) e48316
Human genomic data have become an important and rich resource for biomedical and clinical research. At the same time, concerns about the identifiability of genomic data have been central to discussions regarding adequate protection of personal data and privacy. Addressing such concerns is paramount for research and clinical data repositories, as well as for ensuring interoperability of standards across jurisdictions. However, in spite of increased scholarly and policy scrutiny during the past decade, questions remain about when and if genomic data can be truly irreversibly de‐identified.
> … the new law in the EU mandates that data that has been merely pseudonymized is regarded as personal data that falls under its scope, while anonymous data would not be subject to the regulation.
These discussions have acquired renewed salience in Europe after the EU Regulation 2016/679, also known as the General Data Protection Regulation or GDPR (https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN), came into effect. At its core, the GDPR mandates a decentralized, context‐specific and risk‐based approach to data protection with emphasis on the accountability of data controllers (Arts. 5(2) and 24) [1]. Additionally, under a so‐called “research exemption”, the GDPR allows for some flexibility for the processing of personal data for scientific research (Art. 9(2)(j)), and it relaxes the stringent requirements for specific consent (Recital 33) and data storage (Art. 5 (1)(e)). Moreover, it allows EU Member States to introduce further provisions for the processing of genetic, biometric, and health‐related data (Art. 9(4)).
The GDPR lists genetic data as “special categories of personal data” or sensitive data (Art. 9), which makes their processing for research purposes (Art. 9(2)(j)) subject to the adoption of adequate organizational and technical safeguards, such as pseudonymization (Art. 89(1)) [1], [2]. Pseudonymization is …read more
Citations
More filters
Journal ArticleDOI
Fit for purpose? The GDPR and the governance of European digital health
TL;DR: The introduction of the General Data Protection Regulation (GDPR) in 2018 served as the cornerstone of the new data governance regime of the European Union as mentioned in this paper, which is informed by principles and values such a...
Journal ArticleDOI
Sociotechnical safeguards for genomic data privacy
Zhiyu Wan,James W. Hazel,Ellen Wright Clayton,Yevgeniy Vorobeychik,Murat Kantarcioglu,Bradley A. Malin +5 more
TL;DR: A review of existing and emerging threats to genomic data privacy and how current legal frameworks and technical safeguards mitigate these concerns can be found in this article , concluding with a discussion of remaining and emerging challenges and illustrates possible solutions that can balance protecting privacy and realizing the benefits that result from the sharing of genetic information.
Journal ArticleDOI
Toward better governance of human genomic data
Kieran C. O’Doherty,Mahsa Shabani,Edward S. Dove,Heidi Beate Bentzen,Pascal Borry,Michael M. Burgess,Don Chalmers,Jantina de Vries,Lisa Eckstein,Stephanie M. Fullerton,Eric T. Juengst,Kazuto Kato,Jane Kaye,Bartha Maria Knoppers,Barbara A. Koenig,Spero M. Manson,Kimberlyn McGrail,Amy L. McGuire,Eric M. Meslin,Dianne Nicol,Barbara Prainsack,Barbara Prainsack,Sharon F. Terry,Adrian Thorogood,Wylie Burke +24 more
TL;DR: In this paper, the authors argue that, in line with the dramatic increase in the collection, storage and curation of human genomic data for biomedical research, genomic data repositories and consortia have adopted governance frameworks to both enable wide access and protect against possible harms.
Journal ArticleDOI
STAT: a fast, scalable, MinHash-based k-mer tool to assess Sequence Read Archive next-generation sequence submissions.
Kenneth S. Katz,Oleg Shutov,Richard T. Lapoint,Michael Kimelman,J. Rodney Brister,Christopher O'Sullivan +5 more
TL;DR: The Sequence Taxonomic Analysis Tool (STAT) as discussed by the authors is a scalable k-mer-based tool for fast assessment of taxonomic diversity intrinsic to submissions, independent of metadata, which offers reliable criteria for efficient selection of data for further analysis by the scientific community, at once validating submissions while also augmenting sample metadata with reliable, searchable taxonomic terms.
Journal ArticleDOI
Sociotechnical safeguards for genomic data privacy
Zhiyu Wan,James W. Hazel,Ellen Wright Clayton,Yevgeniy Vorobeychik,Murat Kantarcioglu,Bradley A. Malin +5 more
TL;DR: A review of existing and emerging threats to genomic data privacy and how current legal frameworks and technical safeguards mitigate these concerns can be found in this article , concluding with a discussion of remaining and emerging challenges and illustrates possible solutions that can balance protecting privacy and realizing the benefits that result from the sharing of genetic information.
References
More filters
ARTICLE 29 Data Protection Working Party
TL;DR: In 2010, the European Data Protection Authorities (the Article 29 Working Party [WP29]) discussed the data protection and privacy implications of the Anti-Counterfeiting Trade Agreement (ACTA).
Journal ArticleDOI
Privacy in the age of medical big data.
TL;DR: The increased amount of health care data collected brings with it ethical and legal challenges for protecting the patient while optimizing health care and research, and possible ways forward for the regulatory system are sketched.
Journal ArticleDOI
Routes for breaching and protecting genetic privacy.
Yaniv Erlich,Arvind Narayanan +1 more
TL;DR: An overview of genetic privacy breaching strategies is presented, outlining the principles of each technique, the underlying assumptions, and their technological complexity and maturation, as well as highlighting different cases that are relevant to genetic applications.
Journal ArticleDOI
An evaluation of the current state of genomic data privacy protection technology and a roadmap for the future.
TL;DR: The extent to which current protection systems are capable of withstanding a range of re-identification methods, including genotype-phenotype inferences, location-visit patterns, family structures, and dictionary attacks is evaluated.
Journal ArticleDOI
The Complexities of Genomic Identifiability
TL;DR: The need to re-examine the current paradigms for managing the potential identifiability of genomic and other "omic"-type data produced by high-throughput methods is revealed.
Related Papers (5)
Rules for processing genetic data for research purposes in view of the new EU General Data Protection Regulation
Mahsa Shabani,Pascal Borry +1 more
Viewing the GDPR through a De-Identification Lens: A Tool for Compliance, Clarification, and Consistency
Mike Hintze,Mike Hintze +1 more