This paper examines an act of the Icelandic Parliament on health-sector databases. Both the legislation itself and the manner in which it was presented by the Government to the Parliament and the general public raise various questions about democratic parliamentary procedures, community consultation, autonomy, privacy, professional confidence, control of health data in hospitals and business relationships between medical doctors and biotechnology corporations. A major question to be asked is: In whose interest is it that such sensitive data are handed over to for-profit corporations? Furthermore, is it within the authority of the legislature to authorize politically appointed boards of health institutes to transfer such data without the direct informed consent of the patient and without the relevant physicians' having a say? Does experience teach us to entrust private companies with sensitive personal data? Should the Government be involved in the research policy-making of the biotechnology companies that have been given access to the genetic data of a population, or should the profit motive be the sole deciding influence? That is, should the interest of the shareholders of the companies prevail over the interest of underprivileged groups who are most in need of new methods or medicine to alleviate their situation due to incurable diseases? Or is the invisible hand of the market the only competent decision-maker? Finally, will the proliferation of databases containing sensitive personal data, such as human genetic data, limit our personal liberty?