Data PrivacyE-DNA: A Threat to Genetic Privacy

May 24, 20230


Environmental DNA (hereinafter referred to as “eDNA”) is mitochondrial DNA that is released by an organism into the environment. The eDNA originates from the cells shed by the organisms through their skin, hair, excrement, etc., into the environment.

eDNA is the genetic material that is obtained from samples of soil, water, or air from frequently visited human locations like beaches, markets, and hospitals etc. Once the environmental samples such as soil, water, or air have been collected, eDNA is produced by isolating the DNA from those samples.

The samples are then utilised to determine the genetic history of individuals and identify potential inherited diseases by examining the presence of specific organisms, including bacteria, fungi.

Ecology, conservation biology, and environmental monitoring have all demonstrated the value of e-DNA as a tool. It makes it possible to find invasive species, diseases, and endangered species inside an environment.

Also referred to as ‘human genetic bycatch’, eDNA has been attracting concerns from the privacy experts. Processing of eDNA, even for research and study purposes, brings about challenges pertaining to genetic privacy, consent, sharing of eDNA data among researchers, and wide-ranging ethical implications.


Many countries have adopted the practise of collecting eDNA; however, it has not been practised widely in India so far. As discussed above, the main concerns that have been addressed in the countries where it is practiced, like the USA and Canada, revolve around consent, privacy, and surveillance.

Genetic tests produce huge data that is stored in the ‘Genetic Databases or ‘Biobanks’. Genetic data of millions of people around the world are collected by various research companies and the respective Governments and are stored in these databanks which are further used for advancements in biomedical science.

As a result, growing concerns about the privacy of people’s DNA and other genetic information have been raised due the lack of thorough laws in this important field of study. The possibility of serious mistreatment or abuse raises serious concerns.

With eDNA analysis enabling the identification of organisms in a specific environment, there exists the potential for indirect disclosure of genetic information about individuals residing in that area. Through the examination of eDNA samples, it becomes conceivable to extract genetic details pertaining to humans, including their ethnicity, and even certain genetic predispositions or health conditions.

In the case of India, a nation characterized by its diversity and numerous ethnic and cultural groups, the collection and analysis of eDNA samples raises the possibility of identifying and profiling specific communities. This gives rise to concerns regarding genetic discrimination, stigmatisation, and the violation of privacy rights.

The utilisation of genetic information derived from eDNA carries inherent risks of misuse or exploitation, such as targeted marketing, insurance discrimination, or even Government surveillance.

To mitigate these concerns, the establishment of robust regulations and safeguards pertaining to the collection, storage, and utilisation of eDNA data becomes crucial. Laws must be enacted to safeguard individuals’ genetic privacy, ensuring that eDNA samples are collected and analyzed only with informed consent.

Furthermore, stringent measures should be implemented to secure the storage of data and ensure anonymization, preventing any re-identification. The presence of rigorous oversight and transparency mechanisms is essential to monitor the appropriate usage of eDNA data and prevent any potential misuse.

However, the creation of genomic databases has a wide range of advantages. These include intensifying efforts to fight crime, facilitating population health analysis, and catapulting scientific research to previously unheard-of levels.

Thus, the main question that needs to be addressed is, ‘whether the benefits of using this advanced technology override an individual’s right to privacy?’


Indian courts have deemed DNA evidence admissible, primarily by permitting the collection of DNAs in various provisions of different statutes. The Courts have emphasized the need for the use of DNA to maintain a delicate equilibrium between the public interest and the constitutional mandates outlined in Article 20(3) and Article 21 of the Constitution of India.

However, concerns have arisen regarding the Right to Privacy, prompting the Government to dedicate its efforts towards enacting legislation to regulate the utilization and application of DNA technology within the country, and subsequently introduced the DNA Technology (Use and Application) Regulation Bill, 2018 (hereinafter referred to as “the Bill”), which is presently awaiting approval.

The Bill underwent referral to the Parliamentary Standing Committee and was reintroduced in July 2019. At present, it is awaiting consideration in the Lok Sabha.

The primary objective of this proposed legislation is to establish comprehensive regulations for the utilization and application of DNA technology. Its purpose extends to the identification of specific categories of individuals, including victims, offenders, suspects, undertrials, missing persons, and unknown deceased individuals.

An essential provision of the Bill entails the establishment of an independent DNA Regulatory Board (hereinafter referred to as “Regulatory Board”). The primary duty of the Regulatory Board shall be to supervise the DNA Data Banks and DNA Laboratories.

Furthermore, the Regulatory Board shall advise the Government pertaining to the issues of the establishment of DNA Laboratories and Data Banks, the formulation of protocols for the communication of DNA profile information in both civil and criminal proceedings, ensuring that all the information collected by the banks and laboratories is kept confidential, safeguarding individuals’ Rights to Privacy and civil liberties in the collection and use of DNA samples according to international guidelines, and providing recommendations.

