It's time to talk about who can access your digital genomic data

We are approaching a time when you might be too scared to have your genome sequenced.

Only last week, a US senator called for an investigation into the privacy policies of direct-to-consumer DNA companies. But this is only one piece of a puzzle that is about to get much more connected.

As with any kind of personal data there are a number of concerns regarding collection, transmission, storage and use. But unlike most other data, your genome reveals intimate information about not only you, but also the people to whom you are related.

It’s time to talk about who can access that data, how, when and why.

Read more: Our healthcare records outlive us – it’s time to decide what happens to the data once we’re gone

The current situation

Genetic databases are not new. For a while we have had law enforcement DNA databases, medical genetic databases, and ancestry DNA databases, among others.

Historically there has been a natural separation between these databases, because they tend to contain different types of genetic data. Medical genetic databases, for example, have typically screened specific genes, and this data is usually not variable enough to be useful in law enforcement.

Additionally, some databases have been governed by specific rules, such as those that limit who can be included in law enforcement DNA databases.

This is changing. The unit of genetic “currency” is becoming the same thing: the sequence of the entire human genome.

The rise of the genomes

The rate of genome sequencing is increasing rapidly. Massive genomics projects are set to emerge in the United Kingdom, Canada, France, and elsewhere.

The US National Institutes of Health has launched a Precision Medicine Initiative that aims to combine genetic and health data for one million people. China is investing more than US$9 billion in a similar initiative – the pilot stage alone includes one million human genomes.

It’s not just governments. Private companies have also set their sights on massive human genome datasets. Craig Venter’s Human Longevity Inc. is planning to sequence a million genomes by 2020 and has partnered with pharmaceutical giant AstraZeneca to work towards this goal.

The marketplace of corporate, direct-to-consumer genomics companies is also rapidly expanding. Amazon (which claimed 45% of online sales on a record-breaking Black Friday) reported the 23andMe DNA testing kit as one of its top 5 bestselling items.

Read more: Genetic home testing: why it’s not such a great guide to your ancestry or disease risk

It’s impossible to put a precise figure on the number of genomes that have been sequenced to date. Projects like BabySeq in the US point to a future in which genome sequencing may be a routine screen at birth.

Genome data is not anonymous

Keeping databases separate and anonymous may seem like a solution but this will be very difficult to accomplish. It is already possible, at least in some instances, to use information from a complete genome to locate the donor through searches of publicly available ancestry databases.

More recently, a controversial study claimed to be able to de-anonymise genomic data using facial reconstruction. In reality this isn’t possible yet – but the application of AI will certainly accelerate our understanding of these links.

Read more: Google may get access to genomic patient data – here’s why we should be concerned

Who wants your data, and why?

Your genetic data could be useful to three main groups in society.

1. Law enforcement

Law enforcement queries to commercial ancestry DNA databases have already begun to blur the lines that have typically kept these databases apart. The controversial process of familial searching shows how data may be used from ancestry databases to make inferences about a suspect. In the US, the existence of federally unregulated genetic databases may create further complication.

The establishment of mandatory DNA testing seems far-fetched, however that may not be the case everywhere. In 2015, Kuwait passed a law mandating DNA collections from all citizens and residents, although this was revoked earlier this year.

Closer to home, NSW Police Minister Michael Gallacher proposed that mandatory DNA collection from all newborns in Australia was “something that needs to happen”. Australia is not averse to surveillance of its population, as we have discovered with the national facial recognition system. This system goes into effect in 2018, and both law enforcement and private companies are pushing for access.

2. Private industry

Commercial DNA test providers can be legally required to hand over customer data to law enforcement. The privacy policies that consumers agree to make it impossible to know who else will have access to the data.

What is clear is that a digitised genome has monetary value. Genetic data from direct-to-consumer companies has already reportedly been sold to pharmaceutical companies.

3. Insurance companies

Our digital genomes provide information about our predisposition to various medical conditions and this is attractive to insurance companies. The predictive power of the genome is only going to increase over time. Once a consumer has taken a genetic test, they may be required to disclose that fact to an insurer or risk fraud charges.

What’s more, legislation protecting consumers from genetic discrimination is inadequate, and may be eroding in the US. Access to insurance is already being impacted in Australia.

Read more: Australians can be denied life insurance based on genetic test results, and there is little protection

Let’s talk about the future

Australia just created its first National Health Genomics Policy Framework, for 2018-20, and this begins to create guidelines for genomic data. This policy is geared towards medical research, however, so would not apply to consumer DNA services, and does not make provisions for law enforcement access requests.

Blockchain and “genome cloaking” cryptography approaches are being explored as a way to give people control over their genomic data and who can access it. A new company claims to offer a commercial, decentralised, blockchain system based on buying genetic services and selling access to genetic information.

Perhaps these approaches are part of the technological solution. But the central issue is this: should we own our genetic data, and should we as individuals be able to decide who can access it?

What is absolutely clear is that the future of genomic databases is almost here, and now is the time to figure out how we are going to allow this information to be used.