ABSTRACT
The paper focuses on the protection of the data subject in the current and multi-level legal framework governing the processing of genetic data.
Firstly, it will seek to determine if informed consent to the processing of genetic data can truly protect the data subject: indeed, in general, denying consent almost always means not being able to access the service, which is often so crucial in modern society.
Then, it will analyse if it is possible to process genetic data even without any form of consent according to EU General Data Protection Regulation 679/2016. It will show that accountability principle plays a key role not only in the General Data Protection Regulation, but also at international (see Declaration on Human Genetic Data on 16th October 2003) and national level (see the Italian Data Protection Authority Order no 146 on sensitive data on 5th June 2019). The controller has to take all measures in order to guarantee the non-identification of data subjects to which the genetic information refers, and to avoid any disclosure of data to thirds that could use them unlawfully.
Finally, the paper will point out that nowadays data processing – due to size it reaches in the age of globalisation and due to the use of technologies, including algorithms – can no longer be regarded as a private relationship between the controller and the data subject. In this context administrative fines imposed by the Data Protection Authority (in short, public enforcement) have to be added to the civil liability of the controller (in short, private enforcement). Furthermore, it would be recommended to add a preventive remedy like injunctions brought not only by individuals but also by associations, since the approach of data processing is preventive.
Sirgiovanni, Benedetta, Informed Consent to Processing of Genetic Data (March 30, 2022).
First posted 2022-04-02 07:10:02
Leave a Reply