Genomic Messages: How the Evolving Science of Genetics Affects Our Health, Families, and Future - George Annas, Sherman Elias (2015)

Chapter 9. Genomic Privacy and DNA Data Banks

‘What your DNA is telling you’ doesn’t just depend
on your genome or the thousands of other genomes
out there. Rather, it depends on how they can be
related to one another; these vast amounts of data
can be made sense of only by using computers to
search for specific patterns and relationships.

—Hallam Stevens, Life Out of Sequence (2013)

The phrase genomic privacy suggests both that privacy is important and that there is a special kind of privacy we can label genomic. We think these assertions are true, and the goal of this chapter is to explain why and to suggest ways you can protect your own genomic privacy. Protecting your genomic privacy is made much more difficult than it should be in the current Internet age of Google and Facebook, as well as the National Security Agency (NSA), entities that often simply assert that “privacy is dead” and we should accept its death. Governments, private corporations, and researchers all want (and often get) access to our most personal and private information—sometimes with our active cooperation. Most Americans, however, disagree. Privacy is critical to human dignity and liberty. Most Americans believe that privacy should protect “private” information (especially medical and genetic information) to which we don’t want others to have access without our authorization. In 2015 Science published a special issue on “The End of Privacy” that suggested not so much that massive genome banks make privacy obsolete, but that we will have to protect our privacy in new ways. President Obama underlined this concern when he assured the American public about his proposed one million person genomics bank that “We’re going to make sure that protecting patient privacy is built into our efforts from Day 1.” Privacy is critical not because we necessarily have “something to hide”; it’s that we see no reason to share intimate details of our lives, including our medical information and our genomic information. Privacy also protects our identity. Privacy can be seen as making liberty possible, permitting us to make personal decisions that might otherwise be closed to us.

Genomic information is uniquely private because it implicates not just one or two but three major aspects of privacy: informational privacy, in that it is uniquely tied to you and your probabilistic future (what we have termed your “future diary” or your “personalized threat matrix”); relationship privacy, in that it discloses medical information about your parents, siblings, and children; and decision-making privacy (also called autonomy), in that it directly affects decisions about whether to attempt to become pregnant or to continue a pregnancy. Genomic information also has a history of misuse for eugenics in pre-World War II United States and genocide in World War II Germany. Finally, genomic information is not only stored and manipulated digitally (in a “DNA data bank”); it can also be stored physically, in the form of a tissue sample (in a DNA bank).

Since 9/11, the NSA has radically increased its power to spy on Americans, and Edward Snowden’s public disclosure of unchecked data collection by the NSA has at least sparked public discussion of whether our government has gone too far in secretly collecting private information from ordinary citizens not suspected of any criminal activity. In genomics, the largest “gene banks” in the United States are those maintained by law enforcement agencies to identify criminals, or at least suspects. Have we gone too far in authorizing our government to take our DNA upon arrest? Should you want to have your DNA included in a collection of DNA samples in a massive data bank used only for medical research? How can we be sure that our DNA is not misused to our detriment by government and private entities? Should you care about DNA ownership, consent, collection, computerization, and information disclosure policies? Can you protect your genomic information and simultaneously let researchers use it to promote society’s health? Should revelations about how large data collectors, including Facebook, have performed research on their users affect your views on the necessity of informed consent prior to “big data” research?

In this chapter we set out to answer these questions by first looking at the growth of DNA data banks, most notably government criminal DNA data banks, and the risks they pose to our privacy. These questions are not just hypothetical: they have been the subjects of major legal cases in the U.S. Supreme Court and the European Court of Human Rights. Comparing government DNA databases to private DNA databases, we use the second aspect of genetic privacy, family relationships, to see how our genetic privacy can be protected by private data bankers. The core question in this chapter is, who owns (in the sense of who can control access to and use of) your DNA? A series of real stories has played out in U.S. courts on this question, and we tell those stories. Should you view your DNA as your property or simply as highly sensitive medical information that should be protected by privacy laws? We will suggest privacy rules for DNA data banks, including the role that “depositors” in such banks should play in deciding who can have access to the data and whether it can be used for research or commercial purposes. We end the chapter with the remarkable U.S. Supreme Court decision that breast cancer genes are not patentable because they occur in nature, discussing the implications of that decision—the decision that corporations cannot own our DNA—for genomics, including whole-genome sequencing, and for our genetic privacy.

Big Data and Big DNA Data Banks

The core paradox of genomics is that while it promises “personalized medicine” based on treating you in unique ways informed by your unique genome, in the near future this will not be possible because not enough is known about population genomics. We need to conduct large-scale genomic research, research on the population level involving millions of genomes, to obtain the information we will need to make useful clinical decisions informed by genomics. Setting up these large-scale genomic research data banks is an ongoing project. The birth and growth of genomic data banks has concerned us for more than two decades, long before the era of big data, when the usual term was “DNA data banks.” In 1992, this was the second on our list of the four most important legal and ethical issues raised by the new genetics: How can the privacy of an individual’s genetic information be preserved? We argued that protecting privacy was critical for genomics because genetic information can be used to stigmatize individuals, has a terrible history of abuse, and “is potentially self-defining and sometimes embarrassing”—all reasons why everyone has a strong interest in not sharing it with individuals or companies.

