LeADS Working Paper Series Part III: Transparency and Relevancy of Direct-To-Consumer Genetic Testing Privacy and Consent Policies in the EU

Transparency and Relevancy of Direct-To-Consumer Genetic Testing Privacy and Consent Policies in the EU

 Xengie Doan and Fatma Dogan participated in the WOPA, ESR 9 and 8 respectively. Xengie is working on collective dynamic consent for genetic data and was interesting in exploring the WOPA topic to better understand the current state of publicly available information from popular direct-to-consumer genetic test companies. Of the information given, how transparent are the data processing activities, the communication about risks and benefits (including collective implications, e.g. risks and benefits also affect family members), and was it framed in a way that enabled potential customers to know their rights? These rights are
granted by the company policies, and by EU regulations such as the GDPR. While these companies may be global or serve multiple countries, for EU countries or residents they must respect EU regulations. This coincides with Fatma’s legal expertise and interest in health data sharing in the EU. This WOPA is related to the LeADS crossroads, inspired by concepts such as trust and transparency, user empowerment, and more. However, it is not directly related to any previous work with the crossroads SOTAs. This work contributes to a better understanding of how such companies operate, what information they deem important to share (for legal and customer empowerment reasons), and we offer suggestions for more user-centred, collective, and transparent policies.

Abstract of the Working Paper

The direct-to-consumer (DTC) genetic testing market in Europe is expected to grow to more than 2.7 billion USD by 2032. Though the service offers ancestry and wellness information from one’s own home, it comes with privacy issues such as the non-transparent sharing of highly sensitive data with third parties. While the GDPR states transparency requirements, in practice they may be confusing to follow and fail to upload the goals of transparency – for individuals to understand their data processing and exercise their rights in a user-centered manner. Thus, we examined six large DTC genetic companies’ public privacy and consent policies and identified information flows using a contextual integrity approach to answer our research questions 1) How vague, confusing, or complete are information flows?; 2) How aligned with GDPR transparency requirements are existing information flows?; 3) How relevant is the information to users?; 4) What risk/benefit information is available? This study identified 59 public information flows regarding genetic data and found that 69% were vague and 37% were confusing regarding transfers of genetic data, consequently GDPR transparency requirements may not be met. Additionally, companies lack public user-relevant information, such as the shared risks of sharing genetic data. We then discuss user-centered and contextual privacy suggestions to enhance the transparency of public privacy and consent policies and suggest the use of such a contextual integrity analysis as a governance practice to assess internal practices.

LeADS Working Paper Series Part II: Contribution to Data Minimization for Personal Data and Trade Secrets

Contribution to Data Minimization for Personal Data and Trade Secrets

To respond to tensions between personal data protection and trade secrets, ESR 1 Qifan Yang and ESR 4 Cristian Lepore participated in the WOPA 4 “Personal Data vs. Trade Secret.” Qifan’s research explores legal and economic solutions to balance personal data protection and market competition. Cristian’s research analyses technologies for data minimization. The link between the two is personal data. In the collaborative work, we investigate a new legal and technical tool to sketch boundaries between personal data vs. trade secrets and propose a GDPR-compliant model to protect personal data and trade secrets with legal and technical data minimization considerations. The title of the work is “Personal Data vs. Trade Secret.” The aim is to enhance privacy protection and effective competition in the marketplace, thus contributing to privacy protection and effective competition. To achieve the objective, ESR1 analyses legal tools to draw clearer boundaries between personal data and trade secrets while promoting data sharing to unleash competitive dynamics. On the other hand, ESR4 explores frameworks to achieve data minimization by default considering technical and legal aspects.
The work “Contribution to data minimization for personal data and trade secret” is closely related to Crossroad 1, “Privacy vs. Intellectual Property”, and Crossroad 3, “Data Ownership.” The former is an important principle to be observed by personal data controllers and processors in data processing. It plays a pivotal role in determining the scale of data collection, processing, storage, and availability. This principle prompts the trade secrets directive to be applied more rationally while respecting the data subject’s rights, so personal data can flow more freely with the individual’s intention, facilitating the improvements of products or services and promoting market competition. With the idea to strengthen the European digital single market, the EU Commission designed a cross-interoperability framework with privacy objectives in mind — here, data minimization plays a crucial role. The latter studies the work of the European Commission related to cross-border interoperability through coming standards from the academia and industry (e.g., the W3C VC model). Compared to other platforms, the data exchange format designed by the W3C with verifiable credentials is a significant advantage, opening up a better data minimization implementation. While the specