Privacy & Information Security Law Blog

On November 7, 2024, the UK Information Commissioner’s Office (“ICO”) published a report exploring data privacy concerns in genomic technology and inviting organizations to engage with it through its Regulatory Sandbox (the “Report”). The Report highlights the need for a “privacy-by-design” approach when developing new genomic technology innovations. The Regulatory Sandbox is a free resource provided by the ICO to assist developers in building privacy-compliant genomics innovations.

The Report covers issues that arise by the use of genomic technology across many sectors, including health care, direct-to-consumer services, insurance, education and law enforcement. It explores various dimensions that arise from the use of genomic data in each of these contexts, including:

• when genomic data might be considered personal information;
• the use and sharing of third-party information, given genomic information is necessarily shared by many different individuals (e.g., family members);
• the challenges of anonymizing genomic data in a way that does not compromise its utility;
• risks of bias and discrimination resulting from the use of unrepresentative datasets or inferences resulting in unfair decision-making;
• data minimization and purpose limitation; and
• the implementation of AI.

The Report emphasizes the intent of the ICO to continue engaging with stakeholders from industry, regulation, academia, civil society and the public, both through the Regulatory Sandbox and by inviting comments on its Tech Horizons reports. The ICO is currently accepting expressions of interest to enter the Regulatory Sandbox. Applications are due by November 30, 2024.

The Report is part of the ICO’s Tech Futures series, which previously published reports on other emerging technologies such as quantum technologies and neurotechnology.