Many genetic testing sites ‘fail to outline privacy implications’
Data Protection Commissioner addresses first Data Summit organised by Government
Speaking at the inaugural Data Summit in Dublin organised by the Department of the Taoiseach, Ms Dixon outlined the challenges to privacy from the so-called digital revolution, but also the opportunities she said new European Union legislation would bring.
The commissioner noted “fantastically positive examples” of what data-driven technology had given us, including better understanding of climate change, combating hospital infections and identifying genetic markers for cancer.
However, Ms Dixon said context was king in assessing the circumstances in which data was being processed. Data-protection authorities had a watchdog role, where they identified risks in terms of how data was collected and used, but they did not make policy choices.
She said her office had recently audited a number of insurance firms for new insurance products based on drivers agreeing to use telematic apps that monitor their driving behaviour.
On genetic testing, Ms Dixon said that in “appropriate clinical settings with regulated professionals, ethics committees and counsellors”, genetic testing and research could be a good thing where it led to identification of markers for breast cancer, for example.
“In these types of regulated clinical environments, ethical decisions can be made on what information patients should receive, whether the rest of the family should receive certain results where they could be equally affected by what is identified, whether DNA samples should be destroyed and whether the data can be safely stored in the cloud, etc.”
“But then think of genetic testing in the context of online commercial firms offering, for example, ‘child talent genetic testing’.
“Yes indeed, a test that purports to tell you whether it’s a good idea to buy your child a piano or not and claims to give you a firm idea of your child’s strengths and weaknesses.”
The commissioner said a lot of the websites offering these online services “fail to outline the privacy implications with this type of test”, such as precisely what data was collected, how the data would be used, whether it would be sold, how it would be secured and how and where it would be stored.
“Neither typically are these websites clear that in fact no DNA test is going to be accurate in terms of predicting if a child is going to be good at playing the piano or in relation to any of the personality traits of the child. Genetic data also presents the privacy complication of family members being identifiable as well.”
Ms Dixon said that many public-sector bodies seemed to “struggle enormously with the high-level, principles-based nature of data-protection law”.
“There is no book that tells us the answer to any data-protection implementation question – it hangs off the detail of the specific case. And the organisation proposing it is best placed to conduct that analysis and present it to us.”
On the new General Data Protection Regulation, Ms Dixon said she believed it was going to “slowly transform our relationship with digital service providers of all types”.
Its real strength lay in the new accountability and transparency requirements it implemented.