Direct to consumer (DTC) genetic testing allows consumers, with as little effort as mailing a biological sample like saliva, to have their DNA analyzed by companies that promise to tell them if they are at risk for a particular disease.

Proponents suggest that DTC services increase access to genetic testing as well as confidentiality of the results, which can be kept out of an official health record. On the down side, the reliability and significance of the results may not match companies’ claims.  Privacy-wise, giving extremely sensitive personal information, such as a DNA sample, to companies that to-date are largely unregulated carries a myriad of risks. In a health care setting, confidentiality of personal information and security of samples are subject to strict controls. On the Internet, it’s another story. How do companies safeguard the sample and test results? Is the information disclosed to any third parties? Some companies make ”de-identified” information available to third parties for research purposes, in which case how reliable is the de-identification? And what happens to personal information if the company is sold or folds?

The debate about DTC genetic testing heated up recently as the U.S. Federal Drug Administration focussed its attention on the increasing availability of such services and whether they need to be regulated. In the U.K., the Human Genetic Rights Commission just published voluntary guidelines for companies selling the tests, including guidance on data protection as well as consent, stating “Informed consent can only be provided when a consumer has received sufficient relevant information about the genetic test to enable them to understand the risks, benefits, limitations and implications (including the implications for purchasing insurance) of the genetic tests.” In the interests of informed consent, the Federal Trade Commission advises consumers to check the privacy policies of online companies to see how they use personal information and whether they share it with marketers.

Here in Canada, in 2008, the Canadian Medical Association’s (CMA) General Council passed a resolution calling for the CMA to develop policy to advise on the development of a national system to oversee, organize and access genetic testing in Canada. In May 2010, the CMA proposed a national Regulatory Framework for Direct-to-Consumer Clinical Genetic Tests as a tool to highlight issues raised by these tests as an advocacy tool.

As well, in a recent study funded by the OPC, researchers at the University of Alberta’s Health Law Institute analysed the privacy policies of 32 DTC genetic testing companies against the fair information principles that underpin Canada’ private sector privacy law, PIPEDA.  Of the 32 company websites studied, fewer than half had privacy policies that addressed how biological samples and genetic test results are handled.

The report concludes with a list of privacy-related questions that consumers should consider before buying genetic tests over the Internet. “Consumers who seek answers to the questions – through careful review of company privacy policies and direct contact with companies – will be able to make a more informed choice about sending their personal information and genetic samples to a company.”

Admittedly, satisfying your curiosity about what health challenges may await you is very tempting. However, consumers should be aware that they may be getting more – and less –  than they bargained for.

Location is just one piece of information that can be generated by most smart phones, but is the most relevant for a marketer eager to deliver precise and context-specific messages to a consumer on the move. It is also a highly useful data point for a social scientist trying to measure the flow of human migration and socioeconomic progress, as in the case of Nathan Eagle’s research in the slums of Kibera, Nairobi, Kenya.

Between June 2008 and June 2009, Eagle and his co-researcher evaluated the calls recorded by mobile phones across Kenya (with all callers’ identification replaced with unique hashed IDs) to focus on calls originating or ending in Kibera. Their research tracked between 53,000 and 74,000 calls a month and a total of 18,000 individual callers during the year.

What did this data reveal about individual mobile phone users? “With each call, we can infer a number of individual characters such as

• spatial data (by the location of the cell tower that transmitted the call),
• economic data (the average length of each call, the amount of pre-paid minutes an individual has put on their phone, the type of phone),
• an individual’s regional or tribal affiliation, and
• a radius of migration for groups of individuals (by the distance between locations of cell towers calls have been made from).”

A first indication from this research is that Kenyans only live in the Kibera slum for a mean of 1.559 months. This high rate of movement and population turnover “supports the theory that slums act as a filter as opposed to a sink where there is a large amount of flux within the slum population.”

Amy Wesolowski, Nathan Eagle, Parameterizing the Dynamics of Slums

Eagle’s work in Kenya is an extension of a research project originally conducted at MIT, where 100 students were provided with mobile phones for 265 days. The mobile phones were equipped with custom survey software that recorded data and prompted the students with questions when certain conditions were met.

How much data?

“From the studies, we gathered 370 megabytes of raw data, including short recordings from 667 calls, 56,000 movements, 10,000 activations of the phone, 560,000 interaction events with our applications, 29,000 records of nearby devices, and 5,000 instant messages.”

