Well, hello, everyone, it's now 9:00 o'clock
Pacific time.
This is Mark Musen from Stanford University.
And I'd like to welcome you to today's continuing
series of seminars in the big data to knowledge
guide to fundamentals of data science.
Today, we have the honor of having Bartha
Knoppers from McGill University, where she's
director of the Center for Genomics and Policy,
offer us a talk on ethical issues related
to data sites.
Dr. Knoppers is a professor, and holds a Canada
Research chair in law and medicine.
She's a member of the Scientific Steering
committee of the International Cancer Genome
Consortium, and cochair of the Regulatory
and Ethics Working Group of the Global Alliance
for Genomics in Health.
Her PhD is in comparative medical law.
She has four honorary doctoral degrees, is
an officer of the Order of Canada and Quebec.
And it is a real honor for me to introduce
her, and for us to have an opportunity to
hear about this really important topic.
Dr. Knoppers?
Thank you, Mark.
And hello everyone.
Before I begin, I'd like to thank Mark Philips,
a research associates who is here with me
at McGill, for all the work that he put into
helping me prepare for this presentation.
I've received instructions to keep myself
to 40 minutes, to make sure you all have time
to ask questions.
So I will do that.
Just by way of preparation, the outline of
my presentation-- I will look at the current
sort of self-regulatory approaches to the
big data and ethical issues that surround
the use, and creation access, and so on, of
big data, the commons approach, which some
of you probably are aware of and others less,
future governance approaches, and a new proposed
human rights approach to the future of big
data, and conclude with some personal comments.
I'd like to also stress that throughout my
presentation, I'm concentrating on biomedical
data, largely.
I note, by looking at some of the past presentations,
that of course big data crosses all the fields
of social, peer, and applied science.
By way of introduction, just so you don't
think that in preparing for this, and particularly
looking at the privacy issues of big data
in the biomedical sphere, I consider biomedical,
including the medical part, to be quite large.
In other words, to truly move from research
to the bed side, you have to obviously take
into account geospatial data, surveillance
data, traffic social economic data, and so
on, before you can put the data together to
come to any kind of predictive modeling.
Now, today I will be concentrating on largely
privacy and data protection.
But most of you are aware that since the Human
Genome Project, and its completion in 2003,
there's been a question.
What do we do with it, now that we've found
the sort of the sequence the human genome
at the level of the genome, the human genome?
How can we unlock its health potential in
a way that allows data to be shared in a secure
way, I should say, on a global
level?
The thesis then, or the hypothesis, is that
we will not get up from the Human Genome to
the population, to precision medicine, to
the patient, unless we really move from populations
to subpopulations in a sort of stratification
approach, which, again, would regroup data
at community levels or subpopulation levels.
And then, and only then, can we move to the
patient, taking into account that under the
new emerging health care learning systems
approach, patients themselves will, soon,
hopefully be part of this health care learning
system, moving from use of their data and
samples in medical care, into research, and
back to the patient, in order to be more precise.
So it's sort of a feedback loop system that
I'm looking at, a population, to subpopulation,
to patient stratification system.
And, finally, the other contextual background,
before I begin on the self-regulatory is the
fact that international scientific collaboration
is exponential.
This graph means nothing.
Scientists told me that most of the equations
are incorrect.
But I liked the way it was drawn.
So I used it as a background for this, just
to remind you that the individual Eureka scientist
working alone in a lab still exists, I hope
still exists.
But we're moving more towards a large consortia,
crossing different jurisdictions with different
laws, different cultures, and different values.
And that, in order to create big data, to
use big data, we have to keep that in mind,
and particularly different approaches to privacy
and security.
So what is actually there to help, to guide,
to frame, at this point in time in 2017?
Well, up to next year, there are privacy guidelines
from the OECD, since 1980.
Next year, the General Data Protection Regulation
from the EU will come into force.
And I'll speak a bit more about that later,
because for data to leave here, or to enter
here, we need to be cognisant of what the
impact of that data protection regulation
will be.
And the APEC cross-border privacy rules--
now, these privacy rules for personal data
of all kinds, whether it's socioeconomic,
whether it's credit, whether it's demographic,
or medical.
None of these guidelines to date are specific
to the protection of health information privacy.
And so you have to take them as they emerge--
even the data protection regulation, which
by the way is going to be a regulation, which
in Europe means it's law.
Before it, I mean, you had a directive.
Now, it's moving towards a regulation, which
means that countries will be less free to
sort of interpret it liberally or conservatively
in their domestic legislation.
This will actually across the board regulation,
and be mandatory.
So we'll have to see what this means for data
protection, and data sharing across borders
moving from Europe, within Europe, and overseas.
Now, one of the first sort of self-regulatory
organizations to jump into the fray to bridge
this gap between the sequencing genomic information
we have, and the clinical, the medical, to
bring the two worlds together is the
Global Alliance for Genomics and Health, which
was created on January 20, 2013.
Now, unbeknownst to most people, this is just
a large international organization of volunteers--
institutional volunteers.
There are companies in there.
IT is in there.
Your typical academics are in there.
Your patients are in there.
Individuals are in there, and so on.
It's simply an organization that wants to
prospectively, if possible, ensure interoperability,
harmonization, protection of participants,
and catalyze, if you wish, in a positive sense,
data sharing by creating tools, framing policies,
and so on, to help, to encourage, and to facilitate
data sharing.
It does not hold data.
It is not, in any way, bound by any organizational
rules.
It's not even incorporated.
So it's actually what I call an army of volunteers
who would like to move from the mapping of
the genome to an international approach to
data sharing.
It did, however, develop a framework, which
I'll come back to later on the human rights
approach.
And immediately after the framework in 2014,
did a series of policies, of clauses, of templates,
a lexicon.
I can tell you that took a lot of lawyers
to play around with words like de-identification,
anonymization, pseudonymization, which all
tend to mean different things in different
countries, but need to be understood for data
access and sharing.
Privacy and security policy, a paper on data
safe havens-- what are the attributes of a
center, or an institute, or a project, that
says you can deposit data here, like the DP
Gap or ETA in Europe?
And it would be considered a safe haven, and
you don't have to spend hours and hours in
front of data access committees or ethics
committees trying to explain-- accountability
policy and an ethics review recognition policy.
So I'm just going to take a few minutes to
give you sort of the highlights, particular
highlights, of what you might say is just
sort of a normal approach to these issues.
The first issue that everyone asked about
when it was created in 2013, all the way to
the time of the framework and then the consent
policy, was, what do we do with data where
the word international isn't mentioned?
The word sharing isn't sharing isn't mentioned.
Out of the country is not there.
How do we not lose the contributions of citizens,
either as patients or as research participants,
by enabling and facilitating, in a responsible
way, the sharing of legacy of data, and this
within borders and across borders?
So that's a unique feature of this consent
policy.
Similarly, for privacy security, rather than
taking the clinical trials model, where there
is a high risk of harm-- drugs, devices, sham
surgeries, placebo, et cetera, et cetera--
how do we apply, or not apply, privacy and
security policy into what is largely data
intensive science?
So the Global Alliance concentrates on data
intensive science.
It does not get in the way of the ICH clinical
trials, internationally accepted approaches.
And so it asks the question, when you are
looking at harms and benefits, look at real
harms-- not some hypothetical, one day, somebody,
somewhere might do something, perhaps-- real
harms, and real benefits.
And
take a proportionate approach in evaluating
risks to privacy and data integrity.
In the same mindset, an accountability policy--
whether it's editors, whether it's funders,
whether it's researchers, institutes, universities,
governments-- if you do have data that is
just one element of this policy, it's more
complicated than that, but if you do have
data that's consented for sharing, why aren't
you sharing it?
And believe me, this sort of data hoarding
or sitting on data, actually the Global Alliance
consider it to be an ethical issue.
And so the accountability policy speaks to
that.
And, finally, the last our policy is the ethics
review recognition policy, which has just
been put, two months ago, on the website of
the Global Alliance.
The ethics review recognition working group
looked at the different kinds of models.
I know that the new common rule proposes a
central IRP in the NIH funded projects in
the United States under the common rule.
