Data protection and genomic data

12 April 2019

The PHG Foundation has been awarded a grant from the Information Commissioner’s Office to examine how the latest data protection laws apply to the use of genetic/genomic data.

The challenges of technological advances and the need to update the protection of individuals’ rights have driven the reform of data protection law across Europe. In May 2018 the EU General Data Protection Regulation (GDPR) came into force across the continent and further national rules have been implemented through the UK’s Data Protection Act 2018. This legal framework governs most uses of personal data, including in healthcare and research, and it explicitly recognises the category of genetic data for the first time (it will continue to apply in the UK regardless of Brexit).

In the health context, this has given rise to significant uncertainty about the implications of the GDPR for some important uses of genomic data, including what is required when processing and sharing data for clinical diagnosis, scientific research and when using advanced technology and cloud-based services.

Because this uncertainty has the potential to limit the development of genomics in the UK, there is an urgent need for evaluation of how the data protection framework applies to the use of genomic data in health and social care, and whether the regulatory burden for regulators, data controllers and processors can be minimised by adopting new policies, processes or technologies.   

The PHG Foundation multidisciplinary team will investigate the legal, policy and technical dimensions of the issues, bringing together experts from healthcare, science and law with patient representatives and policy-makers to assess the best ways forward within the new data protection framework.

Timeline

 

  • April 2019 - Project launched
  • Summer 2019 - Policy briefing 1 published
  • Autumn 2019 - Policy briefing 2 published
  • January 2020 - Stakeholder Workshop
  • March 2020 - Report submitted to the ICO

 Our work will address three questions:

  • To what extent do genetic/genomic data used for healthcare and medical research in England and Wales count as ‘personal data under the GDPR?
  • To the extent that genomic data ‘count’ as personal data, what impact might this have on the delivery of health and social care in the short to medium term (i.e. within the next five years)?  
  • How can potential deleterious impacts be mitigated or reduced?

We will submit our findings to the ICO in March 2020

Genomics and policy news