Rostrum’s Law Review | ISSN: 2321-3787

DNA Banks: An Orwellian Dystopia


The science of Deoxyribonucleic Acid (DNA), in many ways, holds the key to a better future, however, the same key can be used to unlock a Pandora’s box. In September 2012, the Supreme Court of India passed an order in response to a petition filed by the NGO Lokniti raising concerns about over 40,000 unidentified dead bodies in the nation. The order mandated the creation of a Special Committee to look into the creation of a National DNA database.[1] The creation of such a database had been mooted by the Government itself to help find missing children, after the Nithari murders shook the conscience of the nation.[2] India isn’t alone in considering the use of DNA as a tool for identification. Argentina, for instance, recently set up a DNA database to locate child victims of enforced disappearings.[3] Australia, United Kingdom, U.S.A, New Zealand have, amongst others, long relied on DNA profiling to strengthen their criminal justice systems. Its utility has been particularly notable in cases involving rapes and homicides.

However, inherent in the use of DNA information, and often overlooked, is the threat it poses to citizens’ privacy. A DNA sample reveals a lot more than whether a suspect is the culprit; it also reveals genetic predispositions to diseases, behavioural tendencies, race and a plethora of other information about everyone related to the individual. It is thus crucial to ensure that prior to adopting a system for DNA profiling, checks against violations of our privacy are duly incorporated. Absence of these checks may lead to increased surveillance by the government which in turn leads to the creation of a ‘Big Brother’ state.  In this essay, the authors attempt to show how the recent attempts of the Government to create a DNA database have fallen woefully short of the requirement to respect the Right to Privacy of the citizens. Part I sheds light on this right as seen in the context of DNA evidence used in criminal trials. Part II critically analyzes the two Draft Bills of 2007 and 2012, in light of the privacy argument. Part III enumerates the international best practices that can be incorporated to suit the Indian context.

Part I – Right to Privacy

At the heart of the conflict between a DNA database and rights of privacy is a basic definitional challenge. Most scholars around the world strongly contend that the right to privacy is an integral aspect of human life and must be protected. However, privacy as a concept is vague and does not have defined contours. It holds different connotations for different persons and in different contexts.[4] At different points, privacy has been understood as being substantially related to bodily security, to property rights or the right to human dignity.[5] The definitional inadequacy is mirrored in the adoptions of the right to privacy in constitutional texts. The Bill of Rights in U.S.A. doesn’t explicitly outline the individual’s right to privacy; it has, instead, been implied to exist by the Courts by virtue of the Fourth and Fourteenth Amendments.[6] Similarly, in India, the right to privacy has been recognised by the Supreme Court as an implied facet of the right to life and personal liberty under Article 21.[7] Thus, we observe that the right to privacy is not a concrete guarantee by itself, rather, it is viewed as an extension of various basic rights.

In India, such contextual definitions have come from the judiciary on a case-by-case basis rather than by legislative directives.[8] In Kharak Singh vs. State of Uttar Pradesh[9] it was held that the concept of personal liberty under Article 21 was wide enough to include the right to privacy. The Court was of the opinion that nothing is as detrimental to a person’s happiness as an invasion in the ‘castle’ where he lives with his family. On the other hand, in the case of State vs. Charulata Joshi[10], the Supreme Court understood the right to privacy as a limit on the freedom of speech and expression and held that the respect for the right emanating from Article 21 demanded that the subjects of interviews cannot be interviewed in the absence of willingness to participate. These contextual definitions have over time contributed to the formulation of a multi-dimensional concept of privacy. This has been highlighted by the Report of the A.P. Shah Committee[11] wherein it has been suggested that a comprehensive protection of the right to privacy must include data protection, bodily security, protections from audio-video surveillance and unauthorised interceptions.