Thankfully, from a privacy advocate’s point of view, the researchers also had to struggle with (a limited number of) weak points in their data sets – instances when the participants didn’t bring their phone with them, consciously turned the phone off, or simply ignored it. I would like to think that some of this reflected a conscious effort to mediate information collection, but it was probably just fatigue or forgetfulness.

There was one significant distinction between the two projects: the active involvement and acknowledgement of the participants. In Cambridge, the participating students were walked through the information collection process, provided with details about the information that would be collected, and required to complete a consent form (.pdf).

M. Raento, A. Oulasvirta, N. Eagle, “Smartphones: An Emerging Tool for Social Scientists“, Sociological Methods Research 37:3, 426-454.

This is an important point when it comes to the collection of location data, especially when it is associated with other personal information: individuals want to know what is happening with their information, and would like some element of control over its use.

A recent and exhaustive examination of the 89 then-available location-sharing services (really, who can keep track?) by researchers from Carnegie Mellon University noted that “the willingness to share one’s location and the level of detail shared depends highly on who is requesting this information (or knowing who is requesting this information), and the social context of the request.”

Supplemental interviews confirmed that potential users had particular scenarios in mind when evaluating the benefits and risks of these services: scenarios that would best be addressed with more detailed privacy controls, rules and conditions (explained in detail in the paper):

• Blacklists
• Friends Only rules
• Granularity of controls
• Group-based rules
• Invisible status
• Location-based rules
• Network permissions
• Per request permission
• Time-based rules
• Time-expiring approval, or
• No restrictions

Janice Y. Tsai, Patrick Gage Kelley, Lorrie Faith Cranor, Norman Sadeh, Location-Sharing Technologies: Privacy Risks and Controls

Obviously, there are significant gaps in how personal privacy is protected when information is collected and analyzed in a large scale research project, a smaller experiment and within the context of online commercial services.

The upside of RFID systems have been well-documented –they help retailers better control their inventory and cut costs for consumers,  create efficiencies in our health care system, increase customer convenience (enter the smart coffee mug), and save valuable time for consumers (let’s face it, the ability to push a shopping cart through an RFID reader that instantly calculates your grocery bill without removing a single item from the cart sounds down-right heavenly!).

RFID systems also continue to be rolled out new contexts: we have written about privacy issues surrounding the use of RFID in the workplace, Northern Arizona University is using their RFID enabled student cards to track student lecture attendance,  transportation systems use RFID to monitor traffic flow, our passports are being equipped with RFID chips and our pets are tracked and monitored via RFID implants.

While these systems can be really useful and save us time and money, they also raise some serious privacy concerns.  While the RFID tags in the Wal-Mart example are removable, not all RFID tags are (some are as small as a speck of dust and are virtually invisible).  RFID tags can be tracked and hacked, may not be easy to turn off and can be read at a distance, potentially allowing tags to be read outside the original system for purposes limited only by human ingenuity.

As the tags get cheaper and the size of the tags gets smaller, extending the reach and uses for such systems will likely evolve too. Perhaps most concerning is that RFID systems have the potential to track individuals and could do so without their knowledge or consent.  As a recent article notes:

“Location-aware apps are scary enough, based on GPS with the broad range they offer. But for the most part you still have to sign up for those. RFID is being implemented all around you…it can track infants to senior citizens with Alzheimer’s. In between it can track your clothes, your purchases, your car – even you. RFID is on the verge of tracking us all, cradle to the grave.”

As we and others in a number of jurisdictions continue to wrestle with questions about RFID and privacy, the evolving application of RFID systems serve to highlight the fascinating convergence of emerging technologies and human creativity.

One of the factors contributing to the success of the event was the extraordinary online engagement of citizens both at the event and elsewhere. Using Twitter, interested participants could ask questions, share knowledge and engage with the experts. Hundreds of messages were exchanged over Twitter throughout the day, resulting in a fascinating back-channel to supplement the live interactions taking place at the consultation event itself.

