Find your ancestors using DNA – what does GDPR say?

Since May last year, there has been a lot of talk about the protection of personal data such as names, birth numbers, faces, etc. But what about such human DNA?

Vědkyně u mikroskopu s pipetou
5 minutes of reading

DNA is a means of obtaining so-called genetic data about an individual. These are very important from a GDPR perspective because they allow us to obtain information about an individual that is otherwise impossible to obtain, in particular about a person’s physiology and health.

Even before the GDPR was adopted, DNA was also identified as a particularly sensitive source of personal data by the European Court of Human Rights when it ruled in 2008 on UK legislation that allowed DNA samples to be retained from people who had been arrested but subsequently acquitted of a crime.

Therefore, genetic data is included in the GDPR in a special category of personal data, which is also referred to as sensitive personal data (health, sexual orientation, religion, etc., among others, are similarly included). These have a stricter processing regime – as a rule, their processing is completely prohibited; the GDPR only provides for a few exceptions, including where the individual gives explicit consent to the processing of such genetic data for specified purposes.

Services that trace your ancestors using DNA

As a large number of services are emerging that will use your DNA to find your ancestors, this also raises a lot of questions about data protection. If someone chooses to have their DNA analysed, they need to be aware that they are providing a stranger with virtually the most sensitive data that exists about them; there will always be some risks associated with this. For example, MyHeritage, which is a foreign DNA testing and kinship and ethnicity company. Here, for example, it is somewhat problematic that it is a foreign entity that sends samples to the US but at the same time does not have sufficient support in the country where it offers its services, for example. In the case of MyHeritage, its previous approach to data protection is also problematic; for example, last year it experienced a massive leak of personal data. In another similar service, for example, an agreement whereby a large pharmaceutical company gained access to some data provided by clients caused controversy. It is therefore also important to use any such service with an awareness of the risks that may arise.

What about sending DNA samples to countries outside the EU?

Solutions Tailored for You

Our team of experienced attorneys will help you solve any legal issue. Within 24 hours we’ll evaluate your situation and suggest a step-by-step solution, including all costs. The price for this proposal is only CZK 690, and this is refunded to you when you order service from us.

What about sending DNA samples to countries outside the EU?

Under the GDPR, any transfer of personal data to a third country (i.e., a non-EU country) where personal data is transferred for, among other things, further processing, including storage, must be conditional on there being an adequate level of protection of personal data in that country, or on there being sufficient guarantees that the transfer of personal data to that country will not compromise the protection of the individual’s personal data. In this respect, the GDPR also provides for an obligation to inform the individual about such transfer (in particular about the intention to provide personal data to the third country and the level of protection), but it is not always necessary to refer to the specific data protection legislation of the country in question.

With respect to the US, a decision has been issued by the European Commission setting out the conditions under which the level of protection for the processing of personal data by US companies is sufficient to allow such transfers of personal data to take place without the need to provide further detailed safeguards. However, this decision, also known as the ‘Privacy Shield’ decision, is not without controversy; its predecessor, the so-called ‘Safe Harbour’ decision, was overturned by the EU Court of Justice in light of, among other things, the Edward Snowden affair, and the current decision has also already been challenged (albeit unsuccessfully so far) before the EU Court of Justice. Under the Privacy Shield regime, US companies are included in a list of entities that have voluntarily committed to comply with the principles of data protection. If a company is not on this list, personal data can only be transferred if it meets the detailed safeguards required by the GDPR.

For example, when a company states that it will make users’ personal data available to third parties in the event of an acquisition of a company – where all of the company’s assets or shares will be acquired or sold – then personal data will be one of the assets transferred. Is this possible?

It is important to note here that personal data about individuals is not an “asset” of any company; it is not its property, nor does it own that data. The concept of GDPR makes it quite clear that an individual cannot “sell” his or her personal data to any company, he or she only gives consent for that company to process his or her data under certain conditions (from the purposes and methods of processing to, for example, the retention period) – in principle, he or she only “lends” it to the company and can withdraw his or her consent at any time and, for example, request the deletion of personal data already provided.

Therefore, this part of the terms of the contract is also rather insufficient – it is not sufficiently clear what personal data will be disclosed and to whom exactly and under what conditions (e.g. will it be only data such as name and surname or even DNA samples, or will it be disclosed only to those who buy the company, or even to “interested parties” as part of the negotiation process, etc.).

Are you solving a similar problem?

Dostupný advokát team of online lawyers will solve it for you.

Solutions Tailored for You

Our team of experienced attorneys will help you solve any legal issue. Within 24 hours we’ll evaluate your situation and suggest a step-by-step solution, including all costs. The price for this proposal is only CZK 690, and this is refunded to you when you order service from us.

Preset Prices
All services pre-priced for no surprises.
We Do Everything Online
Save time, money and the hassle of travel.
We Work Fast
90 % of issues get solved by the following day.
Experienced Team
We have specialists for every field of law.

Has this content helped you? Give it a rating

No rating yet. Be first to rate and help others.

Author of the article

JUDr. Ondřej Preuss, Ph.D.

Ondřej is the attorney who came up with the idea of providing legal services online. He's been earning his living through legal services for more than 10 years. He especially likes to help clients who may have given up hope in solving their legal issues at work, for example with real estate transfers or copyright licenses.

Education
  • Law, Ph.D, Pf UK in Prague
  • Law, L’université Nancy-II, Nancy
  • Law, Master’s degree (Mgr.), Pf UK in Prague
  • International Territorial Studies (Bc.), FSV UK in Prague

Reviews of the Dostupný advokát service

Recenze služby

Jan Vrátný, Veselí nad Lužnicí

before 4 years

I work as a self-employed craftsman and I know my field very well. Unexpected events happen, however, and I sometimes have to deal with problems where I need quality legal advice. I don’t like calling legal offices, getting sucked into discussions with terms I don’t understand. Dostupnyadvokat.cz is different. My first time, they replied immediately (zobrazit více) and together we created a contract custom tailored to my exact needs. I continue to be very happy with both their work and their price.

Recenze služby

Ms Magic, Google reviews

before 3 years

Fast and professional solutions for most normal legal needs at affordable, preset prices. Seriously, what could be better than that? While it sounds ‘too good to be true,’ I’m happy to report that the staff at DA are pros, and what’s more they are honestly dedicated to their awesome mission, which is to make quality (zobrazit více) Fast and professional solutions for most normal legal needs at affordable, preset prices. Seriously, what could be better than that? While it sounds ‘too good to be true,’ I’m happy to report that the staff at DA are pros, and what’s more they are honestly dedicated to their awesome mission, which is to make quality legal services affordable for the average person. I find their prices very fair when compared to what I’ve usually paid for similar services, which means I (and my family and friends) can get the legal help I need without worrying about some black hole of never-ending fees. In my own experience with DA I’ve found everyone there very responsive, and emails and calls are answered in a timely manner. Their large staff also gives me confidence that any legal needs I have can be handled professionally, as there’s always someone with experience in my particular issue. Their head attorney also writes a regular blog and keeps up with all the latest legal trends, which means they as a business stay up-to-date. As someone who’s spent a fortune over the years on legal assistance, or tried to “go it alone” when I couldn’t afford legal help, I wish Dostupny Advokat had been around a long time ago. I highly encourage anyone who needs legal help to TRY THEM FIRST!

Recenze služby

Filip Rufer, Prague

before 4 years

Dostupný advokát updated the terms of a contract for our web portal studentino.cz, to insure that they were in strict accordance with the GDPR (General Data Protection Regulation). The entire process was done online and for reasonable price.

View All Testimonials

You could also be interested in

About us in public media
Logo Česká advokátní komora Logo Advokátní kancelář roku 2023 a 2024
Follow the news
Facebook Dostupný advokát Twitter / X Dostupný advokát