Fostering public engagement in the ethical and social implications of genetic technologies

23andMe: Screening a Personalised Medicine Company for Ethical Problems

  • Published in Blog

With the information that our genomes hold we can make better decisions and be more proactive when it comes to our health. We can now personalise medicine.

23andMe, the Google-backed personal genetics company, are working towards exactly that. According to their co-founder, 23andMe promises nothing less than to revolutionize health care. They have certainly made an impression: since launching their Personal Genome Service in 2008 (initially costing £636, now £125), 23andMe has received Time magazine’s Invention of the Year award and amassed 650,000 genotypes from customers – the largest single collection of DNA in existence.

But their revolution has not gone entirely as planned. With controversy following controversy, last November 23andMe were forced to stop selling their genetic testing products in the US. Consequently they have explored the possibility of marketing their products in more congenial legal settings, and to that end 23andMe last week launched its home DNA Collection Kit in the UK.

More than anywhere else in the world, the flag for personalised medicine is being flown at full mast in the UK. And so, in keeping with this trend 23andMe’s DNA Collection Kit was reviewed and approved by a UK Research Ethics Committee, despite the ban in its native country.

So what is it? Customers send a saliva sample to 23andMe’s lab in the Netherlands, where, rather than sequencing an entire genome (which is between ten and thirty million genetic variants), they compare common differences in known genes. Using a gene chip from Illumina, they provide ancestry information and an individual risk assessment for illnesses including breast cancer, Parkinson’s disease and cystic fibrosis.

At face value this sounds harmless enough. However, questions have long been raised about the validity of the Personal Genome Service. In 2011, a group of Dutch and American academics voiced concerns about the scientific credibility of 23andMe’s methods. Just last week Dr Ewan Birney, associate director of the EMBL-European Bioinformatics Institute in Cambridge, similarly noted that what 23andMe offer is based on “very small shifts of risk, which are better served by simply living healthier and getting more exercise”.

Such assessments were reached independently of 23andMe’s long-running battle with the US Food and Drug Administration (FDA). As 23andMe specifically advertised their service as a first step in prevention” that enables users to “take steps toward mitigating serious diseases the FDA classified it as a medical product – one which failed to comply with the relevant regulations. This concluded in November 2013 with in a ‘warning letterissued by the FDA to 23andMe, stating: “We still do not have any assurance that the firm has analytically or clinically validated the Personal Genome Service for its intended uses”. The letter ended with an order to “immediately discontinue marketing the PGS [Personal Genome Service] until such time as it receives FDA marketing authorization”.

So, rather than overcoming the legal hurdles faced in the US – or indeed, making the science more robust – 23andMe decided to offer their Personal Genome Service elsewhere. And, as stated, the UK proved fertile ground, resulting in last week’s launch of the Personal Genome Service – now re-branded as the DNA Collection Kit.

With its own plans to integrate personalised medicine into mainstream healthcare, Britain has ambitions grand enough to match those harboured by 23andMe. NHS England has plans for a national genomic database, of which the data of 100,000 patients collected under the 100,000 Genome Project (due to complete in 2017) is just the pilot stage. And, just like the 100,000 Genome Project, 23andMe’s Personal Genome Service/DNA Collection Kit is part of a much bigger picture. The DNA Collection Kit is merely the initial phase in the collection of a massive amount of genetic data. According to Patrick Chung, a 23andMe board member and partner at the venture-capital firm NEA, “the long game here is not to make money selling kits, although the kits are essential to get the base level data. Once you have the data, 23andMe does actually become the Google of personalized health care”.

We already know that genetic data combined with relevant phenotypical information is a precious commodity, not least for Big Pharma. As things stand, 23andMe’s database of 650,000 genotypes is just the start: the desired figure, according to co-founder Anne Wojcicki is 25 million. Once “you get 25 million people, there’s just a huge power of what types of discoveries you can make. Big data is going to make us all healthier. What kind of diet should certain people be on? Are there things people are doing that make them really high-risk for cancer?”

