This article provides background information for unit 7 of the Course on Genomics, Ethics and Society.
Privacy came to the forefront of discussions about genetic research with the passing of the 2008 Genetic Information Nondiscrimination Act (GINA). Though this legislation was groundbreaking in the restrictions it placed on using personal genetic data, it has been widely recognized as providing inadequate protections for most privacy concerns. GINA’s main function is to prevent health insurance companies and employers from using genetic data for discriminatory purposes. It does not, however, regulate access to or disclosure of genetic data. Most scientific and medical uses of genetic data are thus unrepresented and unregulated in law (though the EU is expected to pass broad restrictions on these uses in late 2014 through its General Data Protection Regulation). For more on GINA, see https://www.genome.gov/Pages/PolicyEthics/GeneticDiscrimination/GINAInfoDoc.pdf
Because the science is so new, discussion of the social and ethical implications of genetic privacy is also somewhat in its infancy. Here we will review what progress has been made in understanding the nature of privacy, explain different ethical approaches to privacy, and summarize the specific issue of how privacy concerns have led scientists to change their approach to consent.
1. What is Privacy?
A person’s genetic data provides a great deal of information about that individual, as well as his or her genetic relatives. Possessing or having access to this information, without the consent of that individual and his or her relatives, is frequently described as threatening privacy. What exactly does this mean?
“Privacy” is often defined not in terms of what it means for something to be “private” but how we protect the things we take to be private. For instance, in Privacy and Progress, the 2012 report on privacy and genetic data from the President’s Commission on the Study of Bioethics, privacy is defined as “whether and how personal, sensitive, or intimate knowledge and use of that knowledge about an individual can be limited or restricted (by means that include guarantees of confidentiality, anonymity, or secure data protection).” This definition identifies generally what needs to be protected (personal information), and how to protect it (anonymising data, among other methods), but, one might think, fails to say precisely what privacy itself consists of. In fact it suggests that it is an open question whether some types of personal information deserve to be protected at all.
However, almost everyone agrees that we should be able to keep some types of personal information private if we choose, and thus privacy needs to be protected. On another definition of privacy from Privacy and Progress, “privacy” refers to “States of affairs by virtue of which the accessibility of persons, personal information, or personal property is limited or restricted.” This definition indicates that privacy is a matter of protecting personal property and information in the right ways. On this, both definitions seem to agree. Disputes about privacy are disputes about the appropriate level of protection for one’s person, including information about oneself. Some argue that privacy in this sense is a moral, or perhaps also a legal, right, while others resist the use of rights language, and argue instead that privacy is a valuable interest that we have.
Privacy can be understood in different ways, depending on the context in which the concept is applied. Four of these ways are especially important in discussions of genetic data. The first and most general type is informational privacy. This refers to restricting access to information about oneself. Common informational privacy issues including limiting access to your genetic data and restricting what people are permitted to do with your information.
A second type is decisional privacy. This refers to autonomy in making choices that concern oneself or one’s genetic data. Common decisional privacy issues include deciding whether or not to receive information about one’s genetic predisposition to diseases, as well as whether or not to inform family members about this information.
A third type is physical privacy. This refers to restrictions on collecting and storing information about oneself. Common examples of physical privacy concerns include how records are kept, whether physical specimens (like body tissue) are stored, and how inspection and observation are conducted. Embarrassing medical inspections of one’s body, for instance, might be considered invasions of physical privacy.
A fourth type is proprietary privacy. This refers to the right to control financial and economic gain based on information about oneself. Creating cell lines and using bodily tissues, as well as the general question of whether one’s body should be considered one’s property, are common proprietary privacy issues.
For discussions of these distinctions, and for more detailed analysis of the concept of privacy, see http://plato.stanford.edu/entries/privacy-medicine/ andhttp://plato.stanford.edu/entries/privacy/
2. Privacy vs. Scientific Progress
Privacy issues with respect to genomics technologies have become particularly acute for two main reasons. One is the widespread sharing of genetic data. The more genetic data doctors and researchers have, the better their diagnoses and proposed treatments for serious genetically- based diseases is likely to be (this is particularly true for rare diseases). Many researchers have thus pushed for increased accessibility and sharing between databases. This of course increases the chances that patients’ genetic data will be put to uses that were not originally intended and consented to by the patients.
This need for more and more genetic data is paired with a second, related need to make patients identifiable and non-anonymous, which raises other concerns for privacy. In order for researchers and doctors to track the progress of a disease, and to tailor treatment, individuals must be contacted repeatedly throughout their lifespan. Researchers use various techniques to retain some degree of non-identifiability and anonymity, but many of these techniques have proved inadequate, since there are so many ways of linking individuals, or at least their family lineage, to fragments of genetic information.