It must also be noted that rights by their nature are not rigid; they continually evolve according to changing social norms. Samuel Warren and Louis Brandeis argue that this adaptability is especially pronounced when it comes to the right to privacy.[12] With the advent of photography and new communicative techniques, Warren and Brandeis focused extensively on the intrusions created by these technologies on the ‘inviolable personality’ of the individual.[13] They argue that protections afforded to the right to privacy must account for threats in the societal atmosphere of the age. Years after their work, the Supreme Court expanded the conceptualisation of the right to privacy to include protection from telephone tapping by government agencies in PUCL v. Union of India[14]

The use of DNA information demands a similar expansion of the right to privacy. Caution with regard to the use of advanced scientific methods has been shown in cases such as Selvi v. State of Karnataka wherein the Supreme Court held that brain mapping and polygraph tests were inconclusive and thus their compulsory usage in a criminal investigation would be unconstitutional.[15] The use of DNA evidence hasn’t been met with the same kind of prudence. While DNA samples may give reliable evidence, there are several other concerns associated with its usage as evidence may be planted and the process of transporting the sample from the crime scene to the testing lab may be riddled with inadequacies. Thus, the belief DNA evidence proves the crime is partially blinded.[16] Yet, in cases such as N.D. Tiwari[17] and Dipanwita Roy[18], courts have placed unequivocal reliance on DNA samples.

More contentious than the growing, unilateral judicial support for DNA information in legal matters, however, is the legislative vacuum on the matter. Despite having several recommendations to the effect, India still doesn’t have a comprehensive privacy law. No parallel amendments have been made in the Indian Evidence Act[19] or other procedural laws to tackle privacy concerns. Weak efforts have been made in the form of rules and other subordinate legislation such as the Information Technology Rules, 2011.[20] However, these rules are ineffective against the State and have been criticised as being haphazard.[21] In these circumstances, the use of DNA profiling on a scale as large as envisaged by the DNA Profiling project poses dangerous threats to the individual citizens’ privacy. The information could easily be manipulated, misused or maligned. With no adequate safeguards, information compulsorily collected could be wrongly accessed by health insurance companies before entering into insurance agreements. At the same time, employers could use the information to choose employees on the basis of their genetic characteristics. There is an equally grave risk of racial targeting associated with the collection of DNA samples from the population.[22] The responsibility of protecting against such violations rests solely on the shoulder of the DNA profiling legislation itself. However, as we see in the following section, this responsibility has been grossly neglected by the legislators.

Part II – Analysis of the Draft Bills

In 2005, Section 53 of the Code of Criminal Procedure was amended to allow the collection of medical details from an accused person on arrest in certain circumstances. The scope of this section extends to the collection of DNA samples. The legality of ordering a DNA test was further confirmed by the Orissa High Court in Thogorani Alias K. Damayanti v. State of Orissa.[23] Considering the sensitive nature of information that DNA provides, the court accounted for privacy concerns and laid down certain prerequisites that must be looked into for ordering a DNA Test, the same being – “(i) the extent to which the accused may have participated in the commission of the crime; (ii) the gravity of the offence and the circumstances in which it is committed; (iii) age, physical and mental health of the accused to the extent they are known; (iv) whether there are less intrusive and practical ways of collecting evidence tending to confirm or disprove the involvement of the accused in the crime; (v) the reasons, if any, for the accused for refusing consent.”[24]

In 2007, in response to the growing utility of DNA information, the Government introduced a Draft DNA Profiling Bill.[25] This legislation aimed at creating a centralized database for the collection and storage of DNA of all persons who come in contact with the criminal justice system. However, the ambitious project failed to account for several critical aspects of human rights and privacy and falsely gave it the perception of infallibility.[26] The definitions provided in the Bill were extremely expansive in scope, allowing the government to conduct genetic tests on anyone connected with the most minor legal violations.[27] The Bill did not have any substantive provisions that provided for the individual’s privacy rights. It allowed for the establishment of a DNA Profiling Board (‘the Board’) as the regulatory authority over the database, with its powers and functions enumerated in the Bill itself. Some of these provisions gave unfettered discretionary powers to members of the Board and other officials, making the information collected liable to abuse. For instance, Section 41 of the Bill provided that the Data Bank Manager could grant access to the database to “any person or class of persons that the Data Bank Manager considers appropriate”. This translated into one individual being vested with the power to grant anyone access to the DNA information.