Believe the spin, then, and there is no need to worry about the FDA’s ban on the Personal Genome Service. Just buy the (identical) DNA Collection Kit, provide 23andMe with the requisite capital – and most importantly, the genomic data – and better health awaits us all. Dig a little deeper, however, and a less attractive side to 23andMe emerges. In 2009, it filed, and was later awarded, a US patent application for “gamete donor selection based on genetic calculations” with the express purpose of identifying “phenotypes of interest in the hypothetical offspring” – a move criticised by Marcy Darnovsky of the Center for Genetics and Society as tantamount to “shopping for designer donors in an effort to produce designer babies”.

According to 23andMe the ‘Family Traits Inheritance Calculator’ “offers an engaging way for you and your partner to see what kind of traits your child might inherit from you”. When 23andMe filed the patent other potential uses cited for the ‘calculator’ were screening of sperm and ova to be used for in vitro fertilisation, and the selection of traits like eye colour, risk of disease, projected height, and gender. Perhaps unsurprisingly, 23andMe have since distanced themselves from the eugenic implications of the patent, claiming that “much has evolved in that time, including 23andMe’s strategic focus. The company never pursued the concepts discussed in the patent beyond our Family Traits Inheritance Calculator, nor do we have any plans to do so”.

Then there are the privacy concerns (which went unmentioned in last week’s coverage of the DNA Collection Kit in the mainstream media). In a section of 23andMe’s privacy statement titled ‘Analyse and Provide You With Our Services’, the company reserves the right to use your personal information – including your genome – to inform you about products and services. It goes without saying that a colossal amount of money can be made from using genetic identity to target the individual concerned with health-scare-based advertising. Herein lies a serious problem with direct-to-consumer genetic tests: there is no neutral intermediary, no disinterested party between corporation and customer. The power lies overwhelmingly in the former’s hands.

Perhaps most worryingly of all are the consequences for medical insurance. In the UK insurance contracts are signed on the basis of “utmost good faith”, meaning the insured party has to disclose all relevant facts to the insurer. In a little over two years the ‘relevant facts’ could cover genetic data, as at present there is no UK legislation prohibiting discrimination on the grounds of genetic traits or dispositions – merely a moratorium between the Association of British Insurers and the Department of Health which expires in 2017. In the event that the moratorium fails to be renewed or extended, as of 2017 those who have taken a genetic test and been found to carry a genetic predisposition to breast cancer, for example, could be faced with disclosing such information when taking out an insurance plan.    

In light of such not insignificant concerns it might be asked how 23andMe were given the green light by the Research Ethics Committee UK to launch the DNA Collection Kit. If this is troubling enough when seen in isolation, it is particularly so when seen in the context of an emerging pattern of lax oversight and insufficient sensitivity to the ethical and social concerns of this new frontier in medicine.

Take the 100,000 Genome Project. In 2012 a Freedom of Information (FoI) Request submitted to the Department of Health by this very organisation found that data on the proposed national genomic database could be made available to the private sector without patient consent (coverage by The Guardian here) along with some patient-identifiable information. After several further FoI Requests, and despite public assurances from the Prime Minister himself that all patient data made available to the private sector would be anonymous, it emerged that such data currently moves from public to private sector without patient consent on an almost weekly basis. There is every reason to believe that genetic data will be subject to the same availability.

Then there is the impending legislation concerning the misleadingly-named mitochondrial DNA transfer: a process whereby the nucleus of a woman’s egg is transferred into the surrounding mitochondria of another’s, such that the possibility of inheriting conditions through mitochondria DNA (approximately 0.1% of the total cell DNA) is diminished. A laudable aim, no doubt. But one which, as Jessica Cussins of the Center for Genetics and Society notes, threatens a “long-respected international policy consensus” against human germ-line modification. Absurdly, the Department of Health defended itself by claiming it does not believe the technique amounts to genetic modification – a disingenuous response, since the manipulation of a portion of DNA, however small, is precisely the goal. Concerns about safety aside, a technique which allows for three genetic parents will shortly be made available with scant regard for the ethical implications.