Much has changed in the past two decades, but the basic privacy issues, especially those involving large collections of DNA samples, have yet to be solved, and the major suggested solutions all have serious drawbacks. Genomic privacy is still a work in progress. One approach is to “personalize” privacy, the way genomics seeks to personalize medicine. Each of us would be able to set our own limits on who could have access to our DNA samples and what uses they could make of them. As we’ll explore later in this chapter, informed consent could be used to provide privacy level choices. Google thought about using this approach for its users but ultimately decided not to. Google’s idea was to let their users decide for themselves where on a sliding scale they wanted to protect their privacy: minimal, medium, or maximum. We especially like the names they gave to people who opted for each of the three settings: kitten, cat, and tiger. Our view is that you should be a tiger when it comes to protecting your genomic information. It’s your genome, as a matter of both property and privacy, and we think the more you know about it—and the uses others may make of it to the detriment of you and your family—the more you will be likely to want to protect it from others.

Before reading further, ask yourself if want your physician to have access to your whole-genome sequence in your medical record (this may become more likely as the cost of sequencing decreases and the quality of electronic health records increases). If the answer is yes (and a yes answer could make sense, even to a privacy tiger), think about who else you would be willing to share your genome with—for example, your spouse, your children, your parents. Then think about your employer, your coworkers, your life, health, and disability insurance companies, your credit card company, and your bank. Now we’re in kitten territory. Finally, think about the government, including the police, the FBI, and the NSA. In all these cases, would you agree to have your genome linked to your medical record? What about your Facebook account or your OkCupid profile?

Does the perception that we may be moving slowly toward universal health insurance coverage in the United States make it reasonable for the government to maintain everyone’s whole-genome sequence in a national data bank for planning purposes and perhaps for medical research? What about collecting DNA for identification to solve crimes and prevent terrorism? It may seem strange, but more effort has gone into creating DNA data banks for criminal and terrorism investigations than for medical research. That’s why we begin our exploration of DNA data banks with the most recent U.S. Supreme Court case on DNA privacy.

Criminal DNA Data Banks

If you were stopped for running a red light, would you expect the police officer to take a DNA sample from you? What if the police officer arrested you on the spot? Should the police be able to take a DNA sample from you at the station without your consent? And once collected, should your DNA sample be permanently stored in a criminal database? Alonzo King was arrested and charged with assault for threatening a group of people with a shotgun. As part of routine booking in Maryland, a DNA sample was taken from him using a buccal swab. His DNA profile was compared to others in the FBI’s national DNA data bank, the Combined DNA Index System (CODIS). The sample matched an unidentified DNA profile taken from a rape victim in an unsolved crime. King was convicted of the rape on the basis of the DNA match. He appealed, arguing that it was a violation of his Fourth Amendment rights to take a DNA sample from him before he was convicted of any crime.

All fifty states require collection of DNA from convicted felons. Twenty-eight states have laws that authorize DNA collection from arrestees. Justice Anthony Kennedy, writing for the majority of the U.S. Supreme Court, decided that taking DNA at the time of arrest was reasonable under the Fourth Amendment, primarily because the government’s interest was “legitimate” (providing “a safe and accurate way to process and identify persons in custody”), and that “individual suspicion” is not necessary for processing. Kennedy characterized the DNA profile as the “fingerprint of the 21st century,” although he did concede that the case would present “additional privacy concerns” if the police searched the DNA sample for medical information.

Justice Antonin Scalia wrote a biting dissent. He noted that the only reason to run King’s DNA sample in the CODIS data bank was to try to solve a previous crime (a reason not permitted by the Fourth Amendment), not to identify King. Whether you agree with Justice Scalia or not (we do), he makes an unassailable observation about the “genetic panopticon” created by the decision: an arrest for any charge can now result in your DNA being collected and put in the national DNA data bank. Further, since DNA can lawfully be collected after conviction, the only arrestees for whom this Supreme Court decision will matter at all are those who have been acquitted of the crime for which they were arrested.

In balancing personal privacy with public safety, safety won out by a large measure (it almost always does, because safety seems immediate and vital, whereas privacy is less pressing and more abstract), even with no evidence to support it. With more than 10 million samples in criminal DNA data banks in the United States, our country already has the largest DNA data bank in the world. The United States also has the dubious distinction of having more of its citizens behind bars than any other country in the world. Is the Supreme Court right in concluding that DNA is just like a fingerprint, only better? A case from the European Court of Human Rights challenges this assumption.

The United Kingdom has been a world leader in collecting and using DNA profiles for criminal investigations since its first DNA dragnet, recounted vividly in Joseph Wambaugh’s 1989 book, The Blooding. Alex Jeffreys’s then new DNA profiling technique was used to conduct a DNA dragnet using blood samples from more than 5,000 men who lived in an area where two teenage girls had been brutally raped and murdered. Such DNA dragnets are unusual, but in 2014 Italian police took samples from more than 22,000 people to try to find the murderer of a thirteen-year-old girl. More routinely, DNA samples from arrestees are stored in data banks. The practice of police collecting DNA for suspect identification was initially justified to identify rapists and child molesters—groups the public has little sympathy for and whose privacy seems to come at the expense of victimized women and children. The use of DNA samples for identification has since expanded gradually but relentlessly to include more and more categories of criminal suspects.

The European case was brought by S, a minor who had been charged with attempted robbery when he was eleven and later acquitted, and Michael Marper, an adult who had been charged with harassment of his partner. The couple reconciled before trial, and the case against Marper was dismissed. S and Marper both asked that their DNA samples and profiles be destroyed on the basis that retention violated their right to privacy because the DNA samples contained “full genetic information about a person including genetic information about his or her relatives.” The UK argued that its indefinite retention of DNA samples was of “inestimable value in the fight against crime and terrorism.” The European Court of Human Rights agreed but was concerned that the UK made no distinctions in retaining DNA samples based on the gravity of the offense charged or the age of the suspect, that there were no time limits on retention, and that few opportunities existed to have the DNA samples and profiles destroyed. Similar to the concerns expressed by Justice Scalia in the King case, the European court was troubled that innocents were treated exactly the same as convicted criminals. The court accordingly instructed the UK to modify the procedures used in its DNA collection to permit the destruction of DNA samples and profiles from those not convicted of any crime and from minors.

In 2014 another European Court, the Court of Justice of the European Union, ruled that Europeans have a legal “right to be forgotten.” The case did not specifically deal with genetics, but was much broader, giving individuals the right to require that large data holders, such as Google and Facebook, break links to personal information that was out of date, embarrassing, or just plain wrong. This real opinion provided a good counter to the fictional totally transparent society envisioned by Dave Eggers in The Circle. Eggers imagines a privacy graveyard where people are expected to share their entire lives with everyone else online. His Internet society (based on private industry) has three slogans, mirroring the three slogans of the dictatorship of 1984: “Secrets are Lies,” “Sharing is Caring,” and “Privacy is Theft.”

The U.S. Supreme Court demonstrated, in the 2014 case Riley v. California, that it understands how cell phones and the Internet have radically changed the nature of privacy. The police sought to access the information on an arrestee’s cell phone on the basis that searching the phone was just like searching an arrestee’s pockets, wallet, or purse. The Supreme Court was unimpressed, noting, “That is like saying a ride on horseback is materially indistinguishable from a flight to the moon. Both are ways of getting from point A to point B, but little else justifies lumping them together.” Chief Justice John Roberts argued that the primary characteristic of a cell phone is its “immense storage capacity.” This implicates privacy in terms of the different kinds of information it holds and its ability to convey far more than was previously possible, dating back to the purchase of the phone. Finally, in the words of the chief justice, it is the element of “pervasiveness” that characterizes information in “the digital age”—its sheer quantity. But the quality of the new digital data also matters: a browsing history found on a phone “could reveal an individual’s private interests or concerns—perhaps a search for certain symptoms of disease, coupled with frequent visits to WebMD.” The Court did not specifically mention DNA data, but it would certainly find digitalized DNA data out of bounds in a police cell phone search, at least in the absence of a warrant.

Are Europeans more concerned about genetic privacy than Americans because of their experiences during World War II and the Cold War? It seems likely. It is also perhaps not surprising that one of the most powerful images of government oppression using information collection comes from the former Soviet Union. Aleksandr Solzhenitsyn, in his novel Cancer Ward, writes that in a totalitarian state people are obliged to answer questions on a variety of forms, and each answer “becomes a little thread” permanently connecting him to the local government center: “There are thus hundreds of little threads radiating from every man. . . . They are not visible, they are not material, but every man is constantly aware of their existence. . . . Each man, permanently aware of his own invisible threads, naturally develops a respect for the people who manipulate the threads . . . and for these people’s authority.” DNA implicates privacy even more than answers on forms—such as tax and census forms—because our DNA identifies us directly and can be seen as an integral part of who we (and our family members) are.

Mainstream scientists agree that it is critical to protect privacy in this context. Writing in support of the European Court’s UK opinion, under the headline “Watching Big Brother,” for example, Nature editorialized that the decision was especially timely, coming as it did just before the sixtieth anniversary of the Universal Declaration of Human Rights (UDHR): “The idea that the identity of a human can be revealed from [DNA] samples of any cell in his or her body is a symbol of the fact that every person is unique. The declaration of human rights [UDHR] asks us to treasure and honor all these unique individuals with respect for their autonomy—not to simply look for better ways to barcode them.” The point could be made a different way. The two great “codes” of the twentieth century—the UDHR and the genome—should be seen as mutually reinforcing human dignity rather than as an opportunity to use one (the genome) to subvert the other (human rights).

Commercial DNA Data Banks

The steep drop in the cost of whole-genome sequencing has led to new proposals to develop national and international DNA research data banks filled with whole-genome sequences (and links to medical records and other health-related data). In the words of historian of science Hallam Stevens, who opened this chapter, genomics already is “a science obsessed with data,” and many of its practitioners believe that “with enough sequence data and powerful enough computers . . . it will be possible to answer almost any question in biology, including and especially big questions about whole organisms, bodies and diseases.”