The Bill also provided for the establishment of state-wise DNA databases with a copy of each record in these databases to be kept with the National database. This duplicity of information would further increase the risk of access and abuse of the personal information. However, the most notable of these lacunae was the exclusion of private causes of action against the unlawful storage of information in the national database. Thus, individuals were left without any remedy if their DNA was unlawfully retained in the database. Further, the individual could not review information about themselves on the database which resulted in the possibility of illegal collection, storage and use of private genetic information.[28]

The concerns raised by the analysis of the Bill prompted the government to redraft it, and in 2012, a fresh version of the DNA Bill[29] was drafted with changes to correct the shortcomings of the first Bill. However, the government has not completely succeeded in its aim.

One of the major drawbacks of the 2012 Bill is that there continues to be no provision for the inclusion of an expert on privacy laws or human rights. Even the section that provided for the inclusion of a social scientist in the 2007 draft has been deleted, and no replacement has been included for the same, potentially leading to the regulation of the DNA database with no consideration of privacy of the citizens or basic human rights.[30]

Apart from this, among the more fundamental problems of the Bill is the absence of guidelines with respect to the procedural aspect of collection, storage, and use of DNA information. There is no clarity in the provisions regarding the access of such information to third parties, and the circumstances during which such access may be provided. The Bill provides that the regulations to this are to be drafted by the Profiling Board, which may increase the risk of bias and lack of transparency. Section 37 provides for the DNA information to be retained indefinitely, to be deleted only after the courts have exonerated the accused, without any guidelines detailing whether or not the individual would have any access to the information during the period of retention. In fact, Section 43 only protects information regarding the victims of crimes and persons excluded as suspects, implying that anyone related to the case who doesn’t fall into either of the two categories has her DNA information exposed to unauthorised access.[31]

Further, the Bill provides for the appointment of a Chief Executive Officer (CEO), as well as the procedure for such appointment. While the powers and functions of this office were clearly set out in the 2007 Bill, they have been removed entirely from the 2012 Bill, which merely states that such powers and functions shall be specified by the Board. This subordination to the Board further makes the office liable to be abused and used arbitrarily. The only qualification required for the appointment is that the person be a “scientist with an understanding of genetics and molecular biology”. This also increases the ambiguity surrounding this provision.[32] The requirement of an understanding of genetic and molecular biology may be enough from the technical perspective, but from the legal perspective, it is imperative to have a privacy and human rights expert as a part of the body of authority.

The functions of the Board itself are open to debate, as a failure to specify the extent of its powers in the new bill has increased the potential for misuse of the information. For instance, subsection 12(j) of the 2012 Bill authorizes the Board to communicate DNA information to ‘law enforcement and other agencies’ for ‘civil proceedings’, with no clarification as to what either of the terms constitute. While the new Bill retains the provision to set up regional databanks, there are as yet no guidelines as to their powers and functions. There is also no clarification regarding the sharing of information by the State databanks with the National database, the nature of information that is to be shared, the retention period among several other problems.[33]

Like the old Bill, Section 33 of the new Bill provides that the Databank Manager shall be responsible for the functioning of the National DNA Database. However, the nature of his responsibility, and what tasks this may entail are not specifically provided for. Clauses prohibiting the use and communication of DNA information without prior consent were deleted, and an additional clause was inserted allowing the communication of the information to international agencies for ‘criminal investigation’. The question of who shall be entitled to such information remains unaddressed.[34]

From the analysis of the two Bills, it is clear that the creation of a DNA database is a daunting endeavour, especially in light of the privacy threats it brings with it. The lacunae in the drafts prove that the aim is certainly not one that can be accomplished in a hurry. However, despite the serious implication of this being an impossible dream, the establishment of a DNA Bank without compromising on the fundamental rights of the citizens is a very real possibility, if only certain basic ideals are borne in mind. The following section details practices that are followed globally that have allowed for the successful establishment of DNA Banks, without a violating the right to privacy of the individual.

Part III – International Best Practices

DNA evidence was first used in criminal investigations in the United Kingdom in 1986 to solve the rape and murder cases of two 15 year old girls. By 1998 every state in U.S.A. had established a DNA databank.[35] The information from databanks is collated in the FBI controlled national DNA databank in accordance with the DNA Identification Act.[36]

The DNA revolution has clear advantages. Many scholars have re-iterated that it enhances the probability of punishing the criminal, thus enhancing the effectiveness of the criminal justice system.[37] This has resulted in the reduction of criminal incidents, especially in cases where DNA evidence is especially useful such as murders and rapes. It has also been highlighted that DNA evidence can be used for the exoneration of the innocent.[38] These examples show that this technological advancement has the potential to reap massive rewards in society. However, before the system is put into use it is essential that we balance societal interests against the privacy of the individual. In this section, the authors explore the international best practices in this regard and highlight how other legal systems have resolved the conflict of interests that arise.

The first and foremost problematic theme in the Indian conceptualisation of DNA profiling is the indeterminate range of situations that allow for the collection of DNA samples. International practise shows that the reasons for collection of samples must be limited and unambiguous to strike the chord of balance. In the State of Virginia, which was the first State in the U.S.A. to establish a DNA bank, the collection of samples was initially limited only to convicted sex offenders.[39] This was gradually expanded- at first to include all newly convicted felons and eventually to include certain classes of juvenile offenders. A similar pattern is observed in the practice of DNA profiling in the United Kingdom which has met a degree of success. Governed by the Criminal Justice and Public Order Act[40], the initial collection of DNA samples was very restrictive.[41] This practise of starting with a small sample population allows for the privacy safeguards to evolve according to the needs of the age instead of putting a larger section of people in danger.

Another important feature of the DNA profiling system in the United Kingdom is the limited retention of samples. Samples of criminal convicts are strictly separated from civil persons’ samples. Furthermore, the destruction of civil samples after a defined period of time is mandated by law.[42] The issue was dealt with by the European Court of Human Rights in the case of S. & Marper v. U.K.[43], wherein the information of two suspects were stored in the database after their release. Their request for the deletion of the records was also overturned by the British police. This was held to be violative of their human right to privacy. The court held that limitations of the right to privacy must be proportionate to the state interests involved. Looking into the matter of retaining DNA records for an extended time period, i.e. after the purpose of the sample had been achieved, was, in the Court’s view, an unbalanced approach towards societal interests vis-à-vis the individual’s right.

It is also extremely essential to ensure that the information provided by DNA does not fall into the wrong hands. The sensitive nature of DNA information has already been stressed on, and unauthorized access to DNA samples seriously jeopardizes the secrecy of the giver of the sample. It is therefore vital that access of such information is strictly regulated, and that the regulatory body of the DNA Bank is made accountable for any breach of this obligation. For instance, in America, the FBI is staunchly opposed to release of DNA information to any third party, citing violation of privacy rights as the main concern. However, the US Congress authorizes the supply of information for research purposes, after the removal of personal identifiers contained in the information, thus making available only anonymous genetic profiles; a move supported by both the President as well as the National Research Council.[44]
In 1989, the United Nations (UN) issued the Guidelines for the Regulation of Computerized Personal Data Files, wherein it is stated that the person whose information is taken has the right to know whether, and in what manner it shall be used. Further, in 1995 the European Union issued binding directives[45] establishing a regulatory framework for ensuring that the data subjects have the right to know the origin of the personal data, as well as the right to correct inaccurate data. It also contained a remedy against unlawful processing of such data, bringing in accountability of the concerned authority, along with the right to deny permission to use the data under certain circumstances.[46]

Perhaps the most significant aspect that must be incorporated into the legal framework for DNA profiling is free, prior informed consent (‘FPIC’). The idea of FPIC has evolved mainly with regard to medical research on human genetic data, but it is crucial to the security of a DNA database especially if the system’s scope is beyond criminal investigation, as is suggested by recent Supreme Court directives.[47] There are multiple accepted standards of ensuring that FPIC is obtained. First, the information given to the data subject must be adequate for her to make an informed and prudent decision about volunteering the sample. This has been expanded in recent years to develop the ‘subjective substantial disclosure’ standard, requiring that the patient be given sufficient information at every stage of the use of the data being given.[48] Indeed to fulfil the basic obligation of obtaining FPIC, it is necessary the limits of data collection, retention and access be defined in clear terms.