There is a common thread in the now certain legalisation of genetic engineering, the 100,000 Genome Project and relaxation of the model of consent that governs uses of the genetic data held therein, and, finally, the arrival of 23andMe on these shores. In stark contrast to international, regional and domestic normative guidance and legal instruments - in the UK, there is not only a failure to treat genomics, the biosciences, and personalised medicine with caution, in fact, these spheres are now seen as part of economic policy. Why is it that this paradigm is seen as appropriate, yet, The Council of Europe’s Convention on Human Rights and Biomedicine (1997) is not alone in urging that the human genome should not be treated as something from which we should gain financially? In any case, what is certain is that decisions that are taken now will shape future policy and regulatory decisions. Indeed, the framing of genetics in terms of their value to the economy smacks of short-termism, and is symptomatic of a wider problem of which global warming is the most poignant example. 


Read more..., Genomics, and the Launch of 'Accredited Safe Havens'

  • Published in Blog

The decision to roll-out and the proposal to launch 'Accredited safe Havens' across the UK, gives compelling reasons to support the EU's strengthening of the data protection regime. 

Following the announcement that will be rolled-out across England, a further, even more significant development is the proposal to launch ‘accredited safe havens’ (Ash). As a defining moment in the governance of personal information, ‘accredited safe havens’ will render obsolete the need to seek approval from the Secretary of State for Health and, in the case of medical research, by a research ethics committee or the Health Research Authority. This will make personal identifiable information easily accessible without a person’s consent and for purposes ‘other than direct care’. 

Circumventing the legal instruments that have been germane to information governance hitherto, such as the Human Rights Act (1998) and the Common Law Duty of Confidentiality, ‘Safe Havens’ make an already permissive information governance regime even more congenial to Government and private sector interests. An example of an ‘Ash’ is the Health and Social Care Information Centre (HSCIC), through which will be shared. Although the Department of Health (DoH) has claimed that (Ash) is only intended to provide access to records that have been stripped of personal details, elsewhere the DoH affirm that ‘safe havens’ will provide access to information from personal care records which could be used to identify an individual.

This further weakening of privacy law is discordant with reforms to the EU data protection regime that are currently underway. In effect, the proposed EU regulation will replace the existing Data Protection Directive (1995), and will be directly applicable in member states without the need for implementing legislation. Following a European Parliament vote earlier this year, substantive amendments to EU privacy law are now irreversible. And, as for the direction of travel, it is clear that the rights of data subjects will be strengthened. Article 7 of the proposed regulation is of particular salience: it stipulates that for consent to be valid the data subject must give explicit consent. 

Clearly, there are deep tensions between the expected fortification of EU privacy law and the UK’s agenda, the main focus of which is economic growth. The latter, given the controversies surrounding, affirms the need for a renewed discussion about the kind of considerations that should hold sway in the domain of information governance. Indeed, the EU is approaching the matter in the right way by attempting to answer this question through democratic means. 

As the EU’s ‘hostile reforms’ require that any disclosure of identifiable information secures a person’s “specific, informed and explicit consent”, its impact would be felt on the well-documented sharing of personal, identifiable medical data. With Bupa, a private insurer, and, once established, the regional ‘accredited safe havens’, the Government has been doing its best to undermine these changes. However, EU data protection reform would also have substantial consequences for and the 100,000 Genome Project. Indeed, the Secretary of State for Health recently confirmed that will be linked with the 100,000 whole-sequenced genomes. This fits with the Government's apparent plans to make the UK into a world leader in the biosciences, and, ultimately, integrate personalised medicine into mainstream healthcare.

A Freedom of Information disclosure by the DoH to EthicsandGenetics reveals that, when the 100,000 Genome Project “concludes in 2017, there will be sufficiently robust genomics infrastructure in place to ensure that genomic medicine will be carried out routinely in the NHS.” So the spectre of personalised medicine looks to come sooner. And so too, will the commercialisation of whole-sequenced genomes, connected to, and their storage on ‘accredited safe havens’. Indeed, as Genomics England will own the 100,000 whole sequenced genomes, and when this data is stored in safe-havens, the public will have little control over the purposes for which such data are used.

The body tasked with providing ethical guidelines in the 100,000 Genome Project, the Ethics Advisory Group, stated that it has the “potential to bring real benefits to individual patients and their families, to the NHS more broadly, and to the UK economy.” Further, NHS England has claimed that the “research opportunities and mainstream use of genomic medicine across the NHS also has a major contribution to make to wealth creation and economic growth in this country.” It seems that, if even the Ethics Advisory Group has the economic benefits of commercialising genetic data as a central concern, we can expect a tug-of-war regarding what kind of considerations should have primacy in the governance of highly sensitive, personal information between the UK and the EU.

As we know, Government, ‘big pharma’ and the higher echelons of the private sector have deeply interwoven interests. And with Google looking to become a player in personalised medicine, and 23andMe, the Google-backed and much-maligned DNA analysis company intent on selling its products in new markets, maybe there is good reason to support, rather than undermine, the EU’s data protection reforms. 


Edward Hockings

Read more... and exercising our right to democracy

  • Published in Blog

We have until March to opt out of the initiative. The "theoretical risk" that we might be reidentified from our personal data once it is made available to third parties is a compelling reason to opt out. However, this is not the only reason. is part of a major legislative programme that includes the Clinical Practice Research Datalink (CPRD) and the 100,000 genome project – through which whole-sequenced genomes will be put to commercial use. These major infrastructural developments have been accompanied by radical changes to privacy law that have resulted in a cultural shift in the governance of information.

These sweeping changes in privacy law were introduced without consultation, and the risks they entail will be borne by those whose medical records may be accessed without their consent. How did we get to this point? Fourteen years ago, written evidence by SmithKline Beecham to the Select Committee on Health, House of Commons, advanced the view that the “NHS represents a singular but under-utilised resource for population genetics, and healthcare informatics more generally.”

In 2007, further written evidence to the Select Committee on Health, House of Lords, by the Association of the British Pharmaceutical Industry, stated that “there is an international race for benefit and competitive advantage in research where the UK could have a significant Unique Selling Point (USP).” By 2008, a major legislative programme to secure this competitive advantage was well under way. As part of the NHS National IT Programme, electronic medical records were rolled out across England and Wales on an opt-out basis. 

Although parts of the NHS National IT Programme were discontinued, the ambition – to quote from the Plan for Growth 2012 – of “using e-health record data to create a unique position for the UK in health research”remained unchanged. The CPRD, which provides data services to the research and life sciences communities, was established in 2008. And in the summer of 2012, and in response to a Freedom of Information request, the Department of Health confirmed that they are to establish a “central repository for storing genomic and genetic data and relevant phenotypic data from patients”. Further correspondence led to a clear statement of the government’s position with respect to the uses of the whole-sequenced genomes held on the national repository: “We plan to capitalise on the UK’s strengths in genomics. The UK is well placed to play a world-leading role in this next phase of the biomedical revolution.” One of the “purposes of the initiative is to support the growth of UK genomics and bioinformatics companies". 

Later that year, the government announced that the genomes of 100,000 people were to be sequenced over the course of three to five years. Genomics England, launched by the Department of Health in 2013, was to oversee the sequencing of the personal genomes and the creation of a dataset of “whole genome sequences, matched with clinical data … at a scale unique in the world”. 

In addition to these developments, radical changes to information governance, such as Section 251 of the NHS Social Care Act (2006), were introduced. Overriding the common law of confidentiality and Article 8 of the Human Rights Act (2008), Section 251 makes it possible to access people’s medical records without their consent. An equally significant development was the introduction of the Health & Social Care Act 2012, through which patient-identifiable data can be made available, via the NHS Commissioning Board and the HSCIC. So we now have, and the decision we face about whether or not to opt-out.

