Press Release: LunaDNA’s DPIA

LunaDNA Elevates Platform To Further Adhere To GDPR’s Data Privacy Framework To Deliver Data Rights To Individuals Who Participate In Health Research

Following a Data Protection Impact Assessment, Privaon and Luna announce the platform confers all data rights to individuals in compliance with GDPR

SAN DIEGO, March 08, 2022 /PRNewswire/ – LunaPBC and Privaon have completed a rigorous assessment of data privacy protections for members of LunaDNA. A Data Protection Impact Assessment (DPIA) was conducted to characterize the platform’s compliance with the General Data Protection Regulation (GDPR). The DPIA confirmed that the data privacy rights of Luna members are fully supported.  It is commonly accepted that GDPR is the most demanding data privacy standard adopted by many non-European Union countries and states such as California, Virginia, Colorado, among others. This milestone follows Institutional Review Board approval of the Luna platform for human health research.

Luna empowers and protects people through a modern data framework that supports them as individuals, not just as research participants. In addition, the GDPR framework confers a level of transparency and control to the individual in their data usage, which encourages greater inclusion and diversity in research studies and in clinical environments where participant empowerment is key. A DPIA examines potential sources of risk or harm to individuals sharing data and the likelihood that these risks could manifest. This is an essential aspect of evaluating a platform’s ability to abide by GDPR’s data privacy framework. The Luna platform has mitigated all risks of potential harm to the data subject below the threshold guidelines provided by the European Union’s Data Protection Authority.

“Giving the power over one’s data back to the individual versus an institution should go a long way toward keeping individuals engaged and ensuring that health research will be more inclusive,” says Sharon Terry, president and CEO of Genetic Alliance and iHope Genetic Health. “This is especially the case with Luna’s privacy-by-design platform that has been evaluated by legal experts.”

Tomi Mikkonen, chief technology officer and founding partner at Privaon, adds, “It has been exciting to help identify and mitigate privacy risks in the Luna platform. We look forward to expanding the scope of Luna’s DPIA to include research studies as they become ready for evaluation.”

“Luna is already being used to gather and store patient-owned accessible clinical data and to activate study participants globally for several diseases and by pharmaceutical clients who are operating in partnership with these patient communities,” says Scott Kahn, Ph.D., Luna’s chief information and privacy officer. “At Luna, we see a world of research in which diversity and inclusion can be extended beyond the boundaries of countries to help deliver on the many needs that still exist to improve human health and well-being.”


About LunaPBC

Founded in 2017, LunaPBC is a public benefit corporation headquartered in San Diego, California. The team, investors, and advisors are renowned in the patient-advocacy, health, and science fields. With participation from over 180 countries and communities advancing causes including disease-specific, public health, environmental, and emerging interests, Luna’s tools and services empower these collectives to gather a wide range of data — health records, lived experience, disease history, genomics, and more — to advance research that addresses their unique health needs. Luna makes research representative of the real world and aligned with people’s true goals by giving all participants a role from right where they are. For more information, visit

About Privaon

Founded in 2014, Privaon is a leading privacy specialist and software company. We provide our customers tools for risk assessments and privacy management along with various consultation services. Privaon’s DPO365 service helps data protection officers to succeed with tasks and obligations of this role. By using DPO365, you ensure that your organization’s data protection tasks are on track and you have access to the latest data protection tools. For more information, visit