Despite its contextual and undefined nature, scholars have always upheld integral correlation of the right to privacy with security and human dignity. Further, the understanding of privacy needs to keep up with the developments taking place in society. However, neither the judicial, nor the legislative conceptualisations of the use of DNA information show this respect for privacy. The draft Bills on DNA profiling use ambiguous definitions and confer dangerously wide powers, leaving tremendous scope for privacy violations.  It is imperative that we create a system that addresses these lacunae, and for this reason, the authors have drawn principles from a survey on the international practices relating to the creation of DNA databases. It is submitted that incorporating these principles would substantially elevate the balance between the societal interests sought to be served and the privacy concerns of individual citizens.


Statutes, Rules, Bills

  • Criminal Justice and Public Order Act, 1994 c.2 (Eng.)
  • DNA Identification Act, S.C.1998, c. 37 (Can.)
  • Draft DNA Profiling Bill 2007
  • Guidelines for the Regulation of Computerized Personal Data Files, 1989
  • Human DNA Profiling Bill, 2010, Working Draft Version (February, 2012)
  • Indian Evidence Act, No. 1 of 1872.
  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, Gazette of India, (Apr. 11, 2011).
  • The European Union (EU) Data Protection Directive, 1995


  • P. Jain, Constitutional Law of India (LexisNexis Butterworths Wadhwa 2010)
  • MP Singh, V.N. Shukla’s Constitution of India (11th Edition Eastern Book Company 2011)
  • DD Basu, Commentary on the Constitution of India, (8th Edn, LexisNexis Butterworth Wadhwa Nagpur 2011)


  • Dipanwita Roy v. Ronobroto Roy, [2014] 4 RCR (Civil) 724.
  • Govind v. State of Madhya Pradesh and Anr, [1975] 3 SCR 946
  • Kharak Singh v. State of Uttar Pradesh, [1964] 4 SCR (1) 332
  • Narayan Dutt Tiwari v. Rohit Shekhar [2012] 12 SCC 554.
  • PUCL v. Union of India, AIR [1997] SC 568
  • Rajagopala v. State of Tamil Nadu, [1994] 6 SCC 632
  • & Marper v. U.K., [2008] Eur. Ct. H.R., App. No. 30562/04
  • Selvi v. State of Karnataka, [2010] 7 SCC 263
  • State v. Charulata Joshi, [1996] RLR 265
  • Thogorani Alias K. Damayanti v. State of Orissa, [2004] Cri. LJ 4003 (Ori)

Journal Articles



Government Reports

Other Online Resources


End Notes

[1] Harish V. Nair Government plans DNA database to help find missing people, 14 July 2014 https://www.dailymail.co.uk/indiahome/indianews/article-2692100/Government-plans-DNA-database-help-missing-people.html

[2] https://timesofindia.indiatimes.com/home/stoi/deep-focus/Missing-link-in-lost-kids/articleshow/16706513.cms

[3] https://www.lawschool.cornell.edu/research/ILJ/upload/King-final.pdf

[4] Alessandro Acquisti, Privacy And Security Of Personal Information, available at


[5] Privacy, Stanford Encyclopaedia of Philosophy, (Aug 9, 2013), https://plato.stanford.edu/entries/privacy/.

[6] Right to Privacy Law & Legal Definition, US Legal, https://definitions.uslegal.com/r/right-to-privacy/.

[7] Govind v. State of Madhya Pradesh and Anr, [1975] 3 SCR 946; R. Rajagopala v. State of Tamil Nadu, [1994] 6 SCC 632.

[8] Govind v. State of MP, supra note 7.

[9] Kharak Singh v. State of Uttar Pradesh, [1964] 4 SCR (1) 332.

[10] State v. Charulata Joshi, [1996] RLR 265.

[11] Report of the Group of Experts on Privacy, Government of India Planning Commission, available at https://planningcommission.nic.in/reports/genrep/rep_privacy.pdf.

[12] S. Warren and L. Brandeis, 5 Hav. L. Rev. (1890), available at


[13] Id.

[14] PUCL v. Union of India, AIR [1997] SC 568.