Focusing initially on rare inherited diseases, the 100,000 Genome Project began the first phase of sequencing in December 2013. The role of the recently established Ethics Advisory Group is to provide the ethical guidance, and it acknowledges that “irreversible de-identification of whole genome sequence cannot be fully guaranteed for technical reasons”. In respect of limiting the kind of research conducted on the repository data, the Ethics Advisory Group claims that “it would be impractical for it to be possible for patients to place restrictions on the research undertaken on the data, for example by limiting it to ‘non-commercial research.’” As the current legal framework provides no determinate guidance regarding what are acceptable uses of whole-sequenced genomes, the ball really is in the Ethics Advisory Group’s court.

Following a request from the Secretary of State for Health, a major independent review of information sharing was launched, called Caldicott2. Through democratic consultation with all relevant stakeholders, Caldicott2 might have provided a timely, non-partisan assessment of the information governance regime. However, prior to the publication of the Caldicott2 recommendations in March 2013, the government’s Strategy for UK Life Sciences 2012 had already made it clear that it would move to “a more progressive regulatory environment”.Caldicott2 was therefore never going to be able to meet its aspirations to give the public a stake in deciding whether or not information would be shared.

As the Caldicott2 report claims that “genetic information should not be treated any differently from other forms of information”, can we expect a laissez-faire approach to whole sequenced genomes?

By choosing to opt out we are making an appeal to our right to democracy. We will soon face a scenario in which medical records will be linked to the whole-sequenced genomes of the population of England and Wales. The sheer scale only augments the associated risks, and when commercialisation appears to be the driving force, we find ourselves in uncharted territory. Therefore, it is more than just opting-out, but rather, taking a stand on what kind of society we want in the future.  

Edward Hockings

The Guardian version of this article can be found here.  



'A Shift in Privacy law, and the Attendant Risks'

  • Published in Blog


EthicsAndGenetics has published ‘A Shift in Privacy Law, and the Attendant Risks'. Coverage of the report by the Guardian can be found here. In this report, we identify and explore the risks associated with the government’s plans to establish a national genetic database and commercialise the sequenced genetic information held therein. Furthermore, we assess changes to privacy law and practice - in particular, the recent information governance review, and demonstrate that the new privacy framework fails to adequately safeguard highly sensitive information. In addition, EthicsAndGenetics can reveal that, by default, NHS-users can now be contacted to take part in clinical trials with private companies, without having expressed an interest in taking part in research of any kind, let alone clinical trials.

The report comprises a critical account of a major legislative programme to commercialise medical and genetic information collected from the population; it shows that in combination with considerable changes to privacy law and practice, these developments put people at serious risk of having their personal, senstive, information, used for purposes for which they have not given their consent. Further, this could, in certain instances, lead to the individual being seriousely harmed.         

Here is a brief summary of the report:

A Freedom of Information Disclosure by the Department of Health to EthicsAndGenetics, confirms that Section 251 of the NHS social care Act can be used by pharmaceutical companies to trawl through personal, identifiable medical data, so that people - without having expressed an interest - can be invited to take part in clinical trials. A further FoI disclosure by the Department of Health to EthicsAndGenetics confirms that genetic information collected from the population and held on a central database, will be commercialised. The changes that have been ade to the UK regulatory regime are such that, Government and private sector organisations can access personal medical and genetic data, for a variety of purposes. Many of which extend far beyond administering patient care.     

A national genetic database is part of the Government’s plans to connect genetic information with electronic medical records, and is the culmination of more than a decade of policy and legislative developments. Ultimately, the aim is to sequence the genomic information of the entire population of England and Wales and connect it to electronic medical records. Accessing massive datasets of genetic and medical data has long been considered a potential ‘unique selling point’ for the UK biosciences and pharmaceutical sectors. In our report, we question the secrecy with which successive governments have implemented a legislative programme designed to secure this ‘unique selling point’ for the health-research, and UK pharmaceutical and bioscience, sectors. Furthermore, we demonstrate that over the past decade, a shift in privacy law and practice has taken place, which primarily serves private companies and is not of direct benefit to the data-subject. In fact, these changes not only compromise our right to privacy, they also put people at risk of harm too. 

