Using GDPR Art. 15 to request gene targets for concurrent cancer vaccine
The Context: A patient is undergoing SOT (Supportive Oligonucleotide Technique) therapy with a laboratory (HQ in Switzerland, processing lab in Greece). This is a "personalized" therapy where an miRNA preparation is created based specifically on the patient's own Circulating Tumor Cells (CTCs).
The patient is also developing a personalized neoantigen cancer vaccine with a separate team. For clinical safety and treatment coordination, the oncology team needs to know the genetic targets of the SOT therapy (the biomarkers/genes being silenced).
The Conflict: The lab has declined to disclose the specific gene names or targets, citing the miRNA sequence as a proprietary "trade secret."
The Technical Question: In the context of personalized medicine—where the "product" is derived entirely from the patient’s own unique biological data—how is the balance typically struck between Article 15 (Right of Access) and Article 15(4) (Rights of others/Trade Secrets)?
- Does the identity of a genetic target (the "what") qualify as personal health data, even if the synthetic sequence used to hit that target (the "how") is a trade secret?
- Has anyone seen DPA guidance or case law regarding "unredactable" health data when it is required for the safety of concurrent medical treatments?
- What are the standard compliance escalations when a lab remains silent on a DSAR in a time-critical medical situation?
Personal Note: I submitted a formal DSAR today but haven't had any engagement from the lab for over two weeks on previous inquiries. For a late-stage cancer patient, every day is critical. Navigating this administrative "black hole" while fighting the disease is incredibly taxing, and I'm trying to understand the regulatory landscape to ensure we get the data needed for vaccine in time.
Thank you for any info you could share regarding the matter.