The overall goal of GenoBank.io is to build a network of people that can participate in a network
self-sovereign sharing of DNA data using their boxes in a GDPR compliant way (through a GDPR
or a GDPR
Question is how we combine an identity (ID) + Biospecimen + Wet Lab (DNA extraction & Sequencing) +
(biosample permission token) to digitally enforce/program the 4 main rights of the GDPR
GDPR compliant secure encrypted sharing of genomic data using Blockchain
identity : can be created using
public/private keypairs that are compatible
with the underlying blockchain cryptography. They are free to generate for anyone and do not require
registration. In fact they can be generated off-line. Their goal is to identify the actors in the
and provide encryption- and decryption keys for the data in a later stage.
biosample: Using the GenoBank.io saliva kit, your
DNA is sequenced and delivered to you as a digital file.
donor: this is the data subject. A
user wants to share a digital DNA biosample with other
people (such as research institutes)
token: a “biospecimen permission
token” is a Non Fungible Token for
managing the usage rights on data is a smart contract which is signed by an identity (the owner of
data) to grant usage of a DNA biosample for a certain period of time. It grants the researcher (or
receiving party) the right to use this DNA sample.
notary: a blockchain notary is a
service (and smart contract with a fixed agreed upon address on the blockchain ) that keeps track of
state-changes in the system. Most notably it will notarize the NFT tokens on the blokchain - so
observer can irrefutably verify that a certain state change happended at a certain point in time.
it is written on a public blockchain - it is immmutable and observable for all. Since we only store
hash of the data - only those with access to the data itself can do the verification.
People who want to exchange DNA (Genomic) data in a GDPR compliant
way will use a PC that
holds and synchronizes data, and has software installed on it (software package) that executes the rules
The goals of the hardware solution is
- provide a solution to store the DNA data in an encrypted
- provide a decentralized solution of storing data (aka not in a
data center, but in the
home of the user itself.)
- provide a convenient user interface to manage the usage rights
(BioNFT tokens) on their
- do the re-encryption of data for recepients if a “biosample
permission token” (BioNFT)
token has been created and delegated.
- Make sure that the re-encrypted data is made available
(‘pinned’) in the
- securely exchange messages with the receipients of the
- comply with state-changes in the BioNFT tokens
notably to remove (destroy
and blocklist) datasets that they have on their system that has its license revoked or expired a
point in time.
There are different actors in this protocol
Issuer: The owner of the DNA data. He/she will manage the usage rights of
their DNA data through the app.
Recipient : The researcher -
research institute that likes to receive the data for analysis.
Notary: a smart contract on
the blockchain that can be used to notarize data,
thus giving it a public timestamp (“Proof Of Existence”) - that can be publicly verified by outside
observers, anyone who has the original data can prove that the data was notarized.
There are 3 flows in the protocol
1. Issue right to use
2. Extend right to
3. Revoke right to
The overall goal of GenoBank.io is
to build a network of people that can participate in a network that allows self-sovereign sharing of DNA
data using their boxes in a GDPR compliant way (through a GDPR certification or a GDPR audit)
Question is how we combine an identity (ID) + Biospecimen + Wet Lab
(DNA extraction &
Sequencing) + IPFS + Non-fungibles (biosample permission token) to digitally enforce/program the 4 main
rights of the GDPR:
- Right to know<
- Right to Port (Own) data
- Right to be forgotten.
- Not to be discriminated
- Would this approach reverse the roles of “GDPR data processor”
- in the sense that we
give the users the power to decide who they share their data with + make the user basically his OWN
- Implementing the biosamples permission platform into a
- Legal applicability of promissory estoppel or similar legal
theory to allow anonymous
owners of property to make claims against permitees.