The first real attempt to construct a large DNA database to explore diseases was in Iceland. The fact that it is an island with a small population (300,000) and a hundred years of a national health system with complete records made the prospect of combining DNA samples with medical records almost irresistible. A private biotechnology firm, deCODE Genetics, was formed to develop and link three data banks (one consisting of computerized medical records, a second of DNA samples, and a third of genealogical data) in an effort to locate disease-related genes. The project has been controversial since 1998, when Iceland’s legislature approved the creation of a computerized Health Sector Database for deCODE’s use in research. Consent has been a recurring problem for the company and Iceland’s citizens.

George debated the company’s founder and CEO, Kári Stefánsson, both at a national medical meeting in 1999 and in the New England Journal of Medicine in 2000. George argued for requiring individual informed consent, while Stefánsson argued instead for “community consent” via the Iceland legislature. The legal rules regarding privacy of the database took center stage again in 2009, when deCODE put the database up for sale to avoid bankruptcy. Ultimately the company was purchased by a much larger company (Amgen), and the data bank has remained in Iceland.

In 2015 deCODE announced that it had sequenced 10,000 genomes from Icelanders (2,600 of which were reported on in Nature Genetics). Combining the sequences with medical records and genealogical data, Stefansson said he could identify everyone in Iceland who had the BRCA2 gene “at the push of a button,” adding, it is “a crime not to approach these people” to let them know. But if there is any “crime,” it is in analyzing an identifiable person’s genome without consent. It was the first genomic databank to do this, but it is unlikely to be the last. We need better rules now. We think individuals have a right to access this information (if they want it), even though they did not authorize its creation. We also think individuals have a right to order the genomic information about them destroyed. The company is the custodian of the identifiable information, not the owner. Disclosure and destruction rules should, of course, be agreed to before a person gives permission for genome sequencing, and it is quite astonishing that deCODE did not have such an agreement with its depositors given its checkered history with informed consent.

The company had originally relied on “presumed consent” to create their database of medical records, but the Iceland Supreme Court later ruled that explicit informed consent was required. The ruling came in a case brought by the daughter of the late Guomundur Igolfsson, who died in 1991. His daughter, then fifteen years old, asked that information from her father’s medical records not be transferred to the national Health Sector Database. Her request was denied, and she appealed to the Iceland Supreme Court. She argued that she had a personal interest in preventing the transfer of her father’s records to the database, because “it is possible to infer, from the data, information relating to her father’s hereditary characteristics which could also apply to her.” The court ruled that Iceland’s constitution requires the legislature “to ensure to the furthest extent that the information cannot be traced to specific individuals,” and that existing procedures did not meet this standard. Therefore, the law that created the Health Sector Database was unconstitutional. This ruling killed whatever was left of deCODE’s original project to create a countrywide computerized database of medical records, and the project was able to continue only after it adopted an explicit consent model.

These European cases support an individualistic view of privacy. They also indicate that the concept of genomic privacy is broad enough to protect the family unit from unwanted and unwarranted intrusion by both government and private actors. DNA is a family matter because, as we have mentioned elsewhere in this book, DNA provides information not only about the person from whom the sample is taken but also about the person’s siblings, parents, and children.

China has much bigger ambitions. Its Beijing Genomics Institute, known as BGI, is the world’s largest genomic research center, and it plans to create a genome bank with a million human genomes. When asked about privacy concerns, especially the role genomics could play in China’s reproductive policy, BGI’s president told New Yorker writer Michael Specter, “I don’t care. Emperors have been ruling us for thousands of years. I know the government is watching us at all times. So what? I don’t care about my personal privacy. It just doesn’t matter.” That attitude is, of course, the problem, not any kind of a solution.

The UK Biobank, perhaps the closest to the one President Obama envisions for the United States, aims to enlist 500,000 British citizens ages forty to sixty-nine to provide not only DNA samples but also medical records and answers to 250 personal questions, all for the cause of medical research. The goals of the project are laudable, but the consent rules should be fair and easily understandable. Current rules, which require research subjects to “relinquish all rights to their blood and urine samples, and give permission for access to their medical records at any time, even after death,” seem extreme and unfair without a clear provision to discontinue “participation” at any time, including—as in Iceland—the right of surviving children to discontinue use of their parent’s DNA samples. De-identification is also no substitute for consent, as it is becoming evident that DNA can be linked to identifying information in many cases. This is one reason why geneticist George Church asks people who want to have their genomes made part of his personal genome project (PGP) to waive their privacy rights. He now has 3,500 volunteers, with a goal of 100,000 and an ambition of a million, matching the Chinese project’s goal. He also seems inclined to follow the Chinese view of privacy, although with the knowledge and consent of the volunteers. In his words, “What I really wanted was for everybody to have their genome and ideally everybody to share their genome.”

