Genomes on-line and the Health of Privacy

By Effy Vayena and Alessandro Blasimme

Technology Concept

In January 1999, Scott McNealy, CEO of Sun Microsystems (now part of Oracle Corporation), announced that we should no longer be concerned with privacy, since consumers ‘have zero privacy anyway’ and should just ‘get over it.’ His argument, that in the era of information technology we have become unable to protect precisely what such technology relies on and delivers (information) has met the full spectrum of imaginable reactions – from outrage to enthusiastic endorsement. Many different cures have been proposed to treat at least the symptoms of the disease caused by the loss of privacy. Yet there is little disagreement concerning the diagnosis itself: privacy does not enjoy an enviable state of health. Recent emphasis on big data and their inescapable presence have only made the prognosis dimmer for the once cherished ‘right to be let alone’ – as Samuel D. Warren and justice Louis D. Brandeis famously defined privacy back in 1890.

Such a deteriorating outlook should sound especially alarming in the fields of healthcare and medical research. In such domains, professional norms of medical confidentiality have long ensured sufficient levels of privacy protection, accountability, and trust. Yet we are told that this may no longer be the case: sensitive, personal, health-related information – just like any other type of information – now comes in electronic formats, which makes it much more reachable than before, and increasingly difficult to protect. Imagine the consequences this may have in the case of genomic data – arguably one of the most sensitive forms of personal information. Should such information fall into the wrong hands, we may face harsh consequences ranging from discrimination to stigmatization, loss of insurance, and worse. To enjoy the right to genomic privacy, one has to be able to exercise some meaningful amount of control over who gets access to her genetic data, be adequately shielded from harms of the sort just mentioned, and yet retain the possibility of deciphering what’s written in her DNA for a variety of purposes – including, but not limited to, health-related ones. All this is undoubtedly demanding. All the more so now that we know how even apparently innocent and socially desirable uses, like genomic research employing anonymized DNA, are not immune from the threat of malicious re-identification.

In light of such considerations, one might be led to think that health privacy protection is a lost cause. In fact, one may go even further and argue that, all things considered, we shouldn’t worry too much about the decline of privacy. Having our sensitive data in a state of highly restricted accessibility, so the argument goes, prevents us from extracting medically valuable insight from those data and hinders medical discovery from which we may all benefit. Continue reading