There is consensus that 2022 will be a busy year for data privacy experts. Many will need to quickly understand and implement the growing list of privacy legislation at the state level—and that is absent any sweeping federal legislation needed to update the country’s antiquated view of data privacy and data governance.

While states such as California are leading the charge in the United States, it is important to recognize that the expression of data privacy as a fundamental human right was first thoroughly expressed by the European Union’s landmark General Data Privacy Regulation (GDPR) which became law in May 2018. Indeed, even when California took steps to address the importance of a person’s right to control the use of data collected on themselves via the California Consumer Privacy Act, a second legislative action was already taking place in the California Data Protection Regulation (CDPR). This further aligns the expression of one’s data sovereignty with the ideal outlined in GDPR.

In 2021, Virginia and Colorado enacted data privacy protections for their citizens, and privacy experts are anticipating even more state-led legislation this year.

What Data Privacy Means to Luna

From the company’s founding in 2017 and the creation of the Luna platform, we believed a tectonic shift in data privacy was about to take place—one that reassigns the control of data from institutions and governments back to individuals. GDPR had yet to be enacted then, but we believed that its tenets would redefine data privacy in ways that could positively address some of the most vexing challenges in human health research.

The history of data misuse in health research is still fresh and remains a top concern for research engagement for some populations. Frequently cited examples include the Tuskegee Study, the appropriation of Henrietta Lack’s tumor cells, and misleading the Havasupai Tribe on how their DNA samples would be used in specific research.

These examples have contributed to the hesitancy of non-European—descended (non-“white”) Americans to participate in health research. More recently, fears around the collection of individuals’ data who may lack formal immigration status in the United States have continued to widen the gap between white and non-white Americans who volunteer to participate in health research through clinical trials and other studies. This has resulted in treatments and policies focused on a single ethnic group. It has also held non-European—descended communities further behind in access to healthcare tools.

The thesis at Luna was to design and implement a platform that embraced an individual’s right to control their health data. Luna was founded on the commitment to use health data in studies to enable broader and deeper participation in health research by all ethnic groups and using all medically relevant attributes. In accomplishing such, it would permit data aggregation at the level required to find research solutions that could be clinically validated for all people and for all ethnicities.

Modern Data Privacy Regulations

Scott Kahn
Scott Kahn, PhD, Chief Information and Privacy Officer, Luna

Fast forward to 2022. Legal tech experts are now opining on the challenges posed by state-led privacy legislation motivated by the increasingly prevailing view that data privacy should be a human right. These experts forewarn that the only way to harmonize data in such a regulatory quagmire will be to follow the strictest version of privacy protections for individuals. They point to GDPR as a viable true north.

At Luna, our experience has shown that this approach works exceptionally well for communities seeking novel health treatments for rare diseases and for communities seeking to understand a shared lived experience. It also provides opportunities for commercial pharmaceutical partners that seek to responsibly engage with patients and their support communities by managing each participant’s health data and returning these data once the study has concluded.

As these examples become more extensive and well-known, it is reasonable to assert that the enablement of inclusive and participatory health research will be recognized as a result of modern data privacy regulation rather than the current misbelief that individual data privacy will impede needed health research.

About Luna

Luna’s suite of tools and services connects communities with researchers to accelerate health discoveries. With participation from more than 180 countries and communities advancing causes including disease-specific, public health, environmental, and emerging interests, Luna empowers these collectives to gather a wide range of data — health records, lived experience, disease history, genomics, and more – for research.

Luna gives academia and industry everything they need from engagement with study participants to data analysis across multiple modalities using a common data model. The platform is compliant with clinical regulatory requirements and international consumer data privacy laws.

By providing privacy-protected individuals a way to continually engage, Luna transforms the traditional patient-disconnected database into a dynamic, longitudinal discovery environment where researchers, industry, and community leaders can leverage a range of tools to surface insights and trends, study disease natural history and biomarkers, and enroll in clinical studies and trials.

Scott Kahn, Ph.D.

Scott Kahn, Ph.D.


Scott is the former CIO and VP Commercial, Enterprise Informatics at Illumina. At Luna, he’s integrating data privacy and security provisions that keep member data safe, private, and secure.