Upcoming Data Protection Regulation to Hampers Genetic and Pharmaceutical Research

The privacy hysteria that since twenty or so years affects policy makers and data protection authorities, reached a new peak with the upcoming data protection regulation whose text has been published last Dec, 18, 2015.

While, thanks God, the text clearly states that “biosample” as such aren’t “personal data”

genetic data should be defined as personal data relating to the genetic characteristics of an individual which have been inherited or acquired as they result from an analysis of a biological sample from the individual in question, in particular by chromosomal, deoxyribonucleic acid (DNA) or ribonucleic acid (RNA) analysis or analysis of any other element enabling equivalent information to be obtained

Nevertheless there is no clear reference to the fact that genetic (and, in general, health-related) researches can’t be pre-emptively limited to specific processing since scientists work with microscopes and not with crystal balls.

The result is that every research project that deals with patient (and patient’s relatives) records might face enormous bureaucratic burdens every time a new path of study emerges from the current one.

Furthermore, the regulation says that:

Member States may maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or health data

In other words, then, we will likely face a flood of local regulation that will make harder to perform researches that save human life.

Sure, there will always be the possibility to challenge in court the letter of the law, claiming that no provision can be interpreted in such a way to endanger human life and that data protection, in constitutional terms, is a “lesser right” when compared to the right to health. But this takes time, money and an open-minded court.

In the meantime, scientists will either slow down their activities or risk to be taken in court.

Does it make sense?

Fay, online advertising’s goof and the information overload

In this post I’ve shown what happens when the advertising process slips out of control: a brand is associated to a wrong message because of the lack of attention to every single step of a campaign.

In other times this mistake would have had dire consequences for the advertising agency… accounts fired, campaign suspended and, maybe, public apologies. But today is (in)different.

Who will ever notice – let alone, remember – the misery exploitation associated with this brand (again, unbeknownst by its management)?

Who will take appropriate actions to avoid a similar mistake in the future?

Who cares?

This is one of the consequences of the information overload: be sloppy. After a couple of hours nobody will even remember about it.

Stop Apple and Google To Take Over Our Cars

Google just announced its “Android Auto” platform, while Apple already did  it with Carplay. Both platforms require an Internet connection and, it is just matter of time, will become more and more deeply interconnected with the car control system.

But software do fail. It fails because there’s no such thing as a bug-free software, it fails because people do mistakes, it fails because the software house’s roadmap not necessarily matches the final users’ safety.

And I don’t care about the usual PR stunts such as “as soon as we discovered the bug we did our best to fix it the fastest way” or “since the xyz library is licensed and proprietary we can’t keep responsibility for the way the software behave” or, finally, “if you just read the EULA you will find that it is clearly stated that we don’t take any responsibility for blah, blah, blah…”

This is a price we cannot afford to pay.

DNA Clandestine Collection, Data Protection and Rule of Evidence. Jeopardizing an Homicide Investigation?

After a three years investigation the public prosecutor of Bergamo (a city near Milan) arrested the alleged author of the homicide of a young girl. The suspect has been found thanks to a massive DNA analysis that involved about 18.000 residents of the area, that led, after the skimming of the majority of the genetic profiles, to only two “candidates” .

To obtain the genetic samples to be compared with those found on the crime scene, the investigators faked a routine traffic control check-point, asking the suspect to pass the alcool-test. Further more – as the media say – the investigators were able to collect “organic fluids” from the suspect’s mother unbeknownst to her.

In this way of investigating the homicide there are two issue that haven’t been taken into account so far: what do the investigators do with the 18.000 DNA samples that they’ve collected and, more important, if a “clandestine” DNA sample collection legal under the Italian Rule of Evidence and Data Protection Regulation.

About the first issue: hopefully the “de facto” biobank should be destroyed once no more useful for the investigation, but neither public information is available nor the Data Protection Authority told a word about it. If this is not the case, this 18.000 samples will be used as a comparison for all the future investigation, meaning that those resident who voluntary gave out their samples will be routinely “investigated” unbeknownst to them.

About the second issue: the suspect’s mother has not been charged since there is no evidence of her connection with the crime. So, as a citizen not charged of anything, should have been told by the investigators that they were collecting her genetic sample.

As per the suspect, the available information don’t reveal whether the clandestine genetic sample collection has been ordered BEFORE he was officially charged by the prosecutor or AFTER his official involvement in the case as the potential perpetrator. This might lead to the possibility for the defense lawyer to object the genetic evidence be part of the trial on the basis that both samples have been collected in a wrong way.

Frankly, as this homicide is a major case in Italy, I doubt that neither a judge nor the Data Protection Authority (very aggressive against SPAM and Social Networks misuse)  will “buy” this objection, even if – as I think – has some merit.

So, provided that the defense lawyers follow this path, the trial will take years to end, because of the legal issues involved with the genetic evidence (think of the Kercher murder, that is still re-tried after having gone up to the Supreme Court and back to the Court of appeals) thus allowing a culprit to stay out of jail longer than he deserves, or an innocent to be acquitted much too late.

As somebody said, big cases make bad justice.

Wrongful Conviction and Protection of the Innocent

Tomorrow, at the University of Milan, I shall participate to a round-table organized by the Italy Innocence Project. The topic is: The Italian Legal System and the Judiciary Mistake.

