Do We Need Data Protection at All?
This chapter assesses whether there is any need to consider European data protection law as a framework for the protection of genetic privacy in biobanking in Europe at all. To answer the question, the chapter conducts a thought experiment and examines what the standard of protection in Europe would look like if one were to exclude data protection law from consideration. This is merely a thought experiment, as data protection already plays, and will continue to play, a significant role in the protection of genetic privacy in biobanking in Europe. The exercise is enlightening, however, in showing the extent of flaws in protection in European legal systems stripped of data protection. In this regard, the chapter then maps the protection provided to genetic privacy in biobanking by the EU's, and three European states'—Estonia, Germany, and the UK—legal systems. It then engages in a critical analysis, highlighting the significant inadequacy of the protection provided by these systems excluding data protection law. Finally, the chapter shows why, generally, European data protection law under the General Data Protection Regulation (GDPR) looks a viable solution to address the problems displayed by other approaches.