Language selection


Protecting Privacy in Cloud Based Genomic Research

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.


McGill University, Centre of Genomics and Policy



Project Leader(s)

Yann Joly, Research Director, Centre of Genomics and Policy


Genomic research and personalized medicine require an exponential amount of genomic and associated health data. A vast computer infrastructure is needed to enable large scale data storage and analyses. Genomic scientists are increasingly turning to cloud computing as a solution. Can participants’ privacy and trust be ensured as sensitive data migrates to the cloud? Is genomic research in the cloud permitted under existing ethical and legal norms in Canada? Are the protections provided by legislation and the standard terms of service currently offered by cloud service providers sufficient to protect the privacy and security of genomic and health data stored in the cloud?

To answer these questions, the researchers first reviewed the literature on privacy in relation to genomic information, genomic research, and cloud computing. Second, they systematically reviewed Canadian research ethics guidelines and privacy laws to identify gaps and impediments in privacy protection for cloud-based genomic research. The team used a comparative law approach, analyzing cloud computing privacy solutions in the United States and European Union to see if they can be adapted to the Canadian context. Third, they analyzed the terms of service of six cloud service providers to identify additional gaps in privacy protection at the contractual level.

The key deliverables include: 1) a cloud privacy compendium that reviews privacy laws and policies in Canada that govern genomic research in the cloud; 2) a discussion document that presents the results of the literature review of genomic privacy, the review of applicable privacy governance frameworks, and the comparison of cloud service provider terms of service; and 3) a policy brief that summarizes the findings, outlines points to consider for policy makers and other stakeholders who aim to ensure the privacy of participants in cloud-based genomic research, and provides a cloud contract checklist to guide researchers entering into legal arrangements with cloud service providers.

This document is available in the following language(s):

English and French

English only

OPC Funded Project

This project received funding support through the Office of the Privacy Commissioner of Canada’s Contributions Program. The opinions expressed in the summary and report(s) are those of the authors and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada. Summaries have been provided by the project authors. Please note that the projects appear in their language of origin.

Contact Information

Centre of Genomics and Policy
McGill University
740, avenue Dr. Penfield, suite 5200
Montreal (Quebec)
H3A 0G1

Tel: (514) 398-8155
Fax: (514) 398-8954

Date modified: