Introduction: The DNA Dilemma

The rise of consumer genetic testing, coupled with weak data protection frameworks, poses serious threats to genetic privacy. The bankruptcy of 23andMe and its planned data auction highlights global risks, and India may soon face a similar crisis. The Digital Personal Data Protection (DPDP) Act, 2023, though a step forward, fails to acknowledge the uniquely sensitive nature of genetic information.

Current Legal Framework: A Generic Approach

• Notice-and-Consent Model: India’s DPDP Act uses a generic notice-and-consent mechanism, applying the same protection to DNA as to email addresses or online browsing history.

• No Special Category for Genetic Data: Unlike the European General Data Protection Regulation (GDPR), the DPDP Act doesn’t distinguish Sensitive Personal Data such as genetic information, health records, or religious beliefs.

• Lack of Purpose Limitation: The act lacks strong checks on the reuse of data beyond initial consent.

Ethical & Discriminatory Risks of Genetic Data

• Beyond Identifiability: Breaches can lead to stigma, loss of dignity, and discrimination in jobs and insurance.

• Risk of Social Prejudice: Knowledge of genetic predisposition could lead to social ostracism or denial of services.

• No Legal Shield Against Genetic Profiling: India lacks anti-discrimination laws specific to genetic characteristics.

The Relational Nature of DNA

• Not Solely Personal: DNA data inherently relates to biological relatives—siblings, parents, and even distant cousins.

• Legal Oversight: Indian law assumes data concerns one individual, but DNA identifies entire family lines.

• Global Jurisprudence: The European Court of Human Rights in S. and Marper v. UK recognised the shared impact of genetic data.

Informed Consent: A Mirage

• Complexity of Future Use: It is impractical to explain all potential applications to consumers at the time of consent.

• ‘Blanket Consent’ Issue: Consumers often agree to vaguely worded clauses, risking uninformed participation in sensitive research.

• Special Concern for Indigenous Communities: Tribal groups, comprising 8.6% of the population, are highly vulnerable due to unique genetic profiles and historical marginalisation.

Gaps in Oversight and Regulation

• No Recognition of Significant Data Fiduciaries (SDFs): Entities handling genetic data are not classified under stricter fiduciary obligations.

• Weak Penalties: The DPDP Act lacks severe consequences for breaches involving sensitive genomic data.

• Absence of Community Consent Guidelines: Research on tribal and indigenous populations often ignores community-based ethical safeguards.

The Way Forward

• Legislative Reform:

  • Classify genetic data as Sensitive Personal Data under the DPDP Act.

  • Mandate explicit, purpose-limited consent for genetic data collection and sharing.

• Institutional Measures:

  • Recognise entities dealing with genetic information as Significant Data Fiduciaries.

  • Establish an independent Genomic Data Ethics Council for regulatory oversight.

• Cultural Adaptation:

  • Move beyond Western legal borrowings and integrate India’s socio-cultural context.

  • Acknowledge genome as a cultural extension of identity, not merely biological information.

Conclusion

Genetic privacy is a deeply personal and collective issue. In a country where the body is considered sacred, and privacy is both a constitutional right and cultural expectation, genetic data demands nuanced, specific legal safeguards. India must urgently revise its data protection norms to respect and protect the dignity embedded in our DNA.

For classes, materials, test series and mentorship – contact us at +91 6366-294954