Privacy, autonomy and direct-to-consumer genetic testing: a response to Vayena

In Vayena’s article, ‘direct-to-consumer (DTC) genomics on the scales of autonomy’, she claims that there may be a strong autonomy-based argument for permitting DTC genomic services. In this response, I point out how the diminishment of one’s genetic privacy can cause a relevant autonomy-related harm which must be balanced against the autonomy-related gains DTC services provide. By drawing on conceptual connections between privacy and the Razian conception of autonomy, I show that DTC genetic testing may decrease the range of valuable options individuals possess, which impacts the extent to which would-be consumers can exercise their autonomy.

Law and Legacy in Medical Jurisprudence

Graeme Laurie stepped down from the Chair in Medical Jurisprudence at the University of Edinburgh in 2019. This edited collection pays tribute to his extraordinary contributions to the field. Graeme often spoke about the importance of 'legacy' in academic work and forged a remarkable intellectual legacy of his own, notably through his work on genetic privacy, human tissue and information governance, and the regulatory salience of the concept of liminality. The essays in this volume animate the concept of legacy to analyse the study and practice of medical jurisprudence. In this light, legacy reveals characteristics of both benefit and burden, as both an encumbrance to and facilitator of the development of law, policy and regulation. The contributions reconcile the ideas of legacy and responsiveness and show that both dimensions are critical to achieve and sustain the health of medical jurisprudence itself as a dynamic, interdisciplinary and policy-engaged field of thinking.

SVAT: Secure Outsourcing of Variant Annotation and Genotype Aggregation

Background: Sequencing of thousands of samples provides genetic variants with allele frequencies spanning a very large spectrum and gives invaluable insight for genetic determinants of diseases. Protecting the genetic privacy of participants is challenging as only a few rare variants can easily re-identify an individual among millions. In certain cases, there are policy barriers against sharing genetic data from indigenous populations and stigmatizing conditions. Results: We present SVAT, a method for secure outsourcing of variant annotation and aggregation, which are two basic steps in variant interpretation and detection of causal variants. SVAT uses homomorphic encryption to encrypt the data at the client-side. The data always stays encrypted while it is stored, in-transit, and most importantly while it is analyzed. SVAT makes use of a vectorized data representation to convert annotation and aggregation into efficient vectorized operations in a single framework. Also, SVAT utilizes a secure re-encryption approach so that multiple disparate genotype datasets can be combined for federated aggregation and secure computation of allele frequencies on the aggregated dataset. Conclusions: Overall, SVAT provides a secure, flexible, and practical framework for privacy-aware outsourcing of annotation, filtering, and aggregation of genetic variants. SVAT is publicly available for download from https://github.com/harmancilab/SVAT .

Feasibility and Assessment of a Cascade Traceback Screening Program (FACTS): Protocol for a Multisite Study to Implement and Assess an Ovarian Cancer Traceback Cascade Testing Program

Ovarian cancer (OVCA) patients may carry genes conferring cancer risk to biological family; however, fewer than one-quarter of patients receive genetic testing. “Traceback” cascade testing —outreach to potential probands and relatives—is a possible solution. This paper outlines a funded study (U01 CA240747-01A1) seeking to determine a Traceback program’s feasibility, acceptability, effectiveness, and costs. This is a multisite prospective observational feasibility study across three integrated health systems. Informed by the Conceptual Model for Implementation Research, we will outline, implement, and evaluate the outcomes of an OVCA Traceback program. We will use standard legal research methodology to review genetic privacy statutes; engage key stakeholders in qualitative interviews to design communication strategies; employ descriptive statistics and regression analyses to evaluate the site differences in genetic testing and the OVCA Traceback testing; and assess program outcomes at the proband, family member, provider, system, and population levels. This study aims to determine a Traceback program’s feasibility and acceptability in a real-world context. It will account for the myriad factors affecting implementation, including legal issues, organizational- and individual-level barriers and facilitators, communication issues, and program costs. Project results will inform how health care providers and systems can develop effective, practical, and sustainable Traceback programs.

The impact of cross-kingdom molecular forensics on genetic privacy

Recent advances in metagenomic technology and computational prediction may inadvertently weaken an individual’s reasonable expectation of privacy. Through cross-kingdom genetic and metagenomic forensics, we can already predict at least a dozen human phenotypes with varying degrees of accuracy. There is also growing potential to detect a “molecular echo” of an individual’s microbiome from cells deposited on public surfaces. At present, host genetic data from somatic or germ cells provide more reliable information than microbiome samples. However, the emerging ability to infer personal details from different microscopic biological materials left behind on surfaces requires in-depth ethical and legal scrutiny. There is potential to identify and track individuals, along with new, surreptitious means of genetic discrimination. This commentary underscores the need to update legal and policy frameworks for genetic privacy with additional considerations for the information that could be acquired from microbiome-derived data. The article also aims to stimulate ubiquitous discourse to ensure the protection of genetic rights and liberties in the post-genomic era.

