Introducing data sharing practices into the genomic research has brought a number of concerns in research ethics and governance to the fore. For instance, research participants and the general public raised concerns about potential privacy issues in personal genomic data protection, as well as the scope of the secondary uses. In order to address such concerns, Data Access Committees (DACs) were seen crucial in the governance of main genomic databases such as the database of Genotypes and Phenotypes (dbGaP) and the European Genome-phenome Archive (EGA). Surprisingly, the component of access review, the structure, and the functionality of such committees have been barely scrutinized to date.
In a recent study published in Genetics in Medicine, we solicited the opinion of 20 DAC members and experts on genomic data access. Specifically, the interviewees were asked about the goals of access review and their experiences with reviewing the ethical and scientific aspects of proposals. The respondents unanimously agreed that the complexity of the access review should correspond with the concerns associated with genomic data sharing. In this regard, privacy risks often seemed possible, yet were not viewed as an imminent threat. The respondents could only recall a few examples of re-identification of genomic data in the past, yet could not promise full privacy protection given the evolving nature of the field. Regardless of the scarcity of such incidents, the controlled-access model is generally considered necessary to maintain public trust. As a DAC member put it: “I think the future of science depends upon high levels of public trust and you can only have high levels of public trust if people feel the data sharing is being managed.”
The content of the proposed research is also mentioned as the potential subject of scrutiny in the access review procedure. The politically or culturally sensitive research agenda such as ancestry or characterization studies were mentioned as the existing, but not frequent examples of such controversial research proposals. However, DAC members and experts were ambivalent about the responsibility of DACs in this matter, as they felt they are not ethics committees after all. This raises a number of unresolved questions: What are the responsibilities of the ethics committees/Institutional Review Boards in the data sharing pipeline? When ethics committees should intervene? And what is the relationship between these oversight bodies?
In addition, the proposed research might go beyond the scope of original consent. The respondents often discussed the example of the data use requests by commercial parties, where compatibility of such use by the original consent forms raised controversies. It has been also noted that the current consent mechanisms may not encompass all aspects of data sharing, particularly in the retrospective uses of data. To improve the current consent forms, documents such as the Consent Policy prepared by the Global Alliance for Genomics and Health could be consulted.
DAC members also reflected upon the effectiveness of the current oversight tools and mechanisms on downstream uses of data, questioning their robustness at times. For instance, oversight on the compliance of the researchers with the data access agreements is considered to be limited. Nevertheless, DAC members did not favor a heavier oversight procedure, given they did not expect to see major violations and very few had reported any actual violations to date. This raised a question about the right size of the oversight. How could the effectiveness of the current oversight be improved without making it burdensome? The significance of oversight in a “proportionate manner” on compliance of the users is also underscored by funders in a recent report. Further studies are necessary to identify what constitutes an effective and efficient oversight.