Since the mid-1990s most EU Member States have established a national forensic DNA database. These mass repositories of DNA profiles enable the police to identify DNA stains which are found at crime scenes and are invaluable in criminal investigation. Governments have always brushed aside privacy objections by stressing that the stored DNA profiles do not contain sensitive genetic information on the included individuals and that they reside under the statutory privacy protection regulations. However, it has been generally overlooked that the police also store the DNA samples from which the DNA profiles are derived. Although these DNA samples are actually a potential source of genetic information, they have so far scarcely been the subject of discussion. In this article we will show that both European and national regulations offer inadequate protection to completely prevent function creep, that is, the use of these forensic DNA samples for purposes beyond those envisaged at the time of collection.
Statistics from Altmetric.com
If you wish to reuse any or all of this article please use the link below which will take you to the Copyright Clearance Center’s RightsLink service. You will be able to get a quick price and instant permission to reuse the content in many different ways.
Since its introduction in 1984, forensic DNA profiling has gradually become an indispensable part of the criminal justice system.1 i Formerly, prosecutors could only rely on witness testimonies, alibis and certain other pieces of material evidence such as latent fingerprints to prove that a suspect had been present at a particular crime scene. These fact-finding techniques do not always yield watertight proof. DNA profiling has revolutionised criminal investigation because it provides prosecutors with irrefutable evidence. Its main contribution consists of the possibility to determine with almost perfect accuracy whether two bodily samples belong to the same individual. Therefore it allows investigators to both include and exclude crime suspects in criminal investigations.2 ii In the beginning it was only used in individual cases for which additional evidence was needed. As this kind of use of DNA profiling presupposes that there is actually a suspect available, its range of applications is rather limited. Therefore the idea was launched that the storage of the DNA profiles of individuals who had already been convicted of a criminal offence would significantly increase the efficiency of criminal investigations and that it would probably also create a serious deterrence effect. This belief led to the creation of forensic DNA databases, large repositories of digitalised DNA profiles of individuals which can be compared at any time with newly discovered unidentified crime scene DNA stains. A forensic DNA database typically contains two kinds of DNA profiles. The first category consists of profiles which are derived from unidentified crime scene stains. These are bodily samples such as skin cells, hair, blood or saliva which possibly belong to an individual who has been involved in a criminal offence. The other category, which in most countries makes up the largest part of the database, consists of the DNA profiles of individuals who have been convicted of a criminal offence or who are a suspect of a crime that is still under investigation.
In recent years, the steady expansion of these forensic DNA databases has provoked a number of critical questions on issues related to this practice, such as the entry and removal criteria of these databases,3 the intrusiveness of coercive sampling,4 and the possible creation of databases covering the entire population.5 In spite of these critical questions, it does not seem likely that the powers which are currently assigned to these databases will be curtailed in the near future. On the contrary, it has been observed that “no country has ever reduced its established forensic DNA collection or sought to curtail its uses once it has been embedded successfully into its criminal justice system”.6 Governments defend this policy by referring to the high efficiency of these databases in their fight against crime and by stressing that the stored DNA profiles are derived from the “non-coding” sequences of the DNA.7 With the latter they want to reassure their citizens that the storage of DNA profiles does not pose any threat to their genetic privacy. DNA profiles do not contain much sensitive information on an individual and therefore should not be treated differently than any other kind of data stored by police services.
However, the situation is more complex than that. In fact the DNA samples which are collected in order to create these DNA profiles, are indeed a source of highly sensitive information on the genetic architecture of an individual and hence ought to be protected by more specific legal safeguards.8 However, in their political discourse as well as in their regulations, both the European bodies and EU Member States have mostly failed to address this issue properly. After outlining a number of threats to genetic privacy to which this negligence could lead, we will show that current European regulations do not offer appropriate safeguards and that EU Member States have in fact increased the risks of harmful secondary use due to their differing sample retention policies.
THREATS TO GENETIC PRIVACY
One of the most well known applications of DNA analysis is that it can reveal whether someone is genetically predisposed to developing a certain physical disorder. In this context George Annas has equated genetic information with a “future diary” because it has a certain predictive value for our personal medical future.9 Although he stresses that this does not mean that genes are deterministic, he does consider genetic information as a very private signpost to our possible future.10 As genetic information might be used for purposes that are highly undesirable for both the individual and society at large, genetic privacy ought to be protected by appropriate legal safeguards. Exposure of genetic information derived from forensic DNA samples to third parties such as insurance companies or employers could for example lead to discriminating measures against individuals with a particular genetic make-up.11 Furthermore, since genes are partly shared with relatives, the genetic information of individuals does not only disclose elements about their own current and future medical situation, but also about that of their parents, siblings and children.