[15] Selvi v. State of Karnataka, [2010] 7 SCC 263.

[16] Crispin Hull, DNA Comment, (Feb 2, 2000), https://www.crispinhull.com.au/2000/02/02/2000_02_february_dna-comment/ .

[17] Narayan Dutt Tiwari v. Rohit Shekhar [2012] 12 SCC 554.

[18] Dipanwita Roy v. Ronobroto Roy, [2014] 4 RCR (Civil) 724.

[19] Indian Evidence Act, No. 1 of 1872.

[20] Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, Gazette of India, (Apr. 11, 2011).

[21] Bhairav Acharya, Comments on the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, Centre for Internet and Society, (Mar. 31, 2013), https://cis-india.org/internet-governance/blog/comments-on-the-it-reasonable-security-practices-and-procedures-and-sensitive-personal-data-or-information-rules-2011.

[22] Allison Puri, An International DNA Database: Balancing Hope, Privacy, and Scientific Error, 24 B.C.

Int’l & Comp. L. Rev. 341 (2001), https://lawdigitalcommons.bc.edu/iclr/vol24/iss2/6.

[23] Thogorani Alias K. Damayanti v. State of Orissa, [2004] Cri. LJ 4003 (Ori).

[24] Overview and Concerns Regarding the Indian Draft DNA Profiling Act, The Centre for Internet and Society, https://cis-india.org/internet-governance/indian-draft-dna-profiling-act.pdf.

[25] Draft DNA Profiling Bill 2007, available at https://dbtindia.nic.in/DNA_Bill.pdf.

[26] See Debra Cassens Weiss, Is DNA infallible proof? Contamination, stats can lead to injustice, prof says, ABA Journal (Jul 29, 2013, 11:15 AM CDT),

 https://www.abajournal.com/news/article/is_dna_infallible_proof_contamination_stats_can_lead_to_injustice/; G. Penacino, A. Sala & D. Corach, Are DNA tests infallible?, International Congress Series 1239 (2003) 873 – 877 available at


[27] Overview and Concerns regarding DNA Act, supra note 24.

[28] Maria Xynou, A Comparison of the Draft DNA Profiling Bill 2007 and the Draft Human DNA Profiling Bill 2012, The Centre for Internet and Society (Mar 15, 2013), https://cis-india.org/internet-governance/blog/comparison-of-draft-dna-profiling-bills.

[29] Human DNA Profiling Bill, 2010, Working Draft Version (February, 2012), available at


[30] Maria Xynou, supra note 28.

[31] Id.

[32] Id.

[33] Id.

[34] Id.

[35] Jennifer Doleac, The Effects of DNA Databases on Crime, (University of Virginia, Faculty Working Paper) available at https://www.batten.virginia.edu/content/2013-001-effects-dna-databases-crime-jennifer-doleac-860 .

[36] DNA Identification Act, S.C. 1998, c. 37.

[37] Doleac, supra note 35.

[38] Id.

[39] Allison Puri, supra note 22.

[40] Criminal Justice and Public Order Act, 1994 c.2 (Eng.)

[41] Allison Puri, supra note 22.

[42] Id.

[43]  S. & Marper v. U.K., [2008] Eur. Ct. H.R., App. No. 30562/04.

[44] Candice Roman-Santos, Concerns Associated with Expanding DNA Databases, 2 Hastings Sci. & Tech. L. J. 267, available at https://hstlj.org/articles/concerns-associated-with-expanding-dna-databases/.

[45] The European Union (EU) Data Protection Directive, 1995.

[46] Ekaterina A. Drozdova, Civil Liberties and Security in Cyberspace, CISAC Report (August 2000), available at https://fsi.stanford.edu/sites/default/files/drozdova.pdf.

[47] Vipul Kharbanda, DNA Database for Missing Persons and Unidentified Dead Bodies, Centre for Internet and Society (Oct. 31, 2014), https://cis-india.org/internet-governance/blog/dna-database-for-missing-persons-and-unidentified-dead-bodies.

[48] Jacquelyn Ann K. Kegley, Challenges to informed consent, EMBO Rep. 5(9) 832–836 (2004), available at


Scroll to Top