It's time to talk about who can access your digital genomic data
Caitlin Curtis, James Hereward, The University of Queensland
We are approaching a time when you might be too scared to have your genome sequenced.
Only last week, a US senator called for an investigation into the privacy policies of direct-to-consumer DNA companies. But this is only one piece of a puzzle that is about to get much more connected.
As with any kind of personal data there are a number of concerns regarding collection, transmission, storage and use. But unlike most other data, your genome reveals intimate information about not only you, but also the people to whom you are related.
It’s time to talk about who can access that data, how, when and why.
The current situation
Historically there has been a natural separation between these databases, because they tend to contain different types of genetic data. Medical genetic databases, for example, have typically screened specific genes, and this data is usually not variable enough to be useful in law enforcement.
Additionally, some databases have been governed by specific rules, such as those that limit who can be included in law enforcement DNA databases.
This is changing. The unit of genetic “currency” is becoming the same thing: the sequence of the entire human genome.
The rise of the genomes
The US National Institutes of Health has launched a Precision Medicine Initiative that aims to combine genetic and health data for one million people. China is investing more than US$9 billion in a similar initiative – the pilot stage alone includes one million human genomes.
It’s not just governments. Private companies have also set their sights on massive human genome datasets. Craig Venter’s Human Longevity Inc. is planning to sequence a million genomes by 2020 and has partnered with pharmaceutical giant AstraZeneca to work towards this goal.
The marketplace of corporate, direct-to-consumer genomics companies is also rapidly expanding. Amazon (which claimed 45% of online sales on a record-breaking Black Friday) reported the 23andMe DNA testing kit as one of its top 5 bestselling items.
It’s impossible to put a precise figure on the number of genomes that have been sequenced to date. Projects like BabySeq in the US point to a future in which genome sequencing may be a routine screen at birth.
Genome data is not anonymous
Keeping databases separate and anonymous may seem like a solution but this will be very difficult to accomplish. It is already possible, at least in some instances, to use information from a complete genome to locate the donor through searches of publicly available ancestry databases.
More recently, a controversial study claimed to be able to de-anonymise genomic data using facial reconstruction. In reality this isn’t possible yet – but the application of AI will certainly accelerate our understanding of these links.
Who wants your data, and why?
Your genetic data could be useful to three main groups in society.
1. Law enforcement
Law enforcement queries to commercial ancestry DNA databases have already begun to blur the lines that have typically kept these databases apart. The controversial process of familial searching shows how data may be used from ancestry databases to make inferences about a suspect. In the US, the existence of federally unregulated genetic databases may create further complication.
The establishment of mandatory DNA testing seems far-fetched, however that may not be the case everywhere. In 2015, Kuwait passed a law mandating DNA collections from all citizens and residents, although this was revoked earlier this year.
Closer to home, NSW Police Minister Michael Gallacher proposed that mandatory DNA collection from all newborns in Australia was “something that needs to happen”. Australia is not averse to surveillance of its population, as we have discovered with the national facial recognition system. This system goes into effect in 2018, and both law enforcement and private companies are pushing for access.
2. Private industry
Commercial DNA test providers can be legally required to hand over customer data to law enforcement. The privacy policies that consumers agree to make it impossible to know who else will have access to the data.
3. Insurance companies
Our digital genomes provide information about our predisposition to various medical conditions and this is attractive to insurance companies. The predictive power of the genome is only going to increase over time. Once a consumer has taken a genetic test, they may be required to disclose that fact to an insurer or risk fraud charges.
Let’s talk about the future
Australia just created its first National Health Genomics Policy Framework, for 2018-20, and this begins to create guidelines for genomic data. This policy is geared towards medical research, however, so would not apply to consumer DNA services, and does not make provisions for law enforcement access requests.
Blockchain and “genome cloaking” cryptography approaches are being explored as a way to give people control over their genomic data and who can access it. A new company claims to offer a commercial, decentralised, blockchain system based on buying genetic services and selling access to genetic information.
Perhaps these approaches are part of the technological solution. But the central issue is this: should we own our genetic data, and should we as individuals be able to decide who can access it?
What is absolutely clear is that the future of genomic databases is almost here, and now is the time to figure out how we are going to allow this information to be used.Comment on this article
The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.
University of Queensland provides funding as a member of The Conversation AU.