Genomics & Privacy Interdependence
In the past year, I’ve spoken with many experts on the question of genomics and privacy. The most common position I have heard was that health data privacy is part of the larger debate on privacy. The logic is sound: fixing all data privacy issues will inherently take care of health data privacy.
But genomics data privacy is different: while data privacy is about your privacy, genomics privacy is about other people's.
In the policy world we talk about "privacy interdependence" - when individuals are no longer able to guarantee their privacy through their own, autonomous decision-making.
This issue should already be familiar: a person’s images and whereabouts are posted by a friend on social media - without this person’s consent.
In the healthcare sector, the equivalent translates to an individual making his DNA available to private or public entities, without the consent of other individuals sharing that same genetic code.
Unlike social media, however, the harm done by disclosing sensitive, DNA-related information can be irreversible. Data misuse could lead to discrimination, data-determinism, loss of privacy, and vulnerability.
This piece is solution-agnostic. In many ways, genomics data privacy issues are simply an extension of general data privacy issues. Genomics data privacy policies may equally well address the problem. Perhaps the private market will find creative ways to protect "consumers".
The take-home point, however, is that genomics data leakages involve a different type of risk than incurred by one's daily trades with Fitbit and Facebook. A risk, in fact, comparable to that of biometrics black markets: a critical piece of information with an individual's signature has been disclosed to third-parties without one's consent - a signature that can lead to direct discrimination - and no action can be taken to protect the individual.