Data Medical Privacy Act: an Italian Lacking. Some Remarks

AUTHOR
Luigi Gerardi

ABSTRACT

Nowadays in Italy is absolutely necessary a specific Data Medical Protection act after the issuing of the italian Data Protection Act. Italy is lacking a law which carry out the principles of the Council of Europe Recomandation R (97)5. Particularly, there is a pressing need of a regulation about Genetic Data collection and processing. The Recomandation states the following:

  • Genetic Data should only be used for preventive processing or diagnosis, data subject processing, scientific research, or to allow the data subject to take a free and informed decision on these matters (see §4.7).
  • For purposes other than those cited above, the Genetic Data collection and processing should be only permitted for health reasons and in particular to avoid any serious prejudice to the health of the data subject or third parties (see §4.9).
  • However, the processing of Genetic Data in order to predict illness may be allowed in cases of overriding interest and subject to appropriate safeguards defined by law (see §4.9).

The points at issues are the following:

  1. In Italy at moment there are no “safeguards defined by law” about Genetic Data: the Italian Data Protection Authority could allow that data processing for reasons of public health or to avoid serious prejuduce to the health of third parties without the consent of the data subject.
  2. The word “health”, in our opinion, is vague if related to genetic data processing for preventive treatment or for scientific research. For instance, it is not clear when data collected for scientific research or public health should be anonymous and not be disclosed.
  3. According to the Recomandation above mentioned, the data subject shall informed about the existence of files containing his/her medical data and information about the type of data collected (see §5.1). Also information of the subject shall be appropriate and adapted to circumstances (see §5.3).

Particularly related to the point 3, we raise the following questions:

  • What is the range of the right to know about the existence of own Genetic Data?
  • The data subject should be informed about the possibility of an unexpected findings (see §5.4); this event itself , in our opinion, could cause serious harm to the subject’s health.
  • Moreover, there is the (adopted or test-tube) son’s right to know his own hereditary characteristics.

All these problems coming out from the Recomandation of Council of Europe are relevants for draw up the future Italian Data Medical Privacy Act, also considering the implementation of Data Medical Cards in Europe. In the same way we have a data interchange in the SIS (Informative Schengen’s System) where is available personal data for Police all around European common borders, we can imagine an analogous system for Personal Medical Data which will serve for research, public health, and emergency reasons. Then every nation which want participate to this European data health trade will need a Data Medical Privacy Act. Aware the progress made in medical science and developments in information technology that Act have to assured the rights and fundamental freedoms of the individuals, particularly the right to privacy.