This might not be something you’ve thought about often, but as a biomedical sciences major, I’ve always wondered why there’s a grey area when it comes to the privacy and ownership of our genetic information.
After all, it should only make sense that we own our DNA no matter what, right?
If only it were that simple.
Genetics, the study of genes, is a field of science that is relatively new and controversial. What is genetic information, and why is it so important?
Well, your DNA holds all of your genetic information: everything that makes you, you. Moreover, your genetic information is also your hereditary material and can be linked to your family members and ancestors (hence the popular “ancestry” tests – but we’ll touch more upon that later), and can also be used to predict what types of diseases you’re more likely to develop, therefore contributing to the development of more treatment options.
Really, the sheer magnitude of the power that our DNA holds never fails to astound me.
And amazingly enough, such powerful information can easily be obtained through the genetic testing of an individual.
Yet, it is this very advantage that creates the confusing and controversial issue of the privacy and ownership of genetic information.
The issue is that the privacy of genetic information is not fully being protected nor maintained, and most people are unaware of this concern.
This is not a new concern; Witte et al. delved into this issue in Ownership of genetic material and information, a scientific article published back in 1997, when the International Human Genome Project had not yet been finished. Back then, as genetic information was becoming more readily available, concern was brought up about the responsible use and control of genetic information. Therefore, the concept of “ownership” or “property” was introduced regarding genetic information.
Have you ever gotten an ancestry test done from a direct-to-consumer (DTC) company such as 23andme? Or perhaps a pathology test or a biopsy in a medical setting? If you have, I’d just like to ask you this question:
Have you ever thought about who owns your genetic information – your DNA – once your test results come back? Is it you, the hospital, the laboratory, or in the case of the ancestry test, the DTC company?
What this means is that “you own the sample you’ve given only until it’s processed, after which the ownership probably transfers to the laboratory,” as Professor Peter Collignon also informed Sonya Gee, specifically regarding pathology tests. However, even though this transfer of ownership is referring specifically to pathology tests, it seems to be the same case for genetic tests in all cases.
Although there are policies regulating the use of genetic information, there are none explicitly outlining this concern of ownership of genetic information (we’ll get back to this in a bit).
It’s true that scientific advancement is happening much too fast for the law to keep up. From the International Human Genome Project and genetic information becoming easily accessible, we have now already developed CRISPR, a powerful gene-editing tool. As Redman M. et al. explained in the scientific study “What is CRISPR/Cas9,” it can not only edit genes, but also turn genes off and on in a relatively cheap and easy way. Although the prospects of CRISPR are very exciting; it can be used to potentially “revolutionize the treatment of many paediatric conditions” such as cystic fibrosis, the tool itself introduces new concerns. For example, how its use can be strictly regulated, something that is currently “tenuous at best” on an international scale, as Curran explains in his article on regulation of human gene editing (but that is a whole different topic of discourse).
Perhaps now you are better able to grasp where all these grey areas surrounding the policies of genetic data arise from and why it is so important for us to clearly establish these boundaries in the law before science progresses too far to be controlled. For mishaps do, and will continue to occur.
I would really like to emphasize that our DNA – our genetic information, is very powerful. As the Office of the Privacy Commissioner of Canada stated in a speech on Privacy and DNA Databanks in 2010, “DNA information is so vast, so profound and so sensitive, that it warrants the highest level of protection”. It is unfortunate then that more appropriate legal measures are not being taken as science continues to progress.
As I mentioned, there are some policies in place right now in North America and internationally, however, not only are they outdated, they also do not specifically protect the ownership and privacy of genetic information. These policies specifically regulate how the information can be used. Examples of such policies are GINA; the Genetic Information Nondiscrimination Act of 2008, and HIPAA; Health Insurance Portability and Accountability Act of 1996.
GINA only simply covers that it be “illegal for health insurers or employers from requesting or requiring genetic information” and “further prohibits the discriminatory use of such information.”
HIPAA Omnibus Rule did amend their regulations to include genetic information in the definition of Protected Health Information (PHI) in 2013. However, as the Electronic Frontier Foundation (EFF) discusses in their section on Medical Privacy, HIPAA only applies to an organization that is either a HIPAA-covered entity, basically healthcare providers, or the business associate (BA) of one. However, many online genetic testing companies such as Ancestry.com are non-covered entities as they are currently only self-regulated businesses. Today, individuals either get genetic testing done in a medical setting or from a DTC company like Ancestry.com. Therefore, the EFF makes a valid point when they point out that HIPAA is essentially a “disclosure regulation law and not a privacy law”.
The truth is that the policies heavily rely on simple consent forms that you are provided to sign in medical settings or by the direct-to-consumer (DTC) companies before you give them access to your genetic information. To give you an idea of what I mean, Canadian law “prohibits any person from requiring an individual to undergo a genetic test or to disclose the existing results of genetic tests,” but highlights that if a person chooses to disclose their genetic information through genetic testing then their “consent must be in writing, fully informed and freely given.” However, this is not a very effective way of protecting the privacy of genetic information, because let’s be real:
Would you really read the whole consent form properly, without skimming some parts over?
You probably wouldn’t, and neither would I – because who really has the time to sit and read through so much information when you can easily just sign at the end? It’s almost as if they don’t want you to notice the finer details, such as the loopholes regarding the use and ownership of your genetic information.
Even further complications arise as a result of sending samples to oversea labs, which is common for DTC genetic testing (let’s not even delve into this issue, otherwise we’ll be here all day).
The Hagahai case will really give you an idea of the unethical situations that arise as a result of this grey area in privacy and ownership of genetic information. The Hagahai are Indigenous peoples of New Guinea, who in 1984 seeked out the help of researchers for a disease that was afflicting their people. Researchers discovered that the Hagahai people carried a gene that “predisposed humans to leukemia, yet they did not themselves manifest symptoms of the illness”. From this they found a T-lymphotrophic virus, which could be used to develop a vaccine for certain types of leukemia. Fast forward to 1991, and the National Institutes of Health in the U.S. were seeking patents for the cell line developed using the DNA of a Hagahai donor. Even though the patent was later abandoned, this case still caused controversy, as it was discussed whether the “Hagahai donor’s consent had, or should have, been obtained before the resulting cell line was patented.” as the WIPO Global IP Issues Division recounts. Furthermore, this brought up the issue of biopiracy, as the samples came from an Indigenous peoples.
In conclusion, my opinion on this issue is that, because of these grey areas in the ownership of genetic information, there are many ways in which an individual’s privacy can be violated. I think individuals may not read the consent form fully before signing it and unintentionally give up their genetic information to be shared by the company, hospital or laboratory for other uses. Even if they do read the consent form, the ownership will still probably transfer to the company, hospital or laboratory anyways. Regardless, I do believe that if my genetic information is used in research it should be consensual and if profit is made, I should have a share in it.
Whether or not the governments, both in North America and internationally, tackle this issue of privacy and ownership of genetic information in a better way, will be determined once the older policies are updated. (Interesting fact: I first researched this topic a few years ago, and during my current research I did not find many new updates; for instance the Office of Privacy Commissioner’s page on direct-to-consumer genetic testing and privacy remained the same, last updated in 2017).
My body, my DNA … right?
If only it were that simple.