Governments also have an interest in certain other uses of these samples besides DNA profiling for identification purposes. One of the most noted possibilities in this context is that they will be used for research into genetic predispositions to violent behaviour.12 Indeed, the availability of large collections of DNA samples which originate from criminal offenders seems hard to ignore for behavioural geneticists who are eager to find the so-called “criminal gene” and for governments who want to develop more effective strategies to prevent and fight crime. Although the scientific value of this kind of genetic research into behavioural traits is still highly controversial, even the mere fact that this research would be undertaken should be worrying. As previous genetic studies of this kind have shown,13 iii even inconclusive results could induce the idea that propensity to violent and antisocial behaviour is genetically determined and could therefore lead to discriminating measures against individuals of whom it is suspected that they carry these genes.14
REGULATIONS REGARDING FORENSIC DNA SAMPLES
Although we should not exaggerate the possibility that forensic DNA samples are used for ends such as those described above, the ongoing expansion of forensic DNA databases and police sampling powers do give rise to justifiable concerns regarding the consequences of these evolutions for genetic privacy. Originally, only DNA profiles and samples of individuals who had committed serious criminal offences such as rape and murder would be included in such a database. In contrast with the federal states of the US where this principle still lies at the basis of their various database policies,15 iv most European national forensic DNA databases have been gradually transformed from convict databases into suspect databases. In EU Member States such as the UK,,v Slovakia, Estonia and Latvia the police are allowed to take a DNA sample for processing and storage into their national databases from everyone who is arrested of any recordable offence. In England and Wales, even the samples and profiles of those who are acquitted or freed from charges are retained for a non-fixed time. Together with the extension of police powers to coercively collect DNA samples from suspects and offenders, these inclusion criteria have resulted in a vast increase of the number of individuals included in the various European forensic DNA databases during the last few years.,vi As these evolutions have made the question for appropriate legal safeguards for sample retention and secondary use more pressing, we will examine current relevant regulations at both EU and national states’ level.
EU Member States have to take several governmental levels into account. Although these structures stimulate and ensure European cooperation and harmonisation, they also cause regulations concerning one and the same issue to be scattered over several official documents, which all have a different legal status. This is also the case for the present issue. Measures which aim to protect privacy, and mutatis mutandis genetic privacy, can be found in both EU and Council of Europe regulations. This dissemination of regulations has important consequences for their legal value. EU regulations can be issued under the guise of Ordinances, Directives, Decisions, Recommendations or Opinions. Only the first three of these regulations create binding law, although not in the same way. While Ordinances bind every party (Member States and civilians) directly, Directives only bind as far as results are concerned. It is up to the different Member States to decide how these results can best be achieved. Decisions only bind those parties, both Member States and civilians, who are directly addressed by them. The Council of Europe, on the other hand, cannot issue any directly binding law. Its main aim is to achieve a greater unity between its members by stimulating the drafting of agreements to which their Member States can voluntarily accede. However, as genetic privacy is being considered in a very specific setting, other problems enter the picture. Focusing primarily on economic integration the EU Member States have so far been reluctant to regulate justice and security issues on a European level. Therefore, it seems that privacy issues in this field have received less attention than elsewhere. Furthermore, as indicated above, a distinction has to be made between DNA profiles and DNA samples. European regulations should take this into account if they want to offer an appropriate safeguard for genetic privacy.
Probably the major shortcoming of European regulations regarding the processing of personal information is that they do not apply to justice and security issues. This can clearly be observed in the Data Protection Convention of the Council of Europe (Article 3, Section 2) which explicitly mentions that it does not apply to measures taken in the interests of “protecting state security, public safety, the monetary interest of the state or the suppression of criminal offences”(Article 9, Section 2).17 On the EU level a similar provision was included in EU Directive 95/46/EC.18 As the provisions of this Directive would make it otherwise well-nigh impossible for the Member States to use DNA profiling techniques and operate DNA databases, Article 3 clearly states that this Directive does not apply to “[…] activities of the State in areas of criminal law”.18 By introducing these exceptions into the various regulations the national states have made it clear that they would rather keep this competence at their own discretion.
The former observation is closely connected to the second weakness of the relevant European regulations: those which deal most explicitly with DNA samples and DNA profiles in the context of criminal justice do not constitute binding law. As the national states want to keep control over issues in the sphere of criminal justice, European initiatives in this field mostly appear in the form of recommendations, resolutions, circulars and the like. Recommendation No. R (92) 119 of the Committee of Ministers of the Council of Europe offers a good example. It is currently the only document that directly addresses the fate of forensic DNA samples by stating that “samples collected for DNA analysis and the information derived from such analysis for the purpose of the investigation and prosecution of criminal offences must not be used for other purposes”(Section 3).19 Furthermore, it apparently completely shuts the door to possible abuse by stating that the “samples […] should not be kept after the rendering of the final decision in the case for which they were used […]”(Section 8).19 Destruction of the samples is indeed the most effective measure against harmful secondary use. Its status as a Recommendation, however, exempts national states from the obligation to adopt its provisions into their legislations and practices.
Finally, although it has sometimes been argued that DNA itself is information,20 this issue is not in any way touched upon in the various relevant European regulations. The definition of “personal data” which is used in Directive 95/46/EC, for example, therefore does not include bodily samples: “‘Personal data’ shall mean any information relating to an identified or identifiable natural person (‘data subject’)” (Article 2a).18 Directive 95/46/EC therefore only becomes applicable if data are extracted from the biological material. Although this Directive seems to prevent third parties who do not operate within the sphere of justice and security to use forensic DNA profiles and genetic information derived from forensic DNA samples, it does not explicitly forbid government agencies to derive and use genetic information from the samples as long as it is performed for purposes which are broadly related to activities in the field of justice and security such as research into the “criminal gene”. Furthermore, in accordance with the non-applicability of the definition of “personal data” to bodily samples, Directive 95/46/EC does not forbid the transfer of these samples from state agencies to third parties as long as no identifiable information is extracted from them.
Regulations in the EU member States
As there are apparently no clear-cut and binding regulations on the European level that deal with the fate of forensic DNA samples, EU Member States can still largely develop their own policies regarding the retention and destruction of these samples. The only official document on the European level which has brought forward clear benchmarks regarding this issue is the aforementioned Recommendation No. (92) 1 of the Council of Europe. In contrast with the Data Protection Convention and Directive 95/46/EC, it does not make an exception for the processing of data in the field of justice and security and thereby explicitly forbids any secondary use except those for the purpose of the investigation and prosecution of criminal offences. However, the Recommendation does also allow for an exception when the samples are used for “research and statistical purposes”(Section 3).19 Although these uses would require anonymisation, it is not in any way defined exactly which kind of research is allowed. Hence, it seems that some controversial uses, such as research into the “criminal gene”, are not explicitly prohibited by this Recommendation. Therefore it does not really offer a final solution to the issues which are left unaddressed by the more general regulations. However, it does urge governments to destroy the biological material taken for DNA profiling after the final decision in the case for which they were used has been rendered. As we have indicated above, this measure is indeed the only absolute safeguard against violations of genetic privacy rights. Therefore it is reasonable to assess the Member States’ policies against this latter provision.
The sample retention policies of the various EU Member States are scattered over a host of laws, protocols, codes and circulars. It is therefore not easy to collect all the required information. After having analysed the relevant national laws, where available, we contacted at least two specialists in each EU Member State, either in a university setting or in forensic divisions of the police, and requested them to fill in a short questionnaire. Between February and June 2007, we received completed questionnaires from specialists in 25 Member States. Six Member States currently do not have a national forensic DNA database and are therefore omitted from the discussion. After several fruitless attempts to contact specialists in Bulgaria, Romania and Slovenia we were unable to obtain information from these three EU Member States. Poland announced that it has established a national database in 2001, but our local contact persons could not confirm whether it is already operational (see table 1).21 vii
Overall, four different policies regarding the retention of forensic DNA samples can broadly be distinguished, ranging from immediate destruction of all samples after the corresponding DNA profiles are created to not establishing an exact time of destruction (see table 2).
Germany, Lithuania, Sweden and Belgium are the only Member States that pursue the policy of immediate destruction of DNA samples. Hence, it can be concluded that these are the only Member States that completely preclude any possible secondary use of the samples.
A second group of Member States distinguishes between suspects and convicts with regard to the treatment of their respective DNA samples. In accordance with Recommendation No. (92), 1 which demands that the samples should not be retained after the final decision in the case for which they were used has been rendered, Member States in this group destroy the samples of crime suspects as soon as they are acquitted or freed from charges. This ensures that governments do not have access to identifiable bodily material of individuals who were found innocent. Member States which pursue this policy include Cyprus, The Czech Republic, Finland, France, Hungary, Luxemburg, Scotland, Slovakia and The Netherlands. Austria adopts a very similar policy, but it requires that suspects submit a written request for sample destruction after they are acquitted.
Regarding the DNA samples of convicted offenders, on the other hand, these Member States allow for their retention for a substantial period of time and therefore exceed the storage time which the Recommendation considers reasonable. This period varies from 20 years after the expiry of the sentence in Hungary to for a non-fixed time retention in Scotland. We should mention, however, that the inclusion criteria for convicted offenders vary sharply from Member State to Member State, which means that the number of samples stored is smaller than the number of offenders convicted. Some Member States, such as France and Hungary, have laid down that only those who are convicted of serious criminal offences such as murder or sex crimes are to have their samples included in the database. Others, such as Finland and The Netherlands, on the other hand, have stipulated that only samples of those who have committed an offence that could lead to a certain term of imprisonment can be entered. With these provisions governments intend to indicate that they only store DNA samples and profiles of individuals who pose a direct danger to the safety of their citizens.