Placing restrictions on sharing and non-anonymizing genetic data would, according to many, severely hamper research into and treatment of diseases. Thus, there seems to be an inherent conflict between privacy and medical progress. This is why, according to Privacy and Progress, the goal should be to “minimize the privacy risks that could befall individuals while enabling research and clinical care for public benefit to continue.” What’s interesting here is that privacy seems to be understood as something towards which risks should be minimized, not something to which we have a right that should not be violated. Of course, given the tension between privacy and progress, this goal of minimizing risks to privacy while maximizing benefits may be unachievable. In the next section, we will discuss the main solutions Privacy and Progress proposes in order to reach this goal.
3. Ethical Principles
Privacy and Progress focuses on six ethical principles. We will briefly describe these principles and what they mean for privacy.
The first principle is respect for persons. Respect for persons requires researchers to treat people as autonomous agents, capable of making free and informed decisions, and to respect people’s decisions so long as they do not cause harm to others. For instance, coercing someone into providing access to his or her genetic data would constitute a violation of this principle.
The second principle is public beneficence. This principle asks us to pursue and secure public benefits and minimize public harm. Gene research has been defended largely on the utilitarian grounds that it will maximize benefits for everyone. Public beneficence dictates that gene research should thus be supported, insofar as it does indeed maximize overall benefits. Respect for persons and public beneficence can occasionally conflict with each other. For instance, distributing genetic data widely might be publically beneficent but seriously violate respect for persons.
The third principle is responsible stewardship. This principle requires those involved in genomics research to take into account the interests and needs of those who are not capable of representing themselves. For instance, children and the mentally disabled might not be able to understand the implications of releasing their genetic data. In such cases, parents, guardians, and other involved parties must ensure that these vulnerable populations are protected.
The fourth principle is intellectual freedom. Intellectual freedom protects scientists’ interest in using their knowledge and skills to advance science and the public good. Many scientists think genomics technologies are capable of providing unprecedented improvements in human health and well-being, so long as their research is not hampered by regulations and restrictions (e.g., on data-sharing). Of course, this principle also has the potential to conflict with other principles, including responsible stewardship and respect for persons. Intellectual freedom is thus constrained by responsible scientific practices.
The fifth principle is democratic deliberation. This principle advocates for citizens to take an interest in how their genetic data is used, and to participate in public debates over policies pertaining to genetic data. This principle allows for ongoing change in regulations governing genetic data.
The sixth principle is justice and fairness. Justice and fairness have been discussed in many other modules. With respect to privacy and genetic research, fairness could be taken to mean that people should receive benefits from research in some relation to the costs to them – for instance, that those who submit genetic data to researchers can access the results (and potentially benefits) of that research. Justice, in this case, might be interpreted to mean that no group or groups in society should be forced to carry a disproportionate burden of the negatives of genomic and genetic research, or should obtain all the benefits.
Many scientists and ethicists have proposed that genomic technologies require significant changes in current standards of consent. This includes current standards for governing the identifiability and anonymity of patients. Here we will briefly review the problems genomics technologies raise for consent, as well as how new standards might solve these problems.
Consent is a crucial aspect of many different types of research. However, it is particularly crucial in the domain of genetic research because the science is new, complex, and requires long-term storage of large amounts of data that can be used for different purposes, some of which may not yet be known. But each of these elements provides challenges to obtaining informed consent for genetic research. One of the main requirements for consent is to provide participants with all the information necessary to fully understand the implications of their consent; with genetic research, this can be extremely difficult or impossible to achieve.
There are generally four different types of consent used in genomic research:
- Broad: consent to general, and often undetermined, uses of personal data.
- Narrow: consent to specific uses of personal data (e.g., a single study).
- Tiered: consent to multiple different uses of data, as specified by the individual.
- Dynamic: recurring requests for consent for different uses of personal data.
Over the last decade, genetics researchers have been promoting broad consent. This allows for more efficient use of scientific resources than narrow consent, and also allows scientists to conduct research more quickly. However, it is widely recognized that broad consent increases the risk of various forms of abuse, and in many cases prevents truly informed consent. Since researchers don’t really know what will happen with individuals’ data once it is shared in large databases, broad consent essentially grants researchers the authority to make future choices about the use of this data for individuals, rather than allowing the individuals themselves to provide consent.
More recently, researchers have begun exploring tiered and dynamic consent. However, this can be very labor intensive for researchers, and requires participants to be highly invested in research projects. In order to make these models of consent viable, researchers have tried to ease their burden by de-anonymizing patient data. Being able to quickly tie genetic data to a specific individual allows researchers to contact participants repeatedly, and to make very specific requests for consent. Though consent here comes at the expense of individual privacy, participants in these studies are relatively well informed about how their data is being used. This contrasts with many other studies that have strict standards of identifiability and anonymity, and as a result make it more difficult to determine whether individuals’ data has unintentionally become identifiable or non-anonymous.
For further discussion of different types of consent, see http://www.genome.gov/27026588. The Harvard Personal Genome Project is one prominent model of dynamic consent. See http://www.personalgenomes.org/static/docs/harvard/PGP_Consent_2014-02-18_online.pdf