Here is the full program:




VENERDIÌ€ 6 GIUGNO 2014 9.30 – 18.30


SALUTI INTRODUTTIVI: LUCA LUPÁRIA (Professor of Criminal Procedure at the University of Milan, Director of the Italy Innocence Project); VINICIO NARDO (Segretario dell’Unione delle Camere Penali )


ARK GODSEY (Professor at the University of Cincinnati, Director of the Ohio Innocence Project)
JUSTIN BROOKS (Professor at the California Western School of Law, Director of the California Innocence Project)

ICHAEL NAUGHTON (Director of the University of Bristol Innocence Project, Director of the Innocence Network UK)
DAVID LANGWALLNER (Professor at the Griffith College of Dublin, Director of the Irish Innocence Project)
SYLVAIN CORMIER (Attorney, Director of the Innocence Project of France)
EVELYN BELL (Chief Scientist of the Knoops’ Innocence Project)
MARIA EJCHART-DUBOIS (Member of the Helsinki Foundation for Human Rights and of the Innocence Legal Clinic in Warsaw)


ARTIN KILLIAS (Expert in Criminology, Professor at the Universities of St. Gallen, Lausanne and Zurich) DANIEL VANEK (Expert in forensic DNA identifications, Professor at the Charles University in Prague) ERIC VOLZ (International Innocence Expert, Director of The David House Agency)
ULF STRIDBECK (Professor in Criminal Law at the Faculty of Law, University of Oslo)

LUCA LUPÁRIA (Professor of Criminal Procedure at the University of Milan, Director of the Italy Innocence Project) GIUSEPPE GENNARI (Judge at the Court of Milan)
ANDREA MONTI (Attorney, Expert in forensic DNA)
MARTINA CAGOSSI (Junior researcher at the University of Milan)



Evento accreditato dall’Ordine degli Avvocati di Milano (n. 6 crediti formativi)

Data Protetcion, MTA, Human Samples and Identity Backtracing

To comply with privacy and data-protection regulations, Material Transfer Agreements for human samples often state that the samples are either anonymous (meaning: the donor institution doesn’t know at all the ID of the patient) or anonymized (the donor institution only knows and keeps secret the patient ID.) But this compliance approach won’t work anymore, since the probability of backtracing the ID of patient accessing third parties provided information is not only a proof-of-concept but an “actual reality.”

Amending the MTA to handle this issue is far more complicated than ask the lawyers to just re-phrase their lingo, because what is actually needed is a thorough analysis of the human sample collection process back to the first ring of the donor chain.

The sooner the biobank community will address this issue, the better for the research, the pharma industry and – first of all – the patient himself.

The “Specialist” Lawyer… Whatever It Means

An upcoming regulation – still in draft – will regulate the possibility for an Italian lawyer to call himself “specialist” of something. This “specialist patch” will be obtained by either attending seminars and courses or by showing evidence of practicing in a specific field (BTW, in the mandatory list of field of practice, there are no reference to high-tech, pharma and telco topics.)

I wonder which company has ever chosen a lawyer just because of the patches he stuck on his gown.

The Danger of the New Crusaders and the Risk for the Medical Research

Repubblica.it, an Italian online newspaper, accounts for the cancellation of a fund-raising initiative to collect money for the research on rare disease. The cancellation has been motivated by the fear of riots provoked by animalist activists who object living animals to be used in medical research. This form of terrorism is a dangerous growing trend in Italy, and one of the reasons for this growing is that extreme animalism is not perceived as bad as its “political” sibling (thank to the support given by teen-agers oriented TV channels, politicians and artists.) I don’t see how the opinion of (former)models, self-professed experts with no impact-factor or citation-index or bloggers-on-a-mission should prevail over the facts stated by the major Italian research institution.

Anyway the consequence is that police authorities and the government aren’t taking seriously this issue letting activists to continue threatening the medical and biotech research in Italy. Of course I don’t claim that “every animalist is a terrorist” and I don’t want to enter into the semantics of both words. What I do not find fair is the justification for the use of violence in the name of an idea: the field of history is crossed by enormous rivers of blood because somebody bleieved to be absolutely right, thus taking the burden to “convert” those who disagreed.

As often happens in Italy, this is the result of the a confusion between “ethics” (that is a personal matter) and “law” (that is – or is supposed to be – a tool for balancing contradictory interests.) This confusion is likely to badly affects the feasibility of the scientific research in Italy. I still haven’t collected enough information about how big a disincentive this animalist threat is for the health companies who want to invest in Italy, but the very first hints don’t let imagine a bright future.

How Linkedin Helped to Fight a Possible Scam

Among the usual daily flow of e-mails that submerges me, today I’ve spotted a request for contact coming from a North-European research firm active in the healthcare sector. Its CFO asked for information about a possible breach of contract litigation.

I didn’t have any reason to think of this e-mail as a scam, but there was “something” definitely odd in the message. So I checked both the person and the company name on the Internet and they were real. Still, I wasn’t convinced and decided to have a look at the message header: again, I got contradictory results. The mail server used to send the message was in a remote part of the US, belonging to a local ISP with no apparent connection with both Europe and the Healthcare industry the message was (apparently) coming from.

This couldn’t be a coincidence so I’ve searched the Linkedin profile of the manager that allegedly sent me the message and dropped him an in-mail (so to be sure about his identity and affiliation) and… gotcha! He replied confirming that it wasn’t him the sender of the message.

To put it short, it was a scam and being on Linkedin helped both me to avoid a fraud and this company to discover that it is targeted by an identity theft.