The collection, use, and sharing of human genome data has become a cornerstone of modern science, healthcare innovation, and commercial development. Yet as its use expands, encompassing precision medicine and ancestry testing to vaccine development and agricultural bioengineering, it raises complex legal and ethical challenges. Genomic data is inherently identifiable, intergenerational, and often shared across borders, straining existing data protection and privacy laws that were not designed with these characteristics in mind.
The World Health Organization’s (WHO) 2024 Guidance for Human Genome Data Collection, Access, Use and Sharing marks a significant evolution in global policy discourse surrounding genomic data governance.[1] It offers a principled framework grounded in human rights and designed to navigate the ethical, legal, social and cultural complexities associated with the use of human genome data across clinical, research and public health domains. This analysis reviews the legal and policy implications of the Guidance, highlighting the document’s relevance for the development and application of data governance frameworks, particularly as national laws and global practices continue to evolve in this domain.
A human rights-oriented approach to data governance
The WHO’s framework is notable in its explicit anchoring in international human rights law, including references to the Universal Declaration of Human Rights,[2] the UNESCO International Declaration on Human Genetic Data,[3] and the General Data Protection Regulation (GDPR)[4] of the European Union.[5] Rather than being a technical addendum to existing medical guidelines, the document positions the regulation of human genome data as a matter of normative obligation tied to the right to health, privacy, autonomy, and non-discrimination.[6]
In this regard, the Guidance departs from prior formulations that centred on individual consent or scientific benefit alone. It outlines a more expansive vision in which the regulation of genome data becomes part of a broader strategy for achieving global health equity and respecting cultural values. This approach invites a reassessment of national legal frameworks that may treat genomic data merely as subsets of health data or genetic information, without addressing the unique temporal, identifiability, and intergenerational concerns they raise.
Data life cycle and governance
In light of the complexities of collecting, using, and storing genome data, the WHO Guidance emphasizes focus on the full data life cycle – from collection and storage to access, use, sharing, and deletion – underscoring that effective genomic data governance cannot rely on static or siloed rules.[7] Instead, laws and policies must address the entire life cycle, accounting for dynamic uses, secondary applications, and rapidly evolving technological environments. This approach echoes ongoing concerns in legal scholarship about the limitations of purpose specification and consent within current data protection regimes. Moreover, the rising frequency of data security breaches has further driven international regulatory engagement in the oversight of genetic testing and genomic data practices.[8]
Building on this life-cycle approach, the Guidance further distinguishes between prospective and retrospective data collections and affirms the need to adapt implementation strategies accordingly.[9] This is particularly relevant in jurisdictions that have yet to adopt detailed regulatory provisions for the reuse of previously collected genomic data, or that rely heavily on de-identification techniques that may be ineffective given the inherent identifiability of genomic information.
A normative shift: Collective rights and dynamic consent
While the importance of informed consent remains central, the WHO’s 2024 Guidance shifts the focus toward a broader model of participatory and collective governance. This reflects a recognition that genomic data has an inherently collective element: it carries information not only about the individual who gives consent, but also about their biological relatives and shared ancestry.[10] For many Indigenous communities, this makes genome data not just personal, but also a cultural resource.[11] In these contexts, decisions about genome data access and use not only respect individual autonomy but also consider collective rights and intergenerational impacts, thus consent should be contextually appropriate with respect to cultural and social norms.[12] The goal is not to eliminate individual consent, but to strengthen and complement it – ensuring that consent is meaningful, transparent, and culturally sensitive, while also acknowledging the broader social and community-level impacts of genomic data use. This perspective challenges the individualistic orientation of conventional data protection regimes, such as the GDPR, which primarily centre on personal data rights, and hence may inadequately capture the collective dimensions of data governance. The WHO Guidance instead calls for legal and regulatory frameworks that can accommodate shared decision-making and representation, especially for Indigenous groups.
The WHO Guidance also supports the concept of dynamic consent (i.e. revocable and adaptable over time) and recognizes the legitimacy of broad consent under stringent governance safeguards, including oversight by data access committees.[13] Other legal initiatives also support the idea of dynamic consent, with interim solutions such as opt-outs specifically for genomic research if data subjects had previously given general consent without being specifically informed about genome sequencing.[14]
Embedding equity and solidarity into data access and use
The WHO’s framing of social justice and solidarity as foundational principles introduces additional legal and policy considerations. It calls for proactive measures to reduce structural inequalities, ensure fair benefit-sharing, and prevent both individual and group-level stigmatization and discrimination.[15] Importantly, it recognizes the need for capacity-building, both in terms of technical infrastructure and legal-ethical governance expertise, especially in low-resource settings.[16]
This emphasis on fairness and global equity is not merely aspirational. It implies that genomic data governance must incorporate positive obligations – such as ensuring fair access to resulting benefits, safeguarding against inequitable commercial exploitation, and addressing disparities in representation across datasets.[17] Regulatory instruments that treat data rights as negative freedoms (e.g., the right to withhold consent or be forgotten) may be insufficient unless they are complemented by duties to ensure inclusive participation and equitable benefit.[18]
Core ethical tensions in genomic data governance
The World Economic Forum’s (WEF) 2020 Genomic Data Policy and Ethics Framework highlights six core ethical tensions that underpin the legal and policy challenges of human genome data governance:[19]
- Balancing individual privacy and societal benefits: Protecting individual genomic privacy is crucial, but overly strict privacy can hinder valuable research that benefits society; policymakers must find a balance between respecting privacy and enabling data use.
