Investigative genetic genealogy in Europe: Why the “manifestly made public by the data subject” legal basis should be avoided

IF 3.3 3区社会学 Q1 LAW

Computer Law & Security Review Pub Date : 2025-01-10 DOI:10.1016/j.clsr.2025.106106

Taner Kuru

{"title":"Investigative genetic genealogy in Europe: Why the “manifestly made public by the data subject” legal basis should be avoided","authors":"Taner Kuru","doi":"10.1016/j.clsr.2025.106106","DOIUrl":null,"url":null,"abstract":"<div><div>Investigative genetic genealogy has emerged as an effective investigation tool in the last few years, gaining popularity, especially after the arrest of the Golden State Killer. Since then, hundreds of cases have been reported to be solved thanks to this novel and promising technique. Unsurprisingly, this success also led law enforcement authorities in the EU to experiment with it. However, there is an ambiguity on which legal basis in the EU data protection framework should be used to access the personal data of genetic genealogy database users for investigative purposes, which may put the legality and legitimacy of investigative genetic genealogy in Europe at stake. Accordingly, this article examines whether the “manifestly made public by the data subject” legal basis enshrined in Article 10(c) of the Law Enforcement Directive could be used for such purposes. Based on its analysis, the article argues that this legal basis cannot be used for such purposes, given that the personal data in question are not “manifestly made” “public”, and they are not disclosed “by the data subject” in all cases. Therefore, the article concludes by suggesting a way forward to ensure the lawfulness of this investigation method in the EU data protection framework.</div></div>","PeriodicalId":51516,"journal":{"name":"Computer Law & Security Review","volume":"56 ","pages":"Article 106106"},"PeriodicalIF":3.3000,"publicationDate":"2025-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Law & Security Review","FirstCategoryId":"90","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0267364925000019","RegionNum":3,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"LAW","Score":null,"Total":0}

引用次数: 0

Abstract

Investigative genetic genealogy has emerged as an effective investigation tool in the last few years, gaining popularity, especially after the arrest of the Golden State Killer. Since then, hundreds of cases have been reported to be solved thanks to this novel and promising technique. Unsurprisingly, this success also led law enforcement authorities in the EU to experiment with it. However, there is an ambiguity on which legal basis in the EU data protection framework should be used to access the personal data of genetic genealogy database users for investigative purposes, which may put the legality and legitimacy of investigative genetic genealogy in Europe at stake. Accordingly, this article examines whether the “manifestly made public by the data subject” legal basis enshrined in Article 10(c) of the Law Enforcement Directive could be used for such purposes. Based on its analysis, the article argues that this legal basis cannot be used for such purposes, given that the personal data in question are not “manifestly made” “public”, and they are not disclosed “by the data subject” in all cases. Therefore, the article concludes by suggesting a way forward to ensure the lawfulness of this investigation method in the EU data protection framework.

查看原文本刊更多论文

欧洲的调查基因谱系：为什么应该避免“数据主体明显公开”的法律依据

在过去的几年里，调查基因谱系已经成为一种有效的调查工具，越来越受欢迎，特别是在金州杀手被捕之后。从那时起，据报道，由于这种新颖而有前途的技术，数百起案件得到了解决。不出所料，这一成功也促使欧盟的执法当局对其进行试验。然而，欧盟数据保护框架中的法律基础在用于调查目的访问遗传家谱数据库用户的个人数据方面存在歧义，这可能会使欧洲调查遗传家谱的合法性和合法性受到威胁。因此，本文探讨了《执法指令》第10(c)条规定的“数据主体明确公开”的法律依据是否可以用于此类目的。文章在分析的基础上认为，鉴于有关的个人资料并非“明显地”“公开”，而且并非在所有情况下“由资料当事人”披露，这一法律依据不能用于上述目的。因此，本文最后提出了在欧盟数据保护框架下确保该调查方法合法性的前进方向。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Law & Security Review LAW-

CiteScore

5.60

自引率

10.30%

发文量

审稿时长

67 days

期刊介绍： CLSR publishes refereed academic and practitioner papers on topics such as Web 2.0, IT security, Identity management, ID cards, RFID, interference with privacy, Internet law, telecoms regulation, online broadcasting, intellectual property, software law, e-commerce, outsourcing, data protection, EU policy, freedom of information, computer security and many other topics. In addition it provides a regular update on European Union developments, national news from more than 20 jurisdictions in both Europe and the Pacific Rim. It is looking for papers within the subject area that display good quality legal analysis and new lines of legal thought or policy development that go beyond mere description of the subject area, however accurate that may be.