Consent to DNA Data Banking

As anyone with an Internet connection already knows, individual consent is under broad attack in the United States, where it has historically been strongest. When you want to use almost any service on the Internet, you are asked to “agree” to the service’s privacy policy. This policy is usually more than fifty pages long, and even if you wanted to read it, is incomprehensible to most people—although we get the bottom line: the company can do whatever it wants with the information it gets about you from your visit to their site. This, and related models such as “broad consent,” “tiered consent,” or “opt-out consent,” have no place in the genomics realm, where others can use your genomic information against you in a variety of ways. Whenever the adjective informed is replaced by another adjective before the word consent, you should be suspicious that an effort is being made to reduce your role in deciding how your personal information will be used. Use of your information by others to discriminate against you is just one reason why you may want to control access to your genomic information. Another is that we think the ultimate battle to retain or modify medical information privacy will be won or lost in the battle over your control of genomic information. Until the enactment of the federal statute known as GINA (the Genetic Information Nondiscrimination Act), employers and health insurers could discriminate against you based on your genomic information. Others still can.

Antidiscrimination laws are necessary to protect people from genetic discrimination, but as we suggested in 1995 (in a proposed federal statute we drafted for the Ethical, Legal and Social Implications portion of the Human Genome Project, which we called the “Genetic Privacy Act”), privacy protection involves more than protection after genetic information has been obtained and shared with others. Effective privacy protection would also require personal authorization for at least four prior steps: collection of your DNA sample (for instance, from a blood sample or cheek swab), analysis of your DNA sample, storage of your DNA sample, and storage of the results from your DNA analysis. Of course, only after collection does the question of authorized use come up. So when you see large information bundlers, such as Microsoft, argue that we shouldn’t worry about the collection of our data but only about the use of the data, you will understand that this is simply wrong. The best way to protect against misuse of our data is to prevent collection in the first place.

With the advent of whole-genome sequencing, your entire DNA sample could be digitalized, and there would be no need (except arguably for quality control) for data collectors to retain the DNA sample itself. Plans to combine large digitalized DNA data banks are well under way, and “investigators are clamoring for unified informed-consent documents that will allow them to compile genetic information into databases without creating a legal thicket of differing privacy protections.” This strategy seems to be putting form (and forms) over substance, but a “unified” document could make sense if it contained sensible protections for individuals. In this regard, an editorial in Natureon UK Biobank got it right: it is a fundamental human right to determine how personal medical data are used, and exceptions to specific informed consent cannot be taken for granted. “ Informed consent is not an obstacle to be overcome but a principle to be respected and cherished.”

Research is necessary for medical progress, and for progress to be attained in genomics, research will require massive DNA data banks, “very big data,” to search for correlations among genes, environment, family histories, the biome, and other variables that can affect your health. Big genome will quickly join big data in developing larger and more integrated DNA data banks, probably better termed “genome banks,” for research. We encourage this development, because, as we have explored in a variety of contexts in this book, the science of genomics is much, much more complicated than virtually anyone recognized as recently as a decade ago, and it includes recognition of the critical roles of environment, the microbiome, and epigenetic effects. Progress in understanding genomics will require massive data banks of genomic and personal health information. But big data alone won’t solve scientific problems. Data is just data; it’s the interpretation that matters. And interpretation is much more difficult than collection. relationship with a genomic datCaorrelations may help us create hypotheses to test, but in medicine and public health, it is causal relationships that matter. When computers were new, the common lament was “garbage in, garbage out.” The refrain now is “Big Error can plague Big Data.”

Google Flu Trends shows, for example, some of the limitations of big data. Google believes that by monitoring all Google searches for terms related to the flu, it can apply algorithms to determine the extent of a flu outbreak and where it is spreading, and do it “several days” faster than the surveillance methods of the Centers for Disease Control and Prevention (CDC), which rely on reports from the field. The algorithms have been used in twenty-nine countries since the program was first launched in 2008. In 2013 Google Flu greatly overestimated how many people in the United States would get the flu at its peak. Some thought the overestimates were based on many healthy Googlers who were curious about how the flu season was going. Others, however, just thought that the CDC’s methods remain better than the big data approach because, as the National Association of Healthcare Access Management put it, “The CDC model can control more factors than the Google model,” including looking for respiratory viruses that are not the flu. Google is changing its algorithms, but it will be a while, if ever, before its big data approach is ready to replace traditional public health reporting and follow-up. Of course, sometimes neither approach will work, as in the universal failure to predict the Ebola epidemic of 2014.

Similar big data approaches have been used to direct cholera prevention projects in Haiti. The hope is someday to combine various data sources “to predict an outbreak before it begins.” That’s the hope. The reality is, as a proponent observer put it, that “information will only get us so far.” In Haiti, for example, “equally pernicious forces, such as politics, nationalism, strained resources, and fear can, in a crisis, override even the best data tools.” We’re not against the movement toward big data in genomics, but it is very easy to oversell and overpromise, and you should feel no obligation to donate your DNA to a big data bank or a big data project. In making your decision, it may help to think of your DNA as your property. How would emphasizing your property rights instead of privacy rights affect your relationship with a genomic data bank? Put another way, does it make sense to redefine the relationship between a genetic data bank and a depositor from a researcher-subject relationship to a recipient-gift-giver relationship? The story of John Moore helps us answer this question.

In 1976, John Moore, a worker on the Alaskan pipeline, was treated for hairy cell leukemia by hematologist-oncologist David W. Golde at the University of California, Los Angeles (UCLA). As is standard treatment, Moore’s spleen, which had enlarged from about eight ounces to more than fourteen pounds, was removed. Moore improved quickly. In an act that recalls the Henrietta Lacks case, Golde took a sample from the spleen and isolated and cultured an immortal cell line capable of producing a variety of valuable products, including one that stimulates the bone marrow to produce more white blood cells to fight infection in patients undergoing chemotherapy. In 1983, UCLA was granted a patent on the cell line. (figure 9.1) Moore said he never would have known about the cell line had Golde not called him in 1983 and told him he had “miss-signed the consent form” (circling I “do not” grant instead of I “do” grant UCLA all rights in “any cell line”). Moore sued UCLA and Golde for stealing his cells. The trial court ruled that Moore had no rights to his own cells, but an appeals court ruled that if Moore could prove theft of his cells, he could prevail.

United States Patent

Golde et al.




David W. Golde; Shirley G. Quan, both of Los Angeles, Calif.


The Regents of the University of California, Berkeley, Calif.

Appl. No.:



Jan. 6, 1983

9.1  Patent of Mo cell line. David W. Golde, “Unique T-Lymphocyte Line and Products Derived Therefrom,” U.S. Patent 4, 438, 032, filed Jan. 6, 1983, and issued March 19, 1985.

The California Supreme Court ruled that Moore’s physician should have disclosed his financial interest in using his patient’s spleen for research and commerce. The court also ruled that Moore had no property interest in his cells after they had been removed from his body. In short, everyone in the world could own John Moore’s cells except John! The court’s reasoning was straightforward but unsophisticated. The court noted, for example, that California statutes governing the disposition of excised tissue, such as organ transplant laws, do not give property rights in organs to patients, but it failed to note that these laws only cover organs removed from corpses, who obviously can’t own anything.

The real reason for the California ruling is the court’s belief that “the extension of [property] law into this area will hinder research by restricting access to the necessary raw materials [and] destroy the economic incentive to conduct important medical research.” Just as in the King case, where the U.S. Supreme Court easily concluded that an individual’s interest in genetic privacy must give way to the state’s interest in safety, the California Supreme Court concluded that Moore’s property interest in his cells must give way to the interests of society (and private corporations) in (genomic) research and commerce.

In a later Florida case involving the collection of tissue samples and medical information from families affected by Canavan disease, a court ruled that under Florida law “the property right in blood and tissue samples . . . evaporates once the sample is voluntarily given to a third party.” As in Moore, the judge worried that a finding for the plaintiffs would “cripple medical research.” And in a case from Missouri involving prostate cancer samples from patients who had signed research consent forms that authorized the storage and use of their tissue for future research, a court ruled that the patients had transferred all their rights in the tissue to the researchers.

The courtroom conflicts in these cases were the result of real confusion over who had control of the tissue samples from which various products and genetic information were derived and what form of consent or authorization, if any, was required from the patients who supplied the samples. Traditional rules for clinical research don’t work, because collecting and storing human tissue is not a research activity performed on humans, nor is it new, experimental, or even controversial.

The continuing controversies over the appropriate use of human tissue, including its use as a commercial product, suggest that human tissue donation needs its own rules and standards. Agreement on such standards has eluded human tissue collectors to date, but the Missouri prostate cancer case can help to move us to the next phase: regulating tissue donation and banking by creating, via statute or best practices, a formalized process for tissue donation. Think about whether you would donate a saliva or blood sample to a DNA data bank that would use the genome derived from it for medical research. What would you expect to be told about your “gift”? And would you let the data bank link to your electronic health record?

We believe a formalized process for human tissue donation (including donation for the purpose of genome derivation) should require explicit recognition that a gift is being made, identify the recipient of the gift, and specify whether the gift is conditional or unconditional. If a conditional gift is intended, the donor must specify the conditions, including any requirement that the tissue be destroyed if those conditions are not met. For example, “I want my DNA sample used for any medical research EXCEPT that involving mental illness or dementia.” The statutory approach would be to draft a law similar to the Uniform Anatomical Gift Act, which governs the donation of dead bodies and tissue removed from corpses. Such a law would (or at least should) also determine under what circumstances, if any, people would be permitted to sell their tissue, and what buyers could do with it. Current federal law, for example, prohibits the purchase or sale of human organs for transplantation, and current national voluntary guidelines prohibit the purchase and sale of human ova, at least for stem cell research. Clear rules for collecting and storing human tissue would benefit both collectors and providers.

The Presidential Commission for the Study of Bioethical Issues took a stab at the privacy question in its 2012 report, Privacy and Progress in Genome Sequencing. Among its most important recommendations were that everyone involved in whole-genome sequencing adopt “clear policies defining acceptable access to and permissible uses of whole genome sequence data,” and that federal and state governments adopt policies that “protect individual privacy by prohibiting unauthorized whole genome sequencing without the consent of the individual from whom the sample came.” The commission also insisted on a “robust and workable consent process” that includes a description of whole-genome sequencing, how the data will be analyzed, stored, and shared, and the types of results from research or testing that individuals will get.