But we looked at reciprocity, simply having
your recognition that your procedures are
the same, the way you handle composition,
the way you look at applications, the way
you adjudicate, the way you respond, and so
on, the characteristics or the attributes
that you use to evaluate.
So whether the lead researcher is in Germany
or Japan, we will recognize the RIB decision
of the other, and so on-- a delegation model,
a federation model, and so on.
And I think the new ethics review recognition
policy gives you the kind of processes that
could be considered international, to allow,
or to hopefully one day allow, an international
consortium to adopt this approach.
So those are the most recent workings in the
field of big data, and facilitating the ethics
of foundations of big data that the Global
Alliance has provided.
Now, even the Human Genome Project has been
characterized as one of the first projects
that actually took a commons approach.
And what do I mean by that?
Obviously, the word says it all.
There are experts, and there are many professors,
that have written about this.
It's holding things in common, putting things
in common, under the notion of global public
goods and a common heritage, and so on.
Why is this important?
On April 17, we already see that where you
have ready, accessible access across countries,
across borders, and particularly in the case
of rare conditions, you can actually solve--
or at least diagnose, you might not have a
treatment or a cure-- on the case of a patient
in front of you.
And this is thanks, in part, to the commons
approach.
So this is with respect to genomic databases,
that allow you to connect electronically and
exchange information in real time and very
quickly.
There are different kinds of commons.
This is a very good article that appeared
in Science by Jorge Contreras on the different
types of commons that exist.
Here at McGill, we've been working for a while
under what's called the Cancer Genome Collaboratory
with Lincoln Stein trying to create a cloud
commons for cancer data.
Obviously, what was behind this, or spurred
us to do this, was the International Cancer
Genome Consortium,
ICGC.
And we needed to prepare the ethical, and
legal, and aspirational, if I can say that,
foundations for crossing all cancer, on all
countries, and be able to share data.
Well, the hopes are high that the cloud permits
us to do computing in real time, and to look
for patterns of disease or health that then
allow us to formulate hypotheses, which is
an interesting new way of doing science.
Rather than having a hypothesis and going
to the data, you go to the data for your hypothesis.
And this cancer genome collaboratory has been
successful not only because it answered many
technical, and overcame any technical, barriers
due to the sheer volume of data.
But it also created, if I can say this, a
new community that actually now has been transformed
into the Genomic Data Commons, and it's known
since 2016.
So this new kind of intellectual data intensive
commons, with a particular approach to the
genomic commons, was actually why I call it
self-regulatory.
It came from the researchers.
It wasn't something that just appeared on
the market as a piece of software.
They actually developed it because they needed
it.
And they saw that this was the way to do data-intensive
science in a humanistic sort of way by data
sharing.
So it maximizes research benefits, which are
often publicly funded, at the same time offering
privacy protections.
Now, there are many worries, as you know,
about sharing data, particularly in the cloud,
with the NSA, and Snowden, and the rest.
And so moving forward, we realize that with
some European cases, lawsuits as well, that
the more contextual data we bring in, including
geospatial where you can see the socioeconomic
effects of lack of universal health care,
lack of sidewalks, lack of public health strategies,
lack of fresh fruit or vegetables or water
clean water, bringing all this together can
have different impacts-- not just on the individual,
and in quotes discrimination, but in different
contexts, and with different human rights
that are affected.
And there's also the issue of lack of control,
legal enforceability.
And what about use by the state for surveillance?
Yesterday, I was reading an article about,
what do you do about Facebook when you can
see actual murders being committed?
I mean, you actually have to think about how
much freedom do we have, at the same time
that we know that there is a need for oversight
and some monitoring to address those risks?
And data privacy regulation has not been drafted
with big data or the cloud in mind.
So how do we then move towards the future
in handling-- I think most of the people who
have signed up for such a webinar would be
well aware of the privacy, security, and social
risks of big data.
So turning then to future governance and big
data issues-- the next slide, looking at it
from a systems approach, an interoperability
approach, comes from the OECD.
And the OECD convened a working group from
35 member
countries to look at health data governance.
There was a common understanding that you
need data linkage.
You need linkage Between not only individuals
as individuals move around, but individuals
and other data sets to answer specific questions.
What we all want, hope, and are waiting for,
is linkage to electronic health records.
And this is not just for an individual case,
or a rare disease somewhere, or a particular
outcome, but longitudinally, to be able to
follow individuals through their records that's
linked to other records.
Cancer registries, morbidity mortality, or
even census records, to be able to come to
a level of understanding of the impact of
the environment, or environment writ large,
on why some people are healthy, and why others
are more susceptible, or likely to become
ill, even leaving genetic factors out of it?
So this pathway, then-- and all the data trajectory--
has to look at the outcomes and costs of having
access, and using data or not.
This means that one of the key prerequisites
in this health care learning system is to
follow patients.
So not just your big research projects, your
500,000 in the UK bio bank following people
over time, or Estonia bio bank, or Japan,
and so on, which are wonderful and interoperable
to some extent-- but patients from birth to
death.
So the rationale, then, for this OECD recommendation
on health data governance, which came out
on January 17th, 2017 is that health data
can advance health policy objectives.
So if a particular country has a particular
health policy, be it child health, maternal
health, aging health, they can actually have
access to the data that they need to project,
plan, to promote, and to prevent in a system
sense.
Now, there's no country that i immune to using
health data.
And so what are the obstacles to using health
data effectively?
What good is a deluge of data if you can't
decipher it or use it?
And for this, we need better policy framework
to get more out of health data.
So the OECD came up with a series of 12 sort
of broad measures accepted across the 35 countries.
And believe me, this was quite political.
It's also cultural.
As I say, things like public interest, public
health are interpreted differently in different
countries-some narrowly, some more broadly.
So these are large categories.
And under each of these categories, there
are actually procedural guidance is provided
for these measures that countries can then
incorporate into their national domestic legislation,
or their health care framework system, however
it is structured.
Particular interest to me was this one, where
it actually came out and said that government
should support transport and cooperation in
the processing of personal health data, and
not just to make the systems more cost effective,
or even let's say sustainable, from an economic
point of view.
But also for research, for statistics, and
other health related purposes that serve the
public interest, and obviously with certain
safeguards.
So they recommend to identify and remove barriers
to this, because it's the easiest thing to
say, well, this is the law in the country.
Just hide and run behind it.
And that's it.
Typical lawyer, answer by the way, and obviously
sometimes not even 100% true.
You could also facilitate the compatibility
and interoperability of healthy governance
frameworks.
Look what works in other countries that have
a more international sharing approach.
What works?
What doesn't work?
And why?
And how do we remove those obstacles?
And what are the mechanisms for that?
So this is where I come to, probably, this
is more of a personal recommendation but it's
definitely the one that founded and underscores
all the work of the Global Alliance.
And that is, let's switch things around.
Let's switch from a bioethics framework that
has been largely accepted in the Nuremberg
Code, the Helsinki Declaration, et cetera,
one that sort of sees research as necessary
but potentially harmful, and almost creates
sort of a burden of proof for researchers
to overcome to show they're not going to harm
someone.
And with that in mind of sort of a positive
approach to science, went around digging,
as scholars are supposed to do, and found
that, in spite of my legal education, I had
totally forgotten, as most people did probably,
international public law 101, which included
the Universal Declaration of Human Rights
of 1948.
And in that Universal Declaration, there is
an article that talks about, in the first
section, the right to science.
And that includes the right to share in scientific
advancement and its benefits.
Luckily, for all those inventors, scientists,
artists, and so on, in the same article, there
is the right to recognition for authorship,
for being an inventor, a discoverer, coming
up with something that is recognized under
intellectual property copyright, and the like.
Now, I'm not going to talk about 27 too.
But it's interesting to note that they do
go together.
So it's not because you think everyone should
share everything, and everybody should have
everything, and, and, and-- that we do not
need to recognize the fruits of intellectual
contribution.
So keeping that in mind, you say, OK, that's
Universal Declaration.
Looks nice, paper, seen Eleanor Roosevelt,
and the films on it, and so on, but it doesn't
concern me.
Well, it does, because in 1966 these two rights
under Article 27 were rendered legally binding--
again, something, I totally missed-- by the
International Covenant on Economic, Social
Cultural rights.
1966, by the time everything got done and
was ratified, I think it was 1976.
And in article 15 of that binding international
covenant, you find the same twin rights.
And 165 states have signed and ratified.
Once you sign, that just means you have the
intention to agree with it.
But if you ratify a covenant or treaty, it
actually enters into your local domestic law.
So you're bound to implement it, which means
that citizens can make the government accountable
for implementing the treaty in their own country.
So it's universal, 165 countries.
I won't tell you which countries have signed
or haven't.
It goes beyond the moral appeals of bioethics.
It moves it right into the human rights sphere,
so an international legal force.
And being a human rights, it belongs to groups,
as well as individuals.
So you don't get that not only individual
autonomy and individual protection.
It's group rights, group protection, group
promotion in a sort of reciprocal approach,
and imposes positive duties on governments
and private actors.
And, actually, we're center here, we're looking
at what the countries have done who signed
and ratified in their reporting to the United
Nations on their obligations under binding
treaties.
They send in reports.
So we're looking.
And right now, for the last 50 years or so,
of reports to see what they've done about
this actionable right to science and its benefits.
In the meantime, 2009, UNESCO started looking
at this, and took a kind of a broader view
under the Venice statement of the right to
science.
Obviously, access without discrimination--
there's no benefits if you can't access it.
Opportunities to contribute-- freedom, this
is a popular interpretation of sort of put
together this right to benefit from science,
with the expression of another right, which
is the right to freedom of expression, scientific
expression, and so on, participation and decision
making, and conservation, development, and
diffusion.
So it's quite broadening out, if you like.
And they didn't particularly spend a lot of
time on just the right to benefit from science
and its applications.
This, however, was taken up by the AAAS in
2010.
And more from, what is the role of the scientific
community to nurture awareness of the broad
social context, and the human rights implications
of article 27 that then become Article 15?
And AAAS just finished a survey across all
its members.
All the scientists are there, from people
studying dinosaurs to data, social sciences,
you name it.
And the results should be coming out.
It will be very interesting to see their work.
And as we know, they're very active recently
in the other right-- the right to freedom
of expression of scientists, and so on.
And, finally, I'm looking at the work of the
GA4GH in this area.
Now, when the framework was written, we were
quite aware that it was not starting from
scratch.
There are other human rights, as I just mentioned,
the right to scientific freedom, and so on,
that have been developed, that work towards
respecting article 15-- the right to privacy
being one, anti-discrimination fair access,
and obviously procedural fairness.
So there is background.
There are other stones that there already,
building the foundations for the realization
of the right to benefit from science and its
advances.
So when we wrote the framework, we tried to
keep it on data, data intensive.
We tried to keep it simple, because we wanted
it to be used, and understood, and be sort
of like a handy small handbook, if you like,
very short, for
scientists.
So the aims are broad.
Under each aim, there are procedural mechanisms.
But the difficulties with doing this, with
writing such a document, a framework, across
all countries is what we tried to do, is to
keep it at a level where each country can
see themselves, culturally, value wise, religion,
science, socioeconomic, within the framework.
So the thing was to keep the lawyers, including
myself and so on, from adding too many words,
because that's how we're brought up, and how
to train us to keep it simple.
And, by the way, it's been translated into
13 languages.
And, again, I volunteered and validated the
cross-translation back to English.
So here are the core elements.
You can see that there a little bit different
than your usual autonomy, privacy, justice
mantra that most people working in the field
of bioethics and law are used to.
And they're more specific to data-intensive
science.
And they give three-- each one has about three
mechanisms for how to apply them, and then
have them interpreted in your local jurisdiction.
So what else is happening?
As we move towards the data commons, or the
biomedical, or the SEC IMS would say health
related data.
That's the key here.
We're moving from the genome, to biomedical,
to health related, health as defined by the
WHO as not simply being limited to the absence
of disease, but actually looking at the well-being
and welfare of individuals and populations.
Well, earlier, I mentioned this new EU regulation,
the General Data Protection Regulation.
Trying to get a head start on what it means,
and what it can mean, the first is probably
this PCAWG paper, which is the Pan Cancer
Analysis Working Group paper, that within
the international cancer gene consortium,
trying to cross the cancer, the pan cancer,
in a scientific way to come up with different
conclusions on trends, and the future, and
so on, in terms of cancer data, inside the
collaboratory that I mentioned earlier, and
together with the EU open science cloud.