A third group of Member States retains the DNA samples of both categories of individuals for a certain period of time. Denmark retains all samples until the included individuals have reached the age of 80 years and Latvia retains all samples for 75 years. As these two Member States do not distinguish between crime suspects and convicted offenders and moreover do not take the severity of the offence of which somebody is suspected or convicted into consideration, this policy could be considered to be at odds with the principle of proportionality.
Finally, a fourth group has not set an exact term for the destruction of the samples. In England & Wales, this practice was contested in the Marper case.22 In this case, it was argued that the retention of DNA samples of individuals who were arrested but acquitted afterwards, implies a violation of Article 8 (1) of the Convention for the Protection of Human Rights and Fundamental Freedoms.23 Both the Court of Appeal and the House of Lords concluded that while this may be a minor violation, it is justified under Article 8 (2) which says that an exception is made for matters of public safety and for the prevention of disorder or crime. This judgment therefore confirms once more the above mentioned observation that international regulations are not properly equipped to deal with the specific issues raised by DNA profiling and databasing.
Apparently, most EU Member States do not comply with the provisions of Recommendation No. (92) 1 and, particularly with regard to convicted offenders, retain the DNA samples beyond the term which this document considers reasonable. Two arguments are usually advanced to defend this policy. Firstly, some argue that retention of the DNA samples is necessary to enable upgrading of the DNA profiles as soon as new technologies are available.24 It is then argued that the database would need to be rebuilt every time a new profiling technology is implemented. Secondly, it has also been put forward that a reference sample is needed to enable retesting in case of a dispute on the accuracy of the original test results.24 The latter argument can easily be refuted because a new sample can always be obtained from the person concerned. It can however be conceived as an argument in favour of retention of the unidentified DNA samples which are found at a crime scene. As long as no match is established between these samples and a suspect, it seems indeed justifiable to retain them. Therefore, it is almost universally accepted that these kinds of samples and profiles should be automatically stored into a database.25 The argument of the necessity for technological upgrades, on the other hand, does carry considerable credibility. To date, there is indeed no alternative method available in case of a radical change in technology. However, as the evolution in technology is probably never coming to a definite end, this argument can be used ad infinitum. As it has been indicated that shortcomings of the presently used STR markers can be put right without having to abandon the already stored profiles,26 this argument seems equally hard to sustain.
The collection and storage of large quantities of biological material by police services call for specific regulations regarding their use and term of retention. As the EU Member States’ national policies regarding these issues are diverse and sometimes even non-existent, a unified legislative framework on the European level would offer the most effective safeguard for the protection of genetic privacy. Recommendation No. (92) 1 of the Council of Europe offers a good starting point. However, as it does not contain concrete guidelines as to how samples may be used and as it does not constitute binding law, there is an urgent need for a new initiative on the EU level. In this context, an appealing suggestion was made by the Data Protection Working Party. In an assessment of Directive 95/46/EC the issue of DNA forensics was addressed explicitly advising that “consideration should also be given to the legal status of DNA samples”.27 Bearing in mind that this Directive creates imperative law, it seems understandable that the Member States are eager to keep justice and security matters out of its scope. Nevertheless, the sensitive nature of genetic information calls for an exception regarding the regulation of the DNA samples taken for forensic purposes.
We are most grateful to all those in both university departments and forensic divisions of the police who supplied us with the most up-to-date information on their country’s situation.
Funding: This work was supported by GeneBanC, an EU–FP6 supported STREP contract number 036751.
Competing interests: None declared.
↵ii One of the first cases that was solved using DNA profiling was the famous 1985 Pitchfork-case (R v Pitchfork and Kelly (1987)). After a violent double-rape murder, the police asked all young males from a small English village to deliver a blood sample. When this so called “dragnet” did not produce a positive match, it became apparent that a local baker called Colin Pitchfork attempted to avoid detection by delivering a false sample. He was re-tested and eventually confessed, wherupon another suspect—who was wrongfully held by the police—was released.2
↵iii Certain ethologists thought that the explanation of violent behaviour could be found in the established fact that certain men have two instead of one Y chromosome. Although this conclusion has been refuted in many other studies now, even governmental agencies still use the story of the XYY man to push towards more research into the genetic causes of violent and antisocial behaviour.13
↵v Although England and Wales, Scotland and Northern Ireland all have their own forensic DNA database, they do share the same inclusion criteria.