More In This Article
Earlier this year Yaniv Erlich of the Whitehead Institute for Biomedical Research at M.I.T. sent bioethicists into a frenzy when he and his team uncovered the names of people whose anonymous genome profiles were published by the 1000 Genomes Project. Erlich and his co-workers found the identities entirely by connecting Y-chromosome data and other information from the database with publicly available records, including genealogy databases and lists of people living in particular locales.
Given the relative ease of linking seemingly protected genomic data to names, an expansive new medical data-sharing initiative is already fanning an ongoing debate over how far investigators need to go to protect the privacy of people who donate their DNA to research. This past month, over 70 leading medical and research organizations across 41 countries, including the National Institutes of Health (NIH) and The Wellcome Trust, declared their intent to form a global alliance by the end of this year to build a framework for sharing genomic and clinical data they collect from study participants.
Their aim is to mine the genomes and medical histories of study participants to pinpoint gene variants that contribute to such diseases as cancer and diabetes. A huge data set is needed to uncover genetic links that have so far proved elusive. Only after such links are established will society enter the promised era of personalized medicine, when physicians armed with patients’ unique genetic sketches can help prevent disease and customize therapies.
At the moment, however, the alliance and other genome researchers have no clear model to follow for how best to protect the privacy of genetic donors. Some researchers have simply accepted that privacy is impractical, even impossible. That is the premise of the Personal Genome Project (PGP), the brainchild of geneticist George Church of Harvard Medical School. This project intends to recruit 100,000 people to share with the world their genomic, medical and demographic data—even giving them the option to volunteer their names and headshots in light of Erlich’s recent work.
Church has designed this enterprise and its consent policies to cater to people who, like him, think that guaranteeing privacy in today’s digital world is unfeasible. People hack databases, genomes tell secrets and every lock has a key. His participants are informed explicitly about the benefits and risks of participating, going as far as being warned that malicious individuals could potentially synthesize and plant their DNA on a crime scene. They accept the risk and upload their data online. You can take a peek right now, if you wish. “The old idea ‘to add more security’ is looking less and less viable in the face of people like Julian Assange, Aaron Swartz and Edward Snowden,” Church says, referring to contemporary leakers of secrets that have made recent headlines. Instead of using a data model that prioritized privacy, “we flipped the whole thing on its head,” he says. “Instead of saying how can we make the data more secure, I said, ‘Let’s make it more open and find people who are okay with that.’” Church calls this “open consent.”
Historically, genetic research has fallen at the opposite end of the privacy spectrum. People have presumed privacy or asked for their medical information to remain private. Genome-wide association studies, for example, recruit people who all have the same ailment, say migraines, to donate their genomic data. The data is compared to find shared gene variants that might underlie the disease, and the results are published. But the genomes never leave the lab.