Saturday, July 13, 2024
- Advertisement -

    Latest Posts

    Internet Freedom Foundation shares comments on the WHO’s Draft Principles for Human Genome Data project

    The ‘Internet Freedom Foundation’(IFF) has shared its comments on the World Health Organization’s (WHO) ‘Draft Principles for Human Genome Data Access, Use and Sharing, 2024’ which attempts to create an international framework for the access, process, use and storage of Human Genome Data.

    The study of Human Genome Data (HGD) or ‘Genomics’ has become increasingly common in recent times. Researchers, globally, collect, store and share this data, which can be imperative to health research. However, there has been a sordid history of HGD being used for exploitative practices, particularly affecting communities with lesser access to resources. HGD collection can also help contribute to the surveillance practices of Governments.

     The WHO’s draft principles aim to amend these practices by creating an inclusive framework that affirms and values the right of individuals and communities to make decisions. The principles aim to foster transparency and accountability and protect the right to privacy.

    In the draft, WHO said: “Genomics holds great promise with the potential to improve individual and population health. To realise this potential, there is a need to enable access to, use, and sharing of human genome data within and across differing health and research sectors. This can only be achieved by proactively addressing the ethical, legal, social, religious and cultural issues that can arise in the process, but also acknowledging that there can also be risks if these data are not shared. Such risks must be balanced and mitigated so that human genome data access, use, and sharing can occur in a manner that protects individuals and communities and at the same time, promotes their health.”

    They invited comments from stakeholders, and the IFF has since provided a few inputs. Here is what the IFF had to say about the draft principles:

    The draft presumes all states have adequate health and legal infrastructure 

    According to IFF, the draft principles do not consider that some Member States may not possess the necessary health infrastructure, technical capacity, and legal framework to protect data subjects against privacy breaches and data security for highly sensitive health data.

    They argued that in order to safely share and transfer such personal data a state should have an overarching data protection legislation. Additionally, the right to privacy must also be judicially and legislatively recognized as a fundamental human right. They also called for legal safeguards and “prescriptive regulation” for individual health data processing.

    Further, a health infrastructure, that is conducive to HGD data collection, requires health system preparedness. This entails “existing capacities for extraction and sequencing, research leadership, medical record documentation, health information exchange, human oversight, and rights-affirming legal safeguards on data sharing” and citizens having adequate grievance redressal mechanisms.

    They claimed that many states in the Global South lack one or both requirements mentioned above and thus, minimum standards for cooperation, capacity building, technology transfer, and HGD collection and use must be set by WHO so that it can be adopted universally.

    The draft fails to distinguish between public and private use 

     They explained that the draft principles do not explicitly distinguish best practices for public and private entities. IFF noted that while private entities are legally bound by data protection laws often law enforcement and public agencies are typically exempted from these duties. This is particularly concerning as genomics and DNA profiling have become increasingly common in criminal justice systems. Law enforcement agencies are often able to process vast amounts of individual biometric samples and create “360 degree profiles” of many unsuspecting citizens. This can be used to profile individuals based on their ethnicity, religion, caste, class, location, political opinions, etc. Lack of consent mechanisms and  safeguards can help governments collect and share detailed genetic information on their citizens, and use it for  ‘targeted policing and surveillance or to stifle dissent.”

    The IFF cited the example of the Chinese government policies against the Muslim Uyghur population and India’s Criminal Procedure (Identification) Act, 2022  which allows law enforcement agencies to collect various biometric measurements of persons who are suspects, accused or incarcerated for the purposes of criminal identification, investigation, and documentation. Thus, IFF called to set standards for public entities too.

    Vague terms may lead to data maximisation

     HGD is often linked with other health information which is crucial for the interpretation of the HGD. The IFF noted that the WHO’s draft principles allowed the linking of this additional health information with HGD if did not impose any additional risks. However, the IFF believes that such “wide articulation of what comprises HGD can prove dangerous on implementation.” They pointed out that, the WHO allows collecting data ‘critically important to interpreting human genome data’, but does not define it. This, they point out can be dangerous as data seekers can ask to collect data, unnecessary data without limitations or accountability, and data subjects may be none the wiser. Further, what constitutes “necessary” and not imposing “unacceptable risks” will vary across Member states.

    Thus, the IFF called for stricter codes of conduct as  “genetic and associated data concerning the health of individuals falls under ‘special categories of data’ under commonly adopted privacy principles like GDPR.” This merits enforcing strict safeguards and discouraging collection of such “excessive ancillary data.”