However, the proposed Bill brings up certain challenges as few privacy experts and race & ethnicity researchers have submitted dissent notes to the Parliamentary Standing Committee’s report on the Bill. They argue that the Bill fails to address their apprehensions regarding privacy infringements and raises concerns about the targeting of the minor communities through the collection and indefinite storage of DNA samples under the proposed legislation.

The prevailing concern is that, in the absence of statutory provisions and safeguards, the Right to Privacy of individuals may suffer significant harm, particularly in relation to the abuse and misuse of stored DNA information, which comes under the ambit of sensitive personal data and thus, ought to be subject to higher level of protection.


1. United States of America

The Genetic Information Non-discrimination Act (“GINA”) and the Health Insurance Portability and Accountability Act (“HIPAA”), which protect against genetic discrimination and set standards for the use and disclosure of genetic information, are two examples of the extensive privacy laws in the USA which specifically covers the ambit of genetic and health information.

Informed consent is a required ethical procedure in the USA for the gathering, evaluation, and storage of genetic data. Before giving their consent, individuals must be thoroughly informed about the objectives, dangers, and potential applications of their genetic data.

Personal identifiers are frequently stripped or encrypted from genetic data to protect genetic privacy, ensuring that people cannot be easily recognized based only on their genetic information.

Institutional Review Boards (hereinafter referred to as “IRBs”), are vital in controlling genetic data research. To make sure that legislation is followed, and that participants’ rights are protected. The IRBs evaluate the ethical ramifications, privacy issues, and data handling practises.

India can also embrace these procedures by passing thorough legislation that tackles issues with genetic privacy related to eDNA analysis. The concerned legislation should put a significant emphasis on getting informed consent, anonymizing data, enforcing strong security measures, and establishing regulatory bodies that resemble IRBs.

Incorporating regulations for research institutes, genetic testing companies, and data custodians to follow strict privacy and data protection standards are the best practices pertaining to eDNA which can be adopted by other countries as well, considering USA’s experience.

2. European Union

The General Data Protection Regulation (hereinafter referred to as “GDPR”) enacted by European Union (hereinafter referred to as “EU”) imposes severe fines up to millions of euros on those who infringe privacy and security criteria.

To address the ethical implications of genetic research and data use, the EU has introduced the European Convention on Human Rights and Biomedicine, in 1999. These rules place a strong emphasis on respecting people’s autonomy, privacy, and dignity.

In order to guarantee that genetic data is handled in line with existing regulations, the EU has selected data protection agencies that enforce and oversee compliance with data protection legislation. These authorities offer instructions, investigate infractions, and apply sanctions for non-compliance.

The EU emphasizes the significance of putting strong encryption procedures into place to safeguard genetic material from unauthorized access or breaches.


In India, using eDNA is not very widespread. However, with the advancement in biotechnology, it is necessary to protect genetic privacy. Therefore, it is imperative for policymakers to establish a robust legislation like the Bill, specifically addressing eDNA analysis and genetic privacy.

These frameworks should include requirements for informed consent, standards for data anonymization, security measures, and stringent guidelines for data storage, sharing, and access.

The development of such well-balanced legislation for eDNA requires joint efforts from technical and regulatory communities, including experts in computer science, computer security, genetics, ethics, privacy law, and many other fields.

– Team AMLEGALS assisted by Ms. Prarthi Shah (Intern)

For any query or feedback, please feel free to get in touch with or

© 2020-21 AMLEGALS Law Firm in Ahmedabad, Mumbai, Kolkata, New Delhi, Bengaluru for IBC, GST, Arbitration, Contract, Due Diligence, Corporate Laws, IPR, White Collar Crime, Litigation & Startup Advisory, Legal Advisory.


Disclaimer & Confirmation As per the rules of the Bar Council of India, law firms are not permitted to solicit work and advertise. By clicking on the “I AGREE” button below, user acknowledges the following:
    • there has been no advertisements, personal communication, solicitation, invitation or inducement of any sort whatsoever from us or any of our members to solicit any work through this website;
    • user wishes to gain more information about AMLEGALS and its attorneys for his/her own information and use;
  • the information about us is provided to the user on his/her specific request and any information obtained or materials downloaded from this website is completely at their own volition and any transmission, receipt or use of this site does not create any lawyer-client relationship; and that
  • We are not responsible for any reliance that a user places on such information and shall not be liable for any loss or damage caused due to any inaccuracy in or exclusion of any information, or its interpretation thereof.
However, the user is advised to confirm the veracity of the same from independent and expert sources.