So this is a big project that will be probably
published this year in 2017, in a series of
papers.
What we're trying to do is look at the regulations,
and say, what does it mean for scientists?
It's heavy going.
I have to tell you, even as a lawyer, I find
it pretty dense.
What does it mean to be identifiable?
We all know that if you put together data
from here with a sample from there, with other
data from somewhere else, and another sample
from who knows where, that potentially everybody
is identifiable.
OK, so got that out of the way.
That doesn't mean that you can't do anything
because there's a remote, as opposed to a
reasonable likelihood, of re-indentifiability.
So who actually are controllers versus data
processors under this new regulation?
Because they have different rights.
They have different responsibilities.
And people change roles.
I mean, are the annotators, curators, are
they the processors?
Are the data protection
And people change roles.
I mean, are the annotators, curators, are
they the processors?
Are the data protection commissions and agencies,
are they the controllers?
And what about the data subjects?
You probably heard, you can not only say yes
or no.
You can object to different uses.
You can ask to be erased, or the right to
be forgotten.
The right to access, to say, give me my raw
data.
I don't care if I understand it or not.
Is that going to be the new way of the future?
So we have to get some clear guidance on what
the duties mean under this new regulation.
We also need to simplify.
A lot of consents are so specific than they
have more constraints than they have consents.
So considering that, while we're moving towards
broader consent with better governance, because
if you're going to make that leap of faith
and trust-- and we know broad consent is also
allowed under the common rule-- we need to
know that the governance is there, the oversight,
the monitoring.
But even for very specific disease projects--
and a lot of countries still are quite strict
about whether data leaves or not.
If you say breast cancer, it can't be used
for ovarian, et cetera.
Simplifying on the international sharing by
having codes to identify what can or cannot
be done, rather than complicated data access
and data material transfer agreements that
take more time than the funding of the project
that's looking at the particular disease.
So that's the consent codes developed under
the Global Alliance.
We also have something called beacon.
You've probably heard of these.
They've been around now for two years, I would
say.
It's like a bing, sending out sort of like
a light house, anyone seeing this allele?
So it's a discovery tool.
It's not a diagnosis tool.
It's simply saying, anyone have anything that
looks like this out there somewhere?
And it's very simple.
And because it's such high level, before you
go into more clinical stuff, or obviously
you would need consent and so on, you can
actually discover who has what where, and
perhaps collaborate in future projects.
And these beacons are now around the world.
So that's great.
A more recent project between the Global Alliance
and the International Rare Disease Research
Consortium is this one, the privacy preserving
record linkage.
At the beginning, we talked about the need
to link, and why it makes for better outcomes,
better diagnoses, better programmatic decisions,
and so on, and so on.
But you don't want to be linked by anyone
into everything, anywhere, at any time.
You want to make sure that if your data is
transferred around for public health purposes,
or for your own diagnoses, or for your own
subpopulation or community project, that you're
able to do it in a trustworthy, secure way,
in order to get the meta data that's needed
to make those calculations.
And you don't want to be counted twice.
This happens in the rare disease consortiums.
Very aware of this, that you think you found
12 families who have x.
You're all excited.
And then when you get the samples, and put
the data together of those 12 families, you
realize that, in traveling around the world
looking for help, looking for diagnosis, looking
for understanding, often samples and data
are left in different places with different
experts, and are counted.
So this is the de-duplication.
And the more we do linkage, the more this
is going to be an issue, not just for rare
diseases.
So we have all kinds of privacy protection
people, security people, that understand these
things, like hashing, and cryptographic, and
other tools.
And this is moving forward, and should be
a project hopefully done by the end of this
year.
And, finally, we know that right now there's
open access, open open, for aggregated data.
And we know that access to such data is really
important for statistical purposes.
And we also know that we have data access
committees for what we call controlled access.
Even in the International Cancer Genome Consortium,
and so on, are these committees that then
check that projects can release data in a
secure way.
So what's good-- controlled access.
