Privacy in the Twenty-First Century: Four Questions for Regulators

Professor Roger Brownsword

Wednesday 21 May 2014 17:00 - 18:30

Balliol College, University of Oxford, Lecture Room XXIII.

Registration is not required for these seminars. The seminars run from 17:00 to 18:30 on Wednesdays, starting on October 23, 2013 and held on alternate weeks during Michaelmas Term (i.e. Oct 23, Nov 6, Nov 20 and Dec 4, 2013); they will continue during Hilary and Trinity Terms 2014 with the closing workshop on June 18, 2014. For any queries, please contact: arthur.thomas@oii.ox.ac.uk

This event is part of Balliol Interdisciplinary Institute and OII Seminar Series on Privacy Issues in Genomic Medicine

Abstract

With a relatively weak anchoring point (in the notion of a ‘reasonable expectation’), the interest in (or right to) informational privacy has been swept along by the tides of technological development, particularly by the digitisation of data and by the prospect of genomic medicine. However, even if privacy could be more firmly anchored, the conjunction of modern info and bio-technologies raises a host of questions for regulators who are concerned to support these technologies while also protecting relevant informational interests. In this seminar, in order to open a conversation with regulators, the following four questions will be addressed:

  • If privacy is dead, why do we think that ‘phone hacking’ is such a serious wrong?
  • How do we understand the relationship between ‘informational privacy’ and ‘data protection’?
  • Is the case against consent that it over-protects or that it under-protects relevant informational interests (or rights)?
  • If the ‘public interest’ is not to serve as a blank cheque, when is it a sufficient reason for overriding informational interests (or rights)?

About the Seminar Series

The rapidly-declining cost of genomic sequencing promises many breakthroughs in our understanding of genetic predisposition to disease and for the development of medical treatments more precisely tailored to the individual patient. Much of this genomic data will end up in databases maintained by research and healthcare organisations (and increasingly by commercial "personal genomics" companies) which will have the ethical and legal responsibilities for preserving the privacy of such sensitive information. Unfortunately, recent research suggests that it is much more difficult than was first imagined to preserve the privacy of such information. Many existing methods for "de-identifying" or "anonymising" such data have been shown to be fragile: correlation of information from genomic databases, electronic health records and public sources such as genealogy and residence databases can often lead to surprisingly accurate inferences about the identities of individuals. If such information were to becomes widely available, it might compromise the ability of individuals to obtain health and life insurance, and might influence employment and even personal relationship decisions. Such information leakage might also well have a significant chilling effect on the public's willingness to participate in research and clinical studies.

We are organising a series of seminars, funded by the Balliol Interdisciplinary Institute, to examine the current state of information privacy in this domain, and to look in particular at several questions:

  • To what extent can technology keep up with the arms race between "hackers" and data curators? Will recent advances in cryptography, database security architectures and "privacy preserving" data mining methods mitigate the risks, now and in the future?

  • What is the current state of legislation and regulation in this domain, and how is it likely to evolve in the face of developing attacks on privacy? Who actually owns and has control over genomic (and related health) data and its uses? Are there significant national and cultural differences which need to be taken into account (especially when data storage may transcend jurisdictional boundaries e.g. when data are stored in commercial "clouds")?

  • To what extent does the appearance of patient-centric disease management portals such as PatientsLikeMe mitigate the concerns about privacy? Will patients' altruistic urge to share information about themselves, their disease and their interactions with the healthcare system outweigh their concerns about their personal privacy? What is the appropriate balance between the public good which results from data sharing and the potential private loss?

  • What changes need be made to informed consent protocols to ensure that both researchers and donors fully understand and accept the risks associated with data collection and use?

  • If, as Scott McNealy (former CEO of Sun Microsystems) once said "Privacy is dead ñ get used to it," and privacy is doomed to lose the arms race, what is the impact likely to be on public attitudes towards, and expectations of, personal genomic privacy? In a world where people are willing to commit intimate personal information to Facebook, should we even worry about the consequences of loss of genomic privacy? Or should we rather be addressing the issues inherent in completely open sharing of such information?

Answers to some or all of the above questions would have a profound impact on the practice of scientific research and medicine. A clear analysis of the risks, methods for mitigating those risks, and, alternatively, of the consequences of a deliberate policy of transparency, will help policy makers to develop realistic approaches to public education about, and the setting of guidelines for future research on, and exploitation of, personal genomic information.

About the speaker

Professor Roger Brownsword

Kings College, London

Roger Brownsword is Professor of Law at King’s College London. He also has professorial appointments at Bournemouth University and Singapore Management University as well as being an honorary professor at the University of Sheffield. His books include Law and Human Genetics: Regulating a Revolution (Hart, 1998: co-edited with W.R. Cornish and M. Llewelyn); Human Dignity in Bioethics and Biolaw (OUP, 2001) and Consent in the Law (Hart, 2007) (both co-authored with D. Beyleveld);  Contract Law: Themes for the Twenty-First Century (OUP, 2006); Rights, Regulation and the Technological Revolution (OUP, 2008); Regulating Technologies (Hart, 2008) (co-edited with K.Yeung); and Law and the Technologies of the Twenty-First Century (CUP, 2012) (co-authored with M. Goodwin). He is currently co-editing the Cambridge Handbook on Human Dignity (which is in press) and the Oxford Handbook on Law, Regulation and Technology. Professor Brownsword has acted as a specialist adviser to parliamentary committees dealing with stems cells and hybrid embryos. From 2004-2010, he was a member of the Nuffield Council on Bioethics; and, currently, he is Chair of the Ethics and Governance Council of UK Biobank.