Attitudes of healthy volunteers to genetic testing in phase 1 clinical trials

Background: Genetic testing in clinical trials introduces several ethical and logistical issues to discuss with potential participants when taking informed consent. The aim of this study was to explore the attitudes of healthy volunteers in phase 1 studies to the topics of genetic security, genetic privacy and incidental genetic findings. Methods: Healthy volunteers presenting for screening appointments at a phase 1 clinical trial unit (CMAX Clinical Research, Adelaide, Australia) took an anonymous paper survey about genetic testing. Results: There were 275 respondents to the survey. The mean age was 27 years (range 18-73); 54% were male and 53% were of North/Western European ethnicity. Just over half the healthy volunteers thought genetic security (56%) and genetic privacy (57%) were “important” or “very important”. However, the security of their genetic information was ranked less important than other personal information, including mobile phone number, internet browser search history and email address. Two-thirds of respondents would trade genetic privacy for re-identifiability if information relevant to their health were discovered by genetic testing. Healthy volunteers favoured the return of incidental genetic findings (90% indicated this was “important” or “very important”). A level of risk (10 to 90%) for developing a serious medical condition that would “trigger” the return of incidental genetic findings to participants was not identified. Conclusions: Healthy volunteers screening for phase 1 clinical trials have mixed views about the importance of genetic security and genetic privacy, but they strongly favour the return of incidental genetic findings that could affect their health. These issues should be discussed with potential participants during informed consent for phase 1 clinical trials with genetic testing.

Protecting Genetic Privacy in Biobanking through Data Protection Law

Biobanks are critical infrastructure for medical research. Biobanks, however, are also the subject of considerable ethical and legal uncertainty. Given that biobanks process large quantities of genomic data, questions have emerged as to how genetic privacy should be protected. What types of genetic privacy rights and rights holders should be protected and to what extent? Since 25 May 2018, the General Data Protection Regulation (GDPR) has applied and now occupies a key position in the European legal framework for the regulation of biobanking. This book takes an in-depth look at the function, problems, and opportunities presented by European data protection law under the GDPR as a framework for the protection of genetic privacy in biobanking. It argues that the substantive framework presented by the GDPR already offers an admirable baseline level of protection for the range of genetic privacy rights engaged by biobanking. The book further contends that while numerous problems with this standard of protection are indeed identifiable, the GDPR offers the flexibility to accommodate solutions to these problems, as well as the procedural mechanisms to realise these solutions.

The Protection of Genetic Privacy in Biobanking at International Level

This chapter sketches a baseline level of protection for genetic privacy rights in biobanking, against which legal systems, including the General Data Protection Regulation (GDPR), might be compared. This baseline level of protection is provided via identifying principles dealing with the protection of all types of genetic privacy rights, and rights holders, in biobanking in the international framework. The chapter identifies two types of international principles: common international principles—principles identified in a majority of all biobank-relevant international instruments; and emerging international principles—principles identifiable in a majority of biobank-specific international instruments. It also offers a critical analysis of the protection offered under the international framework. This critique does not aim to undermine the legitimacy of regarding identified international principles as offering a baseline level of protection. Rather, it merely aims to highlight that the protection provided has flaws, and thus should not be regarded as definitive or perfect.

Testing the GDPR in Relation to Biobanking

This chapter looks at when the General Data Protection Regulation (GDPR) applies, rationae materiae, to biobanking—only when the law applies to biobanking can it be expected to provide any protection for genetic privacy rights in biobanking at all. The GDPR's applicability criteria are outlined in Article 2; criteria concern both the types of processing activity covered by the GDPR and the mechanics of processing covered by the GDPR. In relation to the mechanics of biobank processing, the situation is complex. The key question which emerges is which types of biobanking substances can qualify as personal data? The concept of personal data can be usefully broken down into two aspects of any processing operation. First, the substance being processed: to qualify as personal data, a substance must be able to fulfil three criteria. A substance must be ‘information’, it must ‘relate to’ a specific person, and that person must be a ‘natural person’. In the biobanking context, health, lifestyle, and biographical information, sequenced genomic data, and individual research results certainly fulfil these criteria. Second, the link between the substance and a specific individual: to qualify as personal data, a substance must relate to an individual who is ‘identified or identifiable’. All biobanking substances processed in either linked or pseudonymised form will certainly qualify as ‘identified or identifiable’.

Genetic Privacy and Other Interests in Biobanking

This chapter evaluates the concept of genetic privacy and its relationship with biobanking. Genetic privacy is simply a sub-concept of privacy referring to states of separation and exclusivity arising in relation to the processing of genetic data. Genetic privacy rights, then, are simply a subset of privacy rights relating to the processing of genetic data. The chapter then proceeds to map the range of genetic privacy rights engaged by the biobanking process along two axes: the transactional axis—genetic privacy rights held by research subjects; and the relational axis—genetic privacy right held by genetic relatives and genetic groups. Subsequently, it moves to map other types of interests engaged by biobanking, including interests related to the research process and third-party non-research interests in accessing biobank substances. Finally, the chapter offers a rough schematic of the relationships, including conflicts and confluences, between identified rights and interests.