And perhaps we should need to keep it for
sensitive data, for children, for vulnerable
populations, and so on, but isn't there a
middle road somewhere, what we would call
registered access?
Almost like an ethics committee, where you
have expedited review.
Where we have an online system with some authentication
of the applicants, but not all these data
access agreements, and institutional agreements,
and data access committees that have to meet,
and have to send records, and so on, and so
on.
Can we build a system that is for data intensive,
less sensitive, low risk data faster, but
a trustworthy access system?
And we're recalling it registered access for
now.
So what that are some of the tools that are
emerging.
And if anyone online or on this webinar has
ideas for tools that they need, or work that
they want done, you just contact the Global
Alliance.
We build working groups as requests come in,
and as volunteers say that they're going to
work on them.
But I think the most important thing between
the commons, the Alliance, the global, the
sharing, and so on, is that you can see that
they say you stand on the shoulders of giants.
But the giants, really, are just people, individuals
collaborating and sharing.
And there are really no giants, per se, in
this effort to ethically share, use, have
access to big data.
And there is the team here at McGill-- not
only the Center for Genomics and Policy, but
the P3G public population project in genomics,
which is the tool building, and CGP is the
research building arm.
So I'll stop there.
I think I'm exactly on time, still have lots
of time for questions.
Great, that was wonderful.
Thank you very much.
Again, this is Mark Musen from Stanford.
And I'll try to moderate the question and
answer period today.
Probably the easiest way to manage questions,
given the large number of people who have
dialed in, would be to have a question, please
type it into the questions chat box on the
go to webinar site.
And we will make sure that we get your questions
answered.
It's going to be hard otherwise to have 100
people ask questions at once.
While we're waiting for people to type in
their questions, let me ask a question myself
then so I can take that prerogative.
You spoke a lot today about the idea of privacy
and protection for data that is a consequence
of sponsored or carefully conducted research.
One of the areas in data science that is beginning
to get a lot of attention are the ethics associated
with the use of data that are collected, not
as part of specific experiments, but that
are collected routinely.
And a lot of conversation about the use of
routinely collected health data, for example,
in the case of electronic health records,
that could be used to guide decision making
as part of a learning health system, whether
patients who have the routinely collecting
data contributing to analyses that could inform
treatment for other patients, or whether it
is ethical to be using routinely collected
data to guide therapy of other patients when
those data have not been actually collected
in any kind of a controlled manner.
And I'm curious if you have any thoughts on
that.
Thanks for that question.
I was at a meeting of the American Epidemiological
Association last year.
And somebody actually brought that up, and
said that there was a duty-- I would probably
subscribe to that-- but a duty to share such
data so that you, as a patient, can benefit
from the routine collected data, and the mistakes
made, or the right treatments chosen, or the
right intervention that was taken, or drug
prescribed from the patients before you.
And your scenario then contributes to the
better treatment, understanding, of the patients
that follow you in the world, and the collectivity
of your status as a patient.
I find that quite compelling.
I'm not sure how often that is done yet, and
whether, perhaps, while we're thinking about
data sharing, it is in the medical, clinical
environment that we've done a lot in the research
ethics department, and data security cloud
regulations.
Have we looked at how to routinely use it,
share it, in a responsible, governed monitored
way?
I'm not so sure.
I mean, I would be hopeful that it is being
shared from a quality assurance point of view.
I'm not so sure of that-- I should mention
that it's not the sort of a willy nilly, freewheeling
thing right now.
There's a corollary question that came in
the chat box, which is what is data gathering
considered, quote unquote, for health, versus
as part of a research study?
How do we make that decision?
Well, that's where the health care learning
system comes in.
This has tremendous implications.
I know about the
code of ethics for doctors.
I know about the research ethics from researchers.
But if patients are going to become part of
this feedback loop so that they can benefit
from research using their data and samples
individually and collectively, I think that
distinction, which currently does exist, and
actually is everywhere between the health
care duties and privacy security, and medical
records versus research ethical duties, and
keeping of records, and certificates of confidentiality
and the like.
That schism still exists.
But I actually see that's probably going to
be not totally disappearing, but definitely
lessening in the next five years.
And maybe a decade from now, it'll be gone.
Interesting.