One major problem is determining what research use can be made of DNA samples already collected and stored. For example, would a committee or review panel made up primarily of donors be acceptable in granting consent for research use if it is transparent to the donors and representative of them? One suggested analogy is letting a friend or a group of friends order dinner for you in the event you are late. But delegating a dinner order to someone is quite different from delegating decision making about research. This is because you have no obligation to eat what has been ordered (and can likely get something else to eat even if you refuse what has been ordered), whereas the research will be done whether you like it or not. More than a simple delegation of authority is at stake here. The National Institutes of Health (NIH) recognized this in the context of reaching a 2013 agreement about future research conducted on the famous HeLa cells taken from Henrietta Lacks in 1951 without consent (discussed in chapter 4). The cells are now available around the world, but the ability to do whole-genome sequencing on them is new.

Following publication of a sequence of the HeLa cells by a German research team, surviving family members made it clear that they felt their privacy was being invaded without their authorization. As Jeri Lacks-Whye, Henrietta’s granddaughter, put it (in words similar to the daughter in the Iceland case): “I think it’s private information. . . . I look at it as though these are my grandmother’s medical records that are just out there for the world to see.” Working with Francis Collins, the family agreed that NIH would set up a committee. The committee, on which members of the Lacks family now sit, must approve any NIH-funded research that makes use of the Lacks data stored in the an NIH database, and publications that use the data must recognize Henrietta Lacks and her surviving relatives. No money would be paid to the Lacks family. Although NIH said this agreement did not create a precedent, it is hard to understand why not, or to understand why all contributors to DNA databases should not have an opportunity to vote on how their DNA should be used. A lot has changed since 1951, including the ability to keep in contact with tissue donors by cell phone and personal computers. As Jeri Lacks-Whye advised, “Have them involved, that’s not only for HeLa sequences, but anybody who participates in research.”

Gene Patenting and Big Data

The DNA “donors” in both the Moore cell line and Florida Canavan cases objected to patents on cells or DNA sequences that permitted others to profit from their cells and control their use. While they did not generalize this concern, others have, and cries of “no patents on life” have been heard for decades. Only in 2013 did the U.S. Supreme Court finally rule on the question of whether human genes are patentable (a form of ownership that gives the patent holder a twenty-year monopoly over use of his “invention”), deciding by a vote of 9–0 that they are not. The case can be dated from 1980, the year the U.S. Supreme Court decided, on a 5–4 vote, that a modified bacterium to which scientists had added four plasmids (which enabled the bacterium to break down various components of crude oil) was patentable. The patent claim was for “a non-naturally occurring manufacture or composition of matter—a product of human ingenuity ‘having a distinctive name, character and use.’” The Court agreed that the Chakrabarty bacterium was new, “with markedly different characteristics from any found in nature,” due to the added plasmids and the resultant “capacity for degrading oil.” It did not matter to the Court that the methods employed to create the new bacterium had been in routine lab use for more than fifteen years, and the addition of the plasmids involved no new technology, such as use of restriction enzymes or in vitro recombinant methods.

After a research race largely financed by the National Institutes of Health, a private company patented two genetic sequences, now known as the “breast cancer genes,” BRCA1 and BRCA2 (see chapter 8). Myriad Genetics developed a testing service, charging approximately $2,500 for testing a DNA sample to determine the cancer-predisposing mutations in these two genes. Myriad also charged anyone else who might offer genetic testing for these two genes with patent infringement. In 2007, author Michael Crichton, shortly after he published Next, his novel based largely on the Moore case, wrote in an op-ed in the New York Times that gene patents could cost lives because they are used “to halt research, prevent medical testing and keep vital information from you and your doctor.” Moreover, in the case of breast cancer, they raise costs “exorbitantly”—from $1,000 to $3,000. Crichton concluded that the patenting rules left patients with no choice: “Don’t like it? Too bad.”

Shortly thereafter the American Civil Liberties Union and others brought suit against Myriad Genetics to have the patents on breast cancer genes declared illegal. George was at the Supreme Court for the oral arguments in early 2013. Leading genomic scientists were also in the courtroom, including James Watson, the Nobel laureate who codiscovered the double-helix structure of DNA, and Eric Lander, president of the Broad Institute of Harvard and MIT, who we have quoted previously. It was a big case, perhaps the biggest science-related case the Court had ever decided, and everyone knew it. The U.S. Patent Office wanted all Myriad patents upheld; the ACLU wanted both the patents on the breast cancer genes themselves and the patents on those same genes in which DNA had been synthetically modified in the laboratory by removing everything except its exon (coding) sequences—called complementary DNA (cDNA)—declared unpatentable. The Obama administration took an intermediary position: that the genes should not be patent eligible, but the cDNA (“synthetic DNA”) should be.

