Online DNA testing kits: entertaining yet invasive
In the realm of recreational genetic testing, a growing trend that promises insights into one's ancestry and health, the French data protection authority, CNIL, plays a significant role. This role is centred around ensuring that the genetic data privacy rights of users are upheld in accordance with the General Data Protection Regulation (GDPR) and national health data protections.
Genetic Data Classified as Sensitive Personal Data
Genetic data from recreational tests is classified as health data, a type of sensitive personal data under GDPR and French law. This classification triggers stronger protection requirements for processing, storing, and sharing such data.
CNIL's Regulatory Role
CNIL enforces compliance with GDPR principles like informed consent, data minimization, purpose limitation, and data security for genetic testing companies operating in France. Providers hosting or processing genetic data must also comply with additional frameworks such as the HDS certification, which ensures high standards of security and confidentiality for health data hosting in France.
Potential Issues and Concerns
Despite the promises of these tests, there are concerns about the accuracy of results due to the lack of transparency in the methods used. The interpretation of genetic data depends on computers, increasing the potential for errors and misinterpretations.
Moreover, the transmission of data to third parties and the purposes of these transmissions are often vague in the general sales conditions and contractual documents. Estimates suggest between 100,000 and one million French people have already bought an online DNA kit, yet advertising and influencer campaigns for these tests were distributed to French people between 2018 and 2022, despite it being strictly forbidden to advertise this type of service.
CNIL's Actions
In March 2024, the CNIL called for vigilance regarding the use of recreational genetic tests on the internet. Users can file a complaint with the CNIL if their data has been sold without their consent. The CNIL can impose fines of up to 20 million euros or 4% of turnover for breaching the GDPR if it acts illegally.
Partnerships and Research
Partnerships between genetic testing companies and other organizations for research purposes have been observed. DNA composition comes from 50% of the mother and 50% of the father, leading to potential differences in genetic heritage among children tested. DNA is not changeable and is shared with close relatives, making it important to consider the implications of giving DNA to genetic testing companies, which is akin to entrusting family DNA (descendants, ascendants, and close family).
Genetic Data Privacy Implications
The genetic heritage of ancestors can also differ among children tested, and the potential abuses of genetic testing include health insurance companies increasing fees for policyholders with a high risk of dying before 50. Given these concerns, it is crucial for users to be aware of the potential risks and to take steps to protect their genetic data privacy.
[1]: CNIL Practical Recommendations and Regulatory Guidance on AI Models and Genetic Data Privacy: https://www.cnil.fr/en/practical-recommendations-and-regulatory-guidance-ai-models-and-genetic-data-privacy [3]: HDS Certification for Health Data Hosting in France: https://www.cnil.fr/en/hds-certification-health-data-hosting-france
Read also:
- Managing Stormwater Efficiently through the Use of Permaculture Planning
- Important Immunizations for Newborns in Nigeria
- Following a heart attack, a person may be prescribed various medications to manage risks, improve heart function, and prevent further cardiac events. These could include:
- Radiation treatment for cervical cancer via internal means