There's a question a user has posted, will
you please provide the contact information
for requests for policy development?
Also who can participate in the working groups?
I might suggest that when you upload a revised
version of your slide deck onto the website,
perhaps, you might be able to include that
information as additional slides that people
might have access to.
Yeah, we'll do that.
Just go to the Global Alliance for Genomics
and Health.
And you become a member.
The only thing you have to agree to is the
framework.
You don't even have to agree to share data
to be a member of the Global Alliance, even
though it's a fundamental tenant.
It's, as I said, people get together from
different countries and on the different working
groups.
There's tons of them.
So just have a look at the site.
And I will put the address on the my next
set of slides.
Here's almost a cynical question.
In the genomics era, can individuals expect
privacy?
And if no, how would each individual be protected
with respect to insurance, the privacy of
their diagnoses, and so on?
Oh yeah, I forget.
I wanted to cut it out and paste it on my
office door, about five years ago, privacy
is dead.
It was a big thing.
I think it was Time magazine or something.
I should've kept it.
We do live in society.
So if you have a sort of atomistic view of
privacy, you're living in a cage somewhere,
or you're alone in a valley between two mountains.
Other than that, I don't think privacy is
totally dead.
But I think it's dead in the sense, that the
more you participate in the social media,
or the more that you want systemic approaches
to education, to highway safety, to airline
safety, to quality health, there is a give
and take.
And there is some-- you cannot expect to have
better treatment without better knowledge,
which of course means giving up some privacy.
No one, however, has to participate in research.
I'll make that clear.
In a hospital setting, quality assurance is
extremely important, or you get something
else other than the condition that you came
in for if there's no means of controlling
the quality, but also having access to data
for patient care.
I mean, regarding the expectation of privacy,
I'm reminded of the controversy in 2014 when
it was exposed that Facebook was doctoring
the news feeds of people, trying to determine
whether increasing or decreasing the amount
of happiness in the news feed would affect
their posts.
And I think what was most remarkable is that
most people seemed not to care.
I think the professional ethics community
was outraged that this was, obviously, an
intervention that was done without any kind
of informed consent.
And, yet, most Facebook users didn't seem
to care much at all, and seemed to suggest
that, well, we know that Facebook is creepy.
And I think, for me, is certainly marked a
change in I think a lot of people are perceived
to view the protection of their data.
Yeah, if you want your data-- Facebook is
one thing.
You can be on it or not.
that's a choice.
I'll just give you a very mundane example.
I find myself getting coupons in the mail
for the store where I go every Saturday for
groceries.
And I get points on exactly the products that
buy.
And so I know that it's not just-- there are
means, because everything is transmitted electronically,
to follow your patterns, to know what you
do, to sort of figure you out commercially,
or for marketing, whatever.
Most people actually don't care.
And I'm wondering if sometimes, mea culpa
bioethics and legal community, if sometimes
we don't create problems that most people
don't really see, or care, or worry about.
There's a question which I'm not quite sure
I can parse, and maybe the questioner might
want to follow up with something more precise.
How does data ownership or the ethics of the
benefits of ownership fit in here?
Yeah, ownership/property, as you know, is
a really thorny issue.
Most individuals, legal scholars, would say,
there is no per se property right in data.
Now, that doesn't mean that under any system,
whether they use a personal rights system
or a property system-- as you know, property,
you can have a very simple property right,
which is to control its use.
You might not have the right to sell it or
whatever.
But you would have a right of control, even
under a property system.
Under a personal right system, which are a
lot of civil law countries, again, the question
of personal integrity allows you to control
the use of your data.
So I think ownership only comes into question
when you have something that's data that's
transformed and becomes valuable.
In other words, it has been transformed into
a product that then can be sold or owned.
Now, there is some question in Europe that
databases in and of themselves might have
property interests.
But I'm not going to get into all of that,
because I used to teach property law.
And I think I'd bore everybody on this webinar
with that.
Are there any other question from the audience?
If none, let me thank you.
This is a very difficult topic.
It's also a very important topic.
And I'm really grateful that you had the opportunity
to share your thoughts with us today.
Great, thanks everyone, hope it was helpful.
Bye.
Bye.