Did you miss the event? You can still check out the Twitter chatter for the event below:

Calgary Consumer Privacy Consultation

A few notable concerns over security and privacy: 49 percent of women (versus 32 percent of men) were highly concerned about letting a would-be stalker know where they are and nearly half (45 percent) are very concerned about letting potential burglars know when they’re away from home (a very real risk outlined nicely by Pleaserobme.com)

The growing popularity of geo-location tools and services (including offerings by industry giants such as Twitter, Apple, Facebook and Google) means that location information is being collected on a colossal scale and the real and potential uses for this information are just starting to work themselves out – from iPhone photos tagged with GPS coordinates to location-based gaming platforms such as Scvngr that enable mobile users to create their own location-based games.

This increase in the collection and use of location information can also pose unique risks for users.  The survey summary notes that a surprising number of respondents engaged in behaviors such as sharing location information with people other than friends that could put them, and their private information, at risk.  A blogger recently wrote about her experience with location sharing gone wrong and Foursquare was recently blasted for unintentional data leakage via their popular location-based service. 

As we note in our recent submission to Industry Canada’s Digital Economy Consultation, good privacy practices can support innovation by reinforcing confidence in users that they have the right to control their personal information and that the technology they use is secure.  With location information, the usual privacy concerns abound and with each cool, new service that hits the market. How to communicate these risks to consumers is something that occupies a great deal of our time.  Dealing with the privacy concerns of location information during the design phase for new services would help businesses avoid expensive (both financial and reputational) after-the-fact privacy fixes and might even provide those privacy-friendly businesses with a significant competitive advantage

In our submission, we argue that privacy isn’t an impediment to innovation. Rather, we believe privacy can support innovation by reinforcing confidence in users that they have the right to control their personal information and that the technology they use is secure. Too often privacy is left out of the design stage, and fixes after the fact can be expensive. We recommend that privacy become an integral part of the business models that rely on technology. We want to see a privacy culture that complements Canada’s digital advantage and, in our submission, we put forward a number of recommendations on how the federal government can help build one.

First of all we recommend strengthening privacy protections within the federal government. We’ve written previously about the need to reform the Privacy Act, but we think the federal government can go even further in being a model user of technology – for example, we’d like to see the federal government make Privacy Impact Assessment (PIA) analysis a requirement as part of preparing Memoranda to Cabinet for program approvals. We’d also welcome the federal government’s use of state-of-the-art authentication and protection technologies. Other countries are already exploring this, including the United States, where they are looking at how open-source products and standards can be used to provide identity verification.

The consultation on the digital economy includes a discussion on the importance of digital skills. We increasingly view privacy literacy and online reputation management as part of a suite of digital citizenship skills necessary for success in the digital economy. To this end, we recommend making privacy literacy an integral component of digital citizenship and would like to see the federal government fund research to support digital citizenship programs.

We also recommend providing tools to help small and medium-sized enterprises (SMEs) – and in particular SMEs that are technology innovators – better understand privacy so that privacy is considered at the outset of the design stage, and built into the end product.

Finally, we’d like the federal government to fund “privacy positive” research and development – for instance, network and security technologies that incorporate privacy protections.

With only a handful of days left, we encourage you to read our submission, and the submissions and ideas of others and offer your comments.

If you are a content expert or have thoughts to share, we invite you to attend our first rethinking youthprivacy.ca meeting on July 7 at 10:30 am. If you would like to attend, please contact us today! If you cannot attend in person, teleconferencing will be available.

If you are interested in helping us out with usability or the more technical aspects of our redesign, or if you know someone who might be interested in this collaborative interdepartmental initiative, stay tuned for more information, because we will want to meet with you soon!

Meeting details:

Wednesday, July 7, 2010

10:30 – 11:30 am

112 Kent Street, Suite 300

Ottawa, ON

“girl chewing gum” is a similar work – a continuous film of a city street, at a point during 1976 in a rather plain part of East London.

This time, however, a soundtrack is overlaid to create the illusion that the pedestrians within the frame are being given stage instructions by the ostensible director, John Smith.

This pretense begins to fall apart as the film progresses, but it serves to remind us that any film is subject to interpretation and misinterpretation. The eye of the beholder is naturally informed by personal experience, rough class distinctions reinforced by clothing and gait, social and economic bias, among many other factors.

Notably, the director’s ability to anticipate a pedestrian’s behavior is limited by his range of vision, and his false stage directions are influenced by his ability to rewind and review.

In any case, his film reflects bare moments in the life of each pedestrian, ignorant of their thoughts, the impulse that led to their walking down Stamford Road,or their eventual destination.

Thanks to Joe Moran for pointing out the film’s appearance online.