- Balancing open and restricted data access: Regulators must carefully determine who can access genomic data to maximize research benefits while preventing misuse, considering the risks of both overly open and overly restricted access.
- Balancing receiving benefits and altruistic donations: Deciding whether and how to compensate individuals or communities for their genomic data is complex, weighing altruism against fair benefit-sharing and potential impacts on participation and equity.
- Balancing community and researcher oversight: Ethical oversight of genomic research must balance scientific rigor with respect for community values and cultural contexts to ensure research is ethical and inclusive.
- Balancing inclusion and exclusion: Genomic research needs to include diverse and historically underrepresented populations to avoid biased data and harm, while carefully protecting these groups from exploitation.
- Balancing confidentiality and duty to inform: Researchers and clinicians face ethical dilemmas when deciding whether to disclose genetic findings that may impact individuals or relatives, balancing confidentiality with the potential need to prevent harm.
These tensions reveal the complexity of operationalizing the WHO’s human rights-oriented framework in real-world genomic data governance. They illustrate why legal systems must move beyond simple regulatory checklists toward dynamic, inclusive, and context-sensitive governance mechanisms that can accommodate evolving ethical, social, and technological realities.
Conclusion: Toward normative pluralism and legal adaptation
The 2024 WHO Guidance represents a meaningful shift in the global governance of genomic data, moving beyond individual consent and risk management toward an integrated framework grounded in human rights, equity, and shared accountability. For legal frameworks – especially those grounded in data protection, bioethics, and public health law – the document invites normative pluralism, an approach that not only accommodates different legal traditions but also respects diverse cultural, and community-based understandings of genomic data. In many contexts, genetic information is not only personal but also a collective or cultural asset, and its governance must reflect this complexity. Legal adaptation will be essential.[20] National and regional laws must grapple with questions that the WHO document articulates but does not resolve: How should collective rights be recognized in genomic governance? How can consent be meaningfully dynamic while remaining legally valid? What forms of redress or sanction are adequate to ensure compliance in transnational research infrastructures?
Ultimately, the WHO’s intervention functions not only as a policy compass but also as a normative agenda for future regulatory development. It sets a high bar: one in which legal systems are expected to evolve toward more inclusive, transparent, and equitable models of data governance – models fit for the complexity and promise of genomic science.
[1] WHO. Guidance for Human Genome Data Collection, Access, Use and Sharing. Geneva: World Health Organization, 2024, (hereinafter: WHO Guidance).
[2] United Nations. Universal Declaration of Human Rights. 10 Dec. 1948, www.un.org/en/about-us/universal-declaration-of-human-rights.
[3] UNESCO. International Declaration on Human Genetic Data. 16 Oct. 2003, www.unesco.org/en/legal-affairs/international-declaration-human-genetic-data.
[4] European Parliament and Council. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union, L 119, 4 May 2016, pp. 1–88.
[5] WHO Guidance.
[6] Ibid.
[7] WHO Guidance.
[8] Fazlioglu, Müge. “Data Privacy and Genetic Testing: Guidance and Enforcement from Regulators.” IAPP, 18 Sept. 2024, https://iapp.org/news/a/the-dna-of-privacy-and-the-privacy-of-dna.
[9] WHO Guidance.
[10] Santiago, Ibon, and Tobias Hoffmann. „The World Wide Genome: Genetic Privacy in the Age of Big Data.” Science Diplomacy Perspectives, 11 Feb. 2022, https://doi.org/10.1126/scidip.ade6822.
[11] See e.g. United Nations Declaration on the Rights of Indigenous Peoples (UNDRIP), Article 31. While non-binding, it affirms Indigenous peoples’ rights to control their genetic resources.
[12] WHO Guidance.
[13] Ibid.
[14] SPHN ELSIag. Guidance on Ethical, Legal and Social Challenges Related to the Further Use of Human Genomic Data for Research. Swiss Personalized Health Network, February 2025, (hereinafter: SPHN ELSIag Guidance).
[15] WHO Guidance.
[16] Ibid.
[17] Ibid.
[18] SPHN ELSIag Guidance.
[19] World Economic Forum. Genomic Data Policy Framework and Ethical Tensions. White paper, World Economic Forum, 1 June 2020. Genomic Data Policy Framework and Ethical Tensions, https://www3.weforum.org/docs/WEF_Genomic_Data_Policy_and_Ethics_Framework_pages_2020.pdf.
[20] WHO Guidance.
