The ICO exists to empower you through information.

  • New report highlights how genomics could one day determine insurance quotes, solve crimes, tailor support in schools and create fitness plans
  • Concerns raised around third-party data, inappropriate bias, data security, and data minimisation
  • We call for developers to take “privacy-by-design” approach and to join Regulatory Sandbox

We have today released a new report on genomics, highlighting the need for a privacy-by-design approach that supports innovation whilst safeguarding privacy.

The report shows how genomics could soon impact everyday life in remarkable ways: hospitals might use DNA to predict and prevent diseases, insurers could adjust policies based on genetic health markers, and wearable tech could personalise fitness plans based on genetic tendencies.

The report, part of our Tech Futures series, examines the challenges posed by rapid advancements in genomic technology and invites organisations to engage with us through our Regulatory Sandbox.

As genomics continues to reshape healthcare and expand into sectors such as insurance, education, and law enforcement, the report explores various scenarios to illustrate potential data protection concerns, including:

  • Data security: Some genomic data is highly personal and nearly impossible to anonymise, raising risks of misuse or re-identification if mishandled or improperly shared.
  • Discrimination or bias: Using genomic data in areas like insurance or law enforcement could lead to systemic discrimination, particularly if combined with models that may reinforce existing biases.
  • Transparency and consent: The sharing of data between organisations in sectors like healthcare can make it difficult for individuals to understand how their genomic data is used and for what purpose.
  • Family sharing: Genomic information inherently relates to family members, meaning data shared about one person could inadvertently reveal sensitive information about another.
  • Purpose of use: The potential expansion of genomic data use beyond its original purpose leads to concerns around data minimisation and purpose limitation.

Stephen Almond, Executive Director, Regulatory Risk, said:

“Genomics promises incredible benefits, from life-saving treatments to more effective learning support. This, as with all innovation, should be welcomed and embraced. However, with these possibilities come serious responsibilities, and privacy must still come first.

“Genomic information is arguably the most sensitive and revealing information a person has, with major implications for not only individuals but their families. We want to work with organisations in this field to ensure they handle this powerful data fairly, transparently, and take a privacy-by-design approach.”

We are encouraging companies working with genomics - whether in healthcare, education, insurance, or criminal justice - to collaborate with its Regulatory Sandbox. This free service allows developers to gain expert guidance on building privacy-compliant innovations in genomics, helping turn groundbreaking ideas into trusted and legally compliant solutions. More information can be found here.

The full report can be read here.

Notes to editors
  1. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations. 
  2. The ICO can take action to address and change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit. 
  3. To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.