Although the information governance review, and the substantial amendments to the NHS constitution that took place last Autumn, went largely unnoticed, their implications are immense. We show that, within the context of privacy law - and over the course of the last decade - power has shifted away from the individual and towards the governement, and other actors. The concepts of the ‘public interest’, ‘proportional’ and ‘necessary’ have become central, and informational autonomy and the requirement to seek 'informed consent' when seeking to use a person's confidential information is quickly becoming a thing of the past. This new climate of information governance is markedely different to the control data-subjects once had over sensitive and personal data. At the launch of the recent information governance review, the Secretary of State for Health stated that an opt-out clause would be included. Default opt-in, however, is the problem. Default opt-in suggests that a fundamental shift in attitude towards personal medical information has taken place, in which everyone is content to hand over identifiable personal data. Since there has been little in the way of meaningful, public-consultation, the government are not in a position to know either way. 

Would the public, without hesitation, have warmed to the idea that identifiable medical data can be sold to Bupa, a private insurer, for example, without their consent, or, indeed, that all NHS-users - by default, can be contacted to take part in clinical trials with private companies? And, lastly, that genomic information collected from the population and held on a national genetic database will be commercialised, and the paramaters within which such information can be shared remains indeterminate, at best? These are questions that ought to have been put to the public; not least, as there are serious risks involved with this laissez-faire approach to personal genetic material.  

In its report to Government, the head of the Human Genomics Strategy Group, Sir John Bell, is adamant that “a whole genome cannot be truly anonymised.” Adding that, “an individual’s genetic information is sensitive personal data” and “there is a risk of the information being misused.” Even some form of anonymisation offers no guarantee that the information will not be re-identified. In a recent, high-profile DNA study in the US, Harvard Professor Latanya Sweeney re-identified the names of more than 40% of a sample of anonymous participants.

Despite the risks, the government are pressing ahead with a national genetic database and the commercialisation of genetic information, and there is no sign that the government are set to legislate against the associated risks. In contrast to what is happening here, the federal US government sought to legislate against absuses of personal genetic information at the earliest opportunity. After a number of genetic discrimination cases, the 'Genetic Information Non-Discrimination Act' (GINA) was enacted. In the UK, however, there is no such legislation that prohibits discrimination on the grounds of genetic traits or dispositions. Furthermore, there is merely a moratorium between the Association of British Insurers, and the Department of Health, on the use of genetic test results for insurance purposes - and this only lasts until 2017.

In the report, we link the lack of transparency in the implementation of a national genetic database to the risks that now confront us. We argue that the decision to change privacy laws in a way which serves the interests of the UK biosciences and pharmaceutical sectors - and establish a national genetic database and commercialise genetic information - puts certain groups at serious risk of discrimination based on genetic characteristics; and others, at risk of being re-identified through their genomic information. As re-identification could lead to a person being subject to some form of genetic discrimination, greater protection is needed in order to avoid such an eventuality.    

In light of the inadequacies of current privacy law and practice, and the risks associated with a national genetic database, we propose a 'traffic light' system as way of ensuring that the individual has greater choice over what happens to their confidential information, and reduce any potential harm that may come from the unconsented disclosure of genetic information. This, indeed, would bring the information governance regulatory regime into line with Article 8 of the Human Rights Act, and the relevent international treaties, agreements and charters.

For a traffic-light system along these lines to work, far greater clarity is needed regarding what the government deems acceptable and non-acceptable uses of whole-sequenced genomes. As the new privacy model fails to do this, we urge the government to adopt a framework that provides greater clarity on what types of studies or research genomic information can be used for. Finally, as the government intends to commercialise genetic information held on a national database, it is essential that adequate protections are reinstated so as to protect people from unnecessary harm.  


Edward Hockings



The full report can be found in the ‘Reports’ section. 


Subscribe to this RSS feed

EthicsandGenetics Twitter Feed

heikki_saxen Tech’s Ethical ‘Dark Side’: Harvard, Stanford and Others Want to Address It

Retweeted 1 week ago via Twitter Web Client • 4 retweets

Ethicsand Primitive human eggs matured in the lab for the first time…

2 weeks ago via Twitter Web Client • 2 retweets

Most Popular