The crucial legal issue (are genes patentable subject matter?) would be settled by the answer to a question of fact: did isolated DNA molecules, specifically the BRCA1 and BRAC2 genes, occur in nature in this form? Eric Lander had submitted a brief on this point, arguing that they did. He had read the lower court decision and decided that the judges were misinformed on the science. He cited twenty-four scientific papers in his brief to support this factual proposition. He further argued that because of an incorrect assumption (that is, incorrectly assuming that isolated DNA did not occur in nature), the lower court had resorted to unhelpful and unnecessary analogies, including whether a chromosome was like a leaf plucked from a tree, or like a kidney surgically removed from a human body, or even like a baseball bat carved from a tree trunk. Justice Stephen Breyer asked Myriad’s lawyer whether he (Justice Breyer) correctly understood the Lander brief to say that isolated cells precisely identical to the BRCA1 gene exist in nature: “Now, have I misread what the scientists told us, or are you saying the scientists are wrong?” Breyer ultimately was not persuaded that the lawyer for Myriad understood the science of genetics better than the scientists themselves.

Many observers were surprised at how little support any of the Justices showed for patenting whole genes and gene sequences, but after the oral argument, almost no one was surprised by the decision. Written by Justice Clarence Thomas for a unanimous Court, it ruled the way the Obama administration had suggested: genes that occur in nature are not patent eligible; genes that have been modified in the laboratory and do not occur in nature are. We found Justice Thomas’s description of DNA and the distinction between isolated DNA segments and cDNA so well put, we’ve included it in Appendix A. We also liked this formulation: “It is undisputed that Myriad did not create or alter any of the genetic information encoded in the BRCA1 and BRCA2 genes. The location and order of the nucleotides existed in nature before Myriad found them.”

The decision opened the way to whole-genome screening tests by any company that wants to do them or market them without any worry that the company might have to obtain a license from the estimated 3,000 companies and individuals who had claimed patents on naturally occurring genetic sequences or genes. Without this reassurance, few companies would likely pursue whole-genome sequencing as a business model.


The key paradox of the current state of whole-genome sequencing is summarized by the President’s Commission for the Study of Bioethical Issues: “The majority of the benefits anticipated from whole genome sequencing research will accrue to society, while associated risks [that is, privacy risks] fall to the individuals sharing their data.” The more we learn from DNA data bank research, especially about how to interpret the human genome, the more important privacy becomes. This is true in all its aspects: from secrecy, to protect ourselves and our families from discrimination; to anonymity, to permit us to volunteer our DNA to be used in medical research and in large data banks without fear of being identified or having the research findings used against us; and autonomy, to enable us to use genetic information about ourselves and our families as we see fit. Far from killing privacy, because of all the information our DNA contains, genomics can be said to have given privacy a new life.

The most important conclusion from this chapter is that your DNA is yours—it’s your property, and it contains information that is most important to you—since it is unique to you. This gives you the legal and moral authority to decide what to do, and what not to do, with it. This includes the right to donate your DNA to a DNA research data bank (and to set limits on what it can be used for), as well as to decide not to make such a donation. Big data proponents argue that we should regulate data only at the stage of use and disclosure, not at the stage of collection. Thus, for example, they think it is fine for Google or the NSA to collect all the data it can—as long as they restrict how they use it. We don’t. Once your DNA has been collected and stored, control over it becomes much more difficult and problematic. You should have the right not to have your DNA collected in the first place without your informed consent or authorization. Of course, even after collection, it should not be analyzed without your authorization as well.

The right to authorize analysis of your DNA also comes with a related right not to have your DNA analyzed or linked to your medical record. This is sometimes referred to as a “right not to know,” or a right to be ignorant, but we think it is more accurately seen as freedom to live your life as you see fit. You have a right to live your life without being subjected to information that could make your life worse. This is, for example, why James Watson could agree to have his entire genome sequenced and made public but refuse to grant permission to search for genes related to Alzheimer disease—a condition he greatly feared. We all have the same rights—although not the same knowledge of genetics—as Watson.

In deciding whether to participate in a DNA research data bank—and it will literally take millions of individuals to make meaningful progress in genetic diagnosis and treatments—you should insist that your privacy be protected in ways you want and can monitor. No research should be done on your identifiable DNA sample (although even unlinked DNA can be identifiable) without your prior approval, and no information should be released to you or anyone else about your personal results without your prior agreement. All genomic research projects done with the banked DNA samples should be made public and the protocols approved by a board that includes significant numbers of DNA depositors. Results should be made public as soon as they are reasonably verified.

Genomic research using large-scale multinational DNA data banks is critical to applying genomics to clinical medicine. The public is rightly supportive of it—but people are more likely to donate their DNA and medical records to public, not-for-profit research data banks than to for-profit commercial data banks. This makes sense as the former is more likely to take your privacy seriously. Nonetheless, no matter what type of bank you decide to give the gift of your DNA, you should make clear your conditions on the gift, including what the data bank can and cannot do immediately with your DNA, and what uses of your DNA will require the bank to recontact you for authorization.

The next and final chapter is devoted to scientific speculation, which is common in the popular press and even scientific journals, but which may strike you as more science fiction than science fact. Where can, and where should, the new genomics take us?




Privacy is a public good; your DNA is not.

Genomic privacy protects both our
physical DNA and the information derived
from our DNA and stored digitally.

Genomic privacy is a family matter because
your DNA also informs on your family.

No one should collect, store, analyze, or
use your DNA, or information derived from
your DNA, without your permission.

DNA data banks should always be required
to protect privacy and ensure informed
consent, including guaranteeing you the right
to withdraw your DNA and information.