Consumer Genetics- Getting Privacy Right | PrivacyNews.TV
Articles Blog

Consumer Genetics- Getting Privacy Right | PrivacyNews.TV


Hi folks! Happy Tuesday.
I’m here with Carson Martinez- let’s get Carson nicely in the picture there- Hello! Carson helps lead
our health privacy working group and has been coordinating the effort here at FPF
with a number of leading companies. Ancestry, Helix, 23andMe, Habit, and a few
others around consumer genetics, right? That’s the sending in of your DNA to
learn about your heritage, to do testing and perhaps learn about possible risks
they may have, changes you might want to make, or some of the companies even will offer
things like here’s the wine that some research shows you might- your palate
might really appreciate based on your DNA. So from entertaining to perhaps
critical for health to interesting information about your genealogy and- super popular. Millions of these tests
now being sold. Last year, there were even people giving them as a holiday present. So
it’s really mainstream. Clearly, however, if you’re somebody who works in privacy
and data protection, in addition to recognizing the interest and the benefit,
which can include as well being offered the opportunity to participate in
research. A number of the companies will go back to consumers and ask them
permission “would you like- here are the risks, but
here’s the way researchers could be, pharma companies could be, academic scientists,
here’s what they’re looking to study to try to come up with cures for rare
diseases or for other information”. So Carson, with the group, helped pull
together a set of best practices because there are privacy concerns. So let’s talk
about something we talked about: the benefits, right? “Hey, we’re interested”; it’d be
incredibly useful information, it can be gaining information, but there are
obviously privacy risks as well. What are some of the privacy concerns? Well, genetics is a really interesting type of data, as it’s not only extremely sensitive, but
can also have implications for family members or future generations and can
reveal quite a bit about your heritage or your health information. So in order
to address those issues, we created these best practices to provide better
protections for consumers not only to have them more aware and to enhance
transparency, but to also provide more choices and protections for them. So to
make it very basic, right, if you do a genetic test- you did, as our guinea pig, Carson sent in her information to a number of the companies to see how it would work. Your
results reveal information about your parents, your siblings, your cousins because
we share, you know, DNA. So it’s not just your privacy; you’re, you know, enabling
information about a wider scope of people and that’s something that’s important to
understand. Yep. What do people possibly worry about? I mean, you’ve given your data to companies, obviously
everybody wants good security, so we have security commitments in there, but what are the other kinds of things that somebody might worry about? I think the largest one is discrimination. So there’s a law in the US called the Genetic Information
Nondiscrimination Act, GINA, of 2008, that protects people from
discrimination based off their genetics and the employment or health insurance
section. And so that’s a big issue for people to think about, and when I’m doing these tests is that
data potentially going to my employers or to my health insurers? And we make
sure that that doesn’t happen at all in the best practices unless there is
explicit expressed consent. We also have important protections like the right to
delete your data, going to access it if you’re going to submit data for someone
else, like a kid or a parent that you clearly have the rights to put that data
in there. If a company wants to do something different, let alone share- we
clearly need you to very specifically agree to share it- but if a company wants
to do something very different, something that’s incompatible, there as well, you
need- Expressed consent. -additional permission. So we think there’s some really
strong commitments in here. What about law enforcement access? I mean,
that’s definitely been an issue, people probably saw the Golden State Killer,
where we open GED- GE match? Yep, GEDmatch -was used, and that happened here. And what’s in the document, and in the practices of the companies that prevents that sort of things from happening? Right, so the California Killer or Golden State Killer case with GEDmatch was a really interesting one that blew up in
the media. That is an open source research platform that people can submit
their genetic data to, so it’s a little different than the companies we are
dealing with, but even so, in order to ensure it doesn’t happen, we in the best
practices have included a lot of protections to make sure that the type
of searches that was done in that case cannot be done today with
these companies. So number one: we make sure that companies are producing
transparency ports on at least an annual basis- So we know cops or others are actually looking for this information. -right, so how many requests they
got, how many they agreed to, all that information is provided to consumers
publicly. The other thing we require is that consumers who are uploading their
genetic data, they have to either be number one: the owner of the genetic data
themselves in the biological sample or they must have the express consent of
the person whose genetic data it is in order to give it to the companies. In
the GEDmatch case, we know that law enforcement uploaded the genetic data
from a crime scene under pseudonyms, so to get around that, we require it to be
the owner or to have the express consent. So to be clear, when law enforcement has
a warrant, go to a judge, there’s a crime, and we have a reasonable suspicion- we,
the law enforcement has reasonable suspicion- that a particular person could
be responsible, of course companies have to and should be cooperating in
a civil society. But the notion that the cops should be able to sweep through,
you know, an entire database looking to see if there’s a match, you know what, that’s
the same as perhaps the cops going to a stadium or a crowd and kind of just
getting everybody’s, you know, DNA by, you know, collecting the tickets afterwards
or just sort of, you know, capturing it from people’s seats because maybe
somebody who we’re looking for at a crime scene is in there, right? That is a wide search, and the courts typically don’t allow that and the
companies commit to pressing to ensure that law enforcement has valued legal
process. Lots more; we urge you to take a look at the principles. Our team will
post a link. Certainly your thoughts; it’s a best practice, so hopefully it will evolve
as new business models- it’s a new area, militias will arise new uses of data that
hopefully will be beneficial to consumers. If you’re a consumer, take a
look at the tips that we’ve put out for the kinds of things you should be
looking for when you decide which company to use. And Carson, great work. Thank you! And your team. And thanks to our colleagues at Ancestry, at 23andMe, at Helix, at Habit; the
privacy leads there really were great in working with us. Others who signed off as
well included- My Heritage. -My Heritage,- African Ancestry. -African American Ancestry, and there was one more- Family Tree! Gene by Gene, Family Tree DNA. Yep! Thanks all! Happy Tuesday!

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top