    Moreover, they reiterated the widely accepted notion of  “data minimisation”, which is the expectation that a data processor will only collect information which is “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.”

     Inadequate consent framework

     Collection of HGD is contingent on consent, thus the WHO is required to create a consistent framework that can be adopted universally. The IFF stated, “the draft principles provide vague guiding principles for consent but encourage communities, which may mean tribal, indigenous, and local communities, to participate in the development of consent models and processes.” Here are the IFF’s recommendations to the Consent Framework

    1. Prior informed consent provisions can be bolstered

    The IFF called to:

    • clearly articulate the risks associated with providing access to their HGD while seeking consent.
    • allow subjects to revoke their consent unless their HGD has been masked or anonymised as stated in Article 9 of the International Declaration on Human Genetic Data or opt-out of participating in subsequent research.
    • subject should be familiarised with all relevant information such as the reason for the investigation, conditions of storage and transfer of the HGD and the effect on the use of data
    • While remote communities must be approached for inclusivity, the researcher should be responsible for obtaining consent. The burden of developing and complying with consent requirements should not be imposed on the communities.

    2.  Solve language barriers 

    Researchers must seek consent in the local language of the data subject especially tribal, indigenous, and local communities whom researchers historically have not communicated with openly.

    3. Broad consent can set a dangerous precedent

    The draft principles state that “broad consent may be permissible in certain cases.” The IFF explained that this can set an extremely dangerous precedent for data subjects—especially tribal, indigenous, and local communities. They warned that these provisions can be abused and thus be removed. Instead, they called to create a framework with guided actions or checklists to ensure that researchers are taking the requisite degree of consent and complying with accepted data protection norms. They stated that informed “Specific consent” requires subjects to know the destination and purpose of their data. They added that ‘research’ is not a specific enough purpose and that consent must be renewed for every new investigation conducted on the collected samples.

    4. The data life cycle approach may create consent irregularities

    HGD collected can far exceed the life of the data subject—which raises the question of who becomes capable of giving consent. Consent after death of a data subject is a controversial subject and consent from the subject’s surviving family may not always be the proper legal or cultural practice. However, The European Union’s Article 29 of the ‘Data Protection Working Party’ postulated in 2004 that family members could collectively be considered data subjects when it came to genetic data processing. Similarly, IFF noted, traditional genomics suggests that healthcare research is a shared societal responsibility that addresses fundamental human needs, thus it takes priority over consent. Thus, the IFF stated that the draft principles must “explore the complexities of consent or suggest uniform practices or interpretations for parties to follow.”

    Data security baselines not clearly set

    IFF recommended anonymizing HGD to secure sensitive identifiable data. However, while this might be a solution to data breaches,  IFF warns that this should not give entities free reign to classify anonymous data as non-personal.

    This is because despite being anonymous, HGD is never truly non-personal, as certain genetic markers can reveal an individual’s “geographical provenance with a high probability, and, in the wrong hands, can become precise tools in population genetics and forensic studies.” Thus, this anonymised personal data must not be considered as ‘non-personal’  and must be accompanied by adequate access controls and security measures.

    “Benefit-sharing” cannot substitute states’ duties to provide entitlements 

    Often governments and researchers offer citizens “benefits” in exchange for their personal data. The IFF called for WHO to mandate that these benefits “must never substitute the duty of the sovereign state to provide essential entitlements and services to its citizens” and ensure that Member states provide citizens with their “constitutional and legal protections, regardless of their participation in clinical trials.” The Government must also not deny citizens access to their rights simply because they refuse to share their data. For instance, governments cannot deny citizens access to primary healthcare if they refuse to give access to their health data.

    Transparent access and benefit-sharing frameworks

    Finally, under the “right to science” and “right to informational self-determination” data subjects have a right to know the general results of the scientific research in which their samples are used, said the IFF. IFF recommended that the WHO suggest a model “benefit sharing agreements”  to create a baseline for ethical and equitable contracts, that researchers can use while approaching data subjects. They cited, “the International Data Sharing Global Alliance for Genomic and Health’s Framework for Responsible Sharing of Genomic and Health-Related Data” as an insightful guiding resource.

    Also Read:

    The post Internet Freedom Foundation shares comments on the WHO’s Draft Principles for Human Genome Data project appeared first on MEDIANAMA.

    Latest Posts

    - Advertisement -

    Don't Miss

    Stay in touch

    To be updated with all the latest news, offers and special announcements.