There are potentially great benefits to the use of genomic data. But there are also clear risks and concerns, due in large part to the particular characteristics of DNA and the vast amount of information that can be derived from it.
The term 'big data' makes this sound like something new or different, and indeed the scale and scope of the data collected and processed is unprecedented. But, this is data about people. And, as it is about people's physical or mental condition, it is sensitive personal data (under GDPR, this counts as 'special category data'). Being recognised as such, this data is given special protection under the law. Given the familial or kinship aspects of DNA and genomic data, it will likely also strongly engage the Article 8 human right to a private and family life.
Old excuses about removing or obscuring the most obvious identifiers simply won't wash; there's no hiding behind anonymisation, because this is never failsafe. Though, of course, sensible measures to mitigate risk of identifying individuals must be taken. Genomic data, especially when linked to dated medical events (which is how NHS systems record the things that happen to you), is identifiable data. It must be treated as such.
Genomic data in particular has several distinct properties that relate to privacy concerns:
- It's not just about your current, but your future state – your health, and your propensity to develop particular conditions.
- DNA itself changes very little over time, which only increases concerns around the fact that it is highly identifying and traceable – a fact that underpins its use in forensics.
- The value of the information in your DNA (which may become relevant or important in unexpected or unanticipated ways) also doesn't tend to decrease over time as with many other measurements or tests, such as a blood pressure readings or glucose levels.
- Crucially, your DNA and genomic data contain information about your blood relatives and your kinship (or not) with others, as some have found out to their cost. This is not just information about you, but about your family – which can make issues around consent far more complex.
- Finally, but no less important, the evidence shows that this is all poorly understood by the public at large – which again is highly relevant when we try to ensure people can make informed choices in line with both medical and research ethics.
So how do these play out as risks?
Starting with the most obvious, there is familial matching or inference – where police and law enforcement identify suspects (some who prove to be innocent) not directly, but through the genomic data of family members.
The creation of ever-larger aggregations of biometric information, along with proposed and actual uses for crime detection and border control, policies such as the hostile environment, and a Home Office that sees any data set as fair game, means the very strongest statutory protections must be in place. We don't want a re-run of the NHS 'National Back Office', which the 2014 Partridge review revealed had received over 28,000 law enforcement requests for traces. Neither the Home Office memorandum of understanding under which officials went hunting for people they said had committed immigration offences, through the information the NHS held about them.
Will consent or legislation for NHS genomics include a police access clause? Unless explicitly prohibited, past and current behaviours suggest it will be needed.
Misuse and abuse is not, of course, limited to state surveillance and breaches. Genomic data and inference enables familial targeting and other types of attack. Organised criminals and those motivated by revenge or intimidation have already reportedly targeted individuals and family members through access to medical records. Unlike your credit cards or bank account, you can't be issued a new genome. A single breach is a lifelong event.
Another great concern, depending on who gets access to this information, is discrimination. This already became a reality in the US, where they had to legislate (Genetic Information Nondiscrimination Act of 2008) because people, including women with harmful BRCA mutations, were being denied employment and insurance.
The situation is different in the UK. One important factor to note is concerns that NHS Digital's commercial reuse agreements mean that patients' information in England is being sold, for example, to marketers in the pharmaceutical industry. This is despite promises to the contrary by ministers and officials. To achieve lasting public trust, all such loopholes must be closed, and every project and agreement be publicly registered and fully auditable.
At this point, we've really only just begun to explore the possibilities and risks of genomic data. There is a great deal of uncertainty and open-endedness, with many unknowns that make the notion of 'one-off' consent nonsense. Whatever else, this endeavour is going to require ongoing engagement, potentially over lifetimes. The motives of those who say otherwise or of those who play this down must be considered suspect.
As with all uses of health data, genomic data is no exception, which is why medConfidential seeks to ensure every use is consensual – not just tick-box consent, but helping people to understand and make informed choices, without coercion.
We must also ensure that data use is safe, as we first proposed in 2014. This is not just about proper information security, complying with data protection and having good information governance. It is about ensuring every layer of protection is in place: from the approval of safe research or projects, to safe researchers, working for safe organisations, handling data in safe settings, with safe outputs – under rigorously applied statistical disclosure controls (not just pseudonymised as in the past).
And, to achieve and maintain the long-term trust required for this ongoing endeavour, all this must be transparent: patients must be able to know who has used their data, and for what.
Or, as Dame Fiona Caldicott so succinctly puts it, there must be 'no surprises'.