Is Genetic Privacy Truly Private?
May 4, 2018
Dear Colleagues and Students:
Last week, I finished writing a commentary with my colleague at the Center for Bioethics, S. Matthew Liao. We responded to a recent paper by Dr. Madison Kilbride at the University of Pennsylvania, who argued that people have a duty to disclose their adverse genetic findings to potentially affected relatives. For example, if I discover that I have a BRCA1 gene mutation with a risk of breast or ovarian cancer, then according to Kilbride I owe it to my sister to tell her about it. She argues that this duty follows from an idea in bioethics called the Principle of Rescue—basically, if you can rescue someone from a significant harm without serious cost to yourself, then you ought to do so.
One question we considered was whether Kilbride had underplayed the harms an individual might experience by sharing genetic information with third parties. Matthew suggested such information might be used to deny people employment and insurance, or to implicate them in crimes. I agreed with Matthew on the first two points, but quibbled about the third. The idea that a genetic health screening could potentially land you in jail, I argued, seemed a little too much like bad science fiction.
And then the Golden State Killer was identified using the DNA of one of his relatives, and I was reminded that sometimes truth is stranger than philosophy!
The Golden State Killer is presumed to be responsible for more than 50 rapes and 12 murders in California between 1976 and 1986. The case had long grown cold, and unsuccessful attempts were made over the years to match the DNA to profiles in law enforcement databases. But then a partial match, found in a public genealogy database called GEDmatch, located a relative of the suspect. Detectives used those records to trace the partial match back to a 72-year-old retired cop named Joseph James DeAngelo.
This case points to a new era of “genetic transparency” in which many of our longstanding norms around privacy do not apply. We’re used to thinking about personal information as belonging solely to us: in the same way that I determine who can read my academic transcripts (because they’re mine), so too can I decide who gets to access my genetic information (because it’s mine).
But by granting third parties access to my genetic profile, I simultaneously give them access to information about my biological family members, too. This raises an ethical quandary: should we consent to share genetic information with third parties, when that information has the potential to be used against our non-consenting relatives? After all, it would have been one thing if DeAngelo himself had signed up for GEDmatch. In doing so, he would have been prompted to sign a consent form allowing third parties to access his genetic information.
But it’s significant to this case that DeAngelo never signed such a form. In a sense, his relatives consented to something that they didn’t have a right to consent to—namely, giving third-party access to information about him.
Because we’re at the beginning of this era of genetic transparency, we can’t yet reliably anticipate how our genetic information may be used by third parties. And if I can’t imagine all the ways in which my genetic information might be used, then what exactly is informed consent?
In this particular case, some people might suggest that the end justified the means. Even if the particular circumstances surrounding DeAngelo’s arrest were morally dubious, it’s still a good thing that he’s now off the streets. His victims and their families may be able to experience closure after a four-decade ordeal, and we as a society can rest comfortably knowing that he will finally get the punishment he deserves.
We must remember, however, that law enforcement is working in uncharted moral and legal territory, and that the decisions it makes in arguably “clear-cut” cases like DeAngelo’s may set precedents that could be applied to less clear-cut cases. Here we must ask: how serious must a crime be before we can justify scouring genetic databases for partial DNA matches? Should we be worried that this sort of action could have a chilling effect for services like 23andme and Ancestry.com, thus cutting people off from potentially valuable genetic information about themselves? And finally, we must question whether we should be promoting a system in which people may unwittingly be used as informants against their relatives--even if some of those relatives deserve to be caught.
Assistant Professor and Faculty Fellow