Deoxyribonucleic Acid (DNA) profiling dates back to 1984 when one Sir Alec Jeffreys discovered that individuals could be differentiated on the basis of their DNA. Shortly after, DNA profiling was used for investigations in criminal cases, specifically rapes and murders in the UK. In the present day, most countries across the world use forensic data—for academic research purposes, to ensure speedy prosecution in criminal cases, and for the advancement of healthcare provisions.
DNA databases are maintained at a national level in many developing and developed countries, and prove instrumental in aiding police investigations to pinpoint to repeat offenders. They can also help combat rare diseases that pose a threat to entire or certain ethnic and diverse communities, given their predisposition to specific conditions. As information and data are increasingly becoming the new currency, various countries have adopted regulatory measures of varying levels of stringency to protect and extend the use of their databases. Subsequently, as DNA analysis technology advances, smaller and smaller quantities of DNA extractions are made possible, leading to a better and closer understanding of DNA behaviours. While this is of paramount significance, it brings some concerns around the protection and possession of this information. In the light of this phenomenon, I propose to explore the current scenario of DNA profiling and Technology in India, the provisions and proposed laws that govern it, its implications and feasibility in the light of both global and local events.
DNA Technology (Use and Application) Regulation Bill, 2019
A bill on DNA profiling in India was first introduced a little over 17 years ago by the then Bharatiya Janata Party (BJP) government headed by Atal Bihari Vajpayee. The DNA Technology (Use and Application) Regulation Bill, 2019 is the current effort by the Indian government to “provide for the regulation of use and application of Deoxyribonucleic Acid (DNA) technology in order to establish the identity of certain categories of persons including the victims, offenders, suspects, undertrials, missing persons and unknown deceased persons. While both public and private forensic labs conduct genome sequencing and maintain DNA profiles, the Bill proposes a chain of custody by establishing DNA data banks at a regional and national level. These DNA labs are required to share their database with the data banks, where they are categorised as indices— Crime Scene index, Offender’s index, Suspect’s index, Missing Persons Index, and unknown Missing Person’s Index. Apart from the promise of delivering speedy justice by maintaining records of repeat offenders, it also regulates issues pertaining to human identification: medical and civil disputes.
The Bill provides the nuts and bolts of legality, which were previously not in place to enforce a strict code of ethics in matters relating to criminal offences. It provides clauses on consent, storage, and removal of the DNA profiling exercise on criminal matters, however, the same is uncertain and ambiguous for cases pertaining to medical and civil disputes. It seeks to establish identity using DNA technology, the process of which can be used for a host of purposes given that it reveals a lot of information pertaining to an individual’s physical and medical traits such as susceptibility to diseases, history of illnesses, instances of mutations, skin colour, behaviours, to name a few. While countries such as the USA with the Combined DNA Index System (CODIS), and the UK with the National Criminal Intelligence DNA Database explicitly mention the placement of databases for criminal investigations, India fails to do so in this bill.
The bill is currently under examination with the Parliamentary Standing Committee on Science and Technology, as it has invited a lot of debate on the lack of clarity pertaining to the absence of an interwoven view of the provision made on Data Privacy and Data Protection. The storage of personal data collected for civil disputes is a direct infringement of the fundamental right of Right to Privacy. Chronologically speaking, privacy as a fundamental right was passed in 2017 (Puttaswamy Vs Union of India case), whereas the DNA Bill has been on the cards for much longer, and The Personal Data Protection Bill is still in its draft stage, deeming lawmakers and politicians unfit to handle the threat to privacy posed by the bill.
Concerns on Privacy
One of the prime concerns on the topic of privacy is the unification of the database. DNA samples, if used to settle civil disputes have no guarantee of being destroyed, irrespective of the index it belongs to. This puts an additional burden on innocent bystanders, should they be present at a future crime scene. In such a scenario, the consent and due process are left unanswered and not accounted for due to the lack of clarity in the bill. Not only is consent a grey area in the context of civic disputes, but it is also debatable in criminal matters—the second and third categories pertain to arrests of those convicted with punishable offences with less than 7 years of sentence and collection of samples of minor/disabled victims. The procedure requires a written consent from the individuals, which can be foregone with approval from the district magistrate, which in technical terms is coerced consent. Had the Personal Data Protection Bill been duly approved and incorporated, its provision for processing sensitive data on the lines of ‘informed, free, specific, clear, and capable of being withdrawn’ (The Personal Data Protection Bill 2019, clause 2 and 3, 7) would be of some relief.
Additionally, cross-referencing of the data collected is in contravention to the “sensitive personal data” section of the Personal Data Protection Bill that specifically covers requirements of consent and dissemination of information of genetic data. There are also no regulations on the prohibition of usage of DNA data by third party users, which is a cause for concern on privacy, given that a lot of independent and private labs are authorised to conduct DNA tests in India. There is a penalty of up to Rs 2,00,000 and 3 years of jail for leaking information, however, no other method of invasion of privacy is penalised, due to the lack of integration with the data privacy and protection laws—both the Srikrishna Committee draft bill on Data Protection, and Digital Information Security in Healthcare Act (DISHA) of 2017.
An Overview of Genomic Data Banks
Genome sequencing is the deconstruction of the whole DNA of a human cell, and is primarily carried out to understand the functions, behaviours, and patterns of genes. It is most importantly used to understand genetic mutations that explain diseases and predisposition to diseases of an individual as well as an entire population. India houses the world’s second-largest population that represents diverse ethnicities and genetic compositions, however, we lag behind in global genome studies. To facilitate better understanding and provision of healthcare, countries such as Australia, Dubai, Estonia, Turkey, US, UK, Japan, etc have launched biobanks containing information about more than 100k citizens. The biobanks are linked to national registries and hospital databases.
The Council of Scientific and Industrial Research (CSIR) in India launched the IndiGen Project in 2019 to undertake whole genome sequencing of 1000 individuals and aims at completing the activity on 10,000 individuals in the next 3 years. Like other countries, it aims to improve diagnostics and design early interventions among children of specific age communities to combat genetic diseases. Apart from the project, private labs that offer genetic testing also store this data. As an added advantage, genomic databases prove beneficial in forensic identification. However, with the proposed bill, the fear of cross-usage of databases by the government and private players raises alarms on consent, data privacy, as well as sensitization towards information usage among citizens.
Usage of genetic information by third parties such as insurance companies and employers have sparked off debates in the US and UK, given the possibility of usage of this information not just for medical purposes, but also politically charged racial/community profiling. When contextualized in the Indian landscape, possession of digital health data, both in the form of insurance and normal lab reports, immunizations, medications, etc, are governed under the Digital Information Security in Healthcare Act (DISHA) of 2017. While the law prohibits insurance providers from using or transferring this data, the jury is still out on the extent to which they will be penalized. At the intersection of the DISHA Act and the DNA Technology Bill lies the fear of uncertainty of what data collected and stored in the regional and national data banks will be used for.
The DNA Technology Regulation Bill of 2019 that has raised several eyebrows in the parliament, is currently under the examination of the Standing Committee for Science and Technology. It has several pitfalls, some of which could have extremely detrimental effects on people once implemented. The case study of China’s national biobanks where DNAs of the entire population are being mandatorily collected, stored and misused to impinge on the rights of the minority population to dissent, highlights the seminal issues apropos misusing mass-collected sensitive genetic data to marginalize and oppress the minorities. In the Indian context, the Andhra Pradesh government’s partnership with a private firm to gather DNA data from citizens without any satisfactory law in place to prevent abuse of data or selling of data to third parties proves that the still lacks sufficient maturity when it comes to awareness about the risks of breach of vital and sensitive information—such as that provided by the DNA test. The consequences that might ensue such a hasty move to bring forth a bill into the parliament without societal or governmental preparedness, will only be disastrous.
Nidhi Upadhyaya is a young India fellow at Ashoka University.