News | January 23, 2020
Individual and patient privacy concerns have come back into focus with a recent ruling from a US court allowing police access to all patient records in a gene sequencing database of some 1.3 million individuals owned by the company GEDmatch. The legal warrant overrides individual privacy selections made when providing their DNA sample to the database about who may or may not access their personal genetic data.
Advocates for allowing authority access to such database point to the potential ability to identify criminals and close cases where DNA evidence has been left by the suspect. However, critics point out the difference between authorities requesting access to the records of a single suspect in order to make a potential match (much as they would request a warrant to search a single dwelling) compared to having free access to all genetic records in the database. The concerns include the potential for false matches leading to criminal accusations (especially in the instance of poor quality or degraded DNA evidence), patient privacy violations and even identity theft or fraud.
Although the warrant has currently only been granted for the GEDmatch database it sets a precedent which could then be applied to larger at-home DNA testing databases (currently estimated to collectively contain the data of approximately 26 million people, globally), scientific databases and medical treatment databases that contain whole genome sequencing data.
Jurisdictional confusion may also come into play, for example if European citizens (protected by GDPR) have consented to have their data stored in offshore databases, or if changes to consent can be applied retrospectively. Associations such as the Global Alliance for Genomics and Health raise concerns that if individuals become concerned about their privacy and potential misuse of personal data, it will have an adverse effect on the amount of data able to be collected for medical and research purposes, and slow down the progress being made to improve patient care and treatment options. Even genomic data which has already been collected (and potentially used for research purposes) could be subject to the right to erasure under GDPR law – however, ‘tasks in the public interest’ may override this right.
As more and more genetic data is collected worldwide it remains to be seen how the issues of individual privacy vs common good – whether for criminal or medical reasons – play out. In the meantime, targeted genetic assessment for medical diagnosis remains out of the spotlight focused on the issues of storing genetic data from whole genome sequencing.
References and further reading
http://theconversation.com/if-youve-given-your-dna-to-a-dna-database-us-police-may-now-have-access-to-it-126680
https://www.technologyreview.com/f/614684/a-detective-has-been-given-access-to-private-consumer-dna-data-for-the-first-time/
https://www.ga4gh.org/news/gdpr-brief-withdrawing-consent-to-data-processing-under-the-gdpr/