Your genetic data is my genetic data: Unveiling another enforcement issue of the GDPR

The General Data Protection Regulation aims to protect data subjects by granting them control over their data. The shared nature of genetic data causes significant challenges in this framework by posing the question of whether the donor's biological family members can also be considered data subjects or not. In this respect, we have examined both scenarios and concluded that biological family members could indeed be considered in the scope of the data protection framework. However, we highlighted certain shortcomings attached to this interpretation, especially when biological family members exercise their data subject rights. Hence, we explored potential conflicts that might arise when biological family members exercise their right to information, right to access, right to erasure and right to restriction of processing. As a practical solution to this pressing problem, we called on the European Data Protection Board to revisit the 2004 Working Document on Genetic Data in order to develop principles to be applied when solving such conflicts and thus provide certainty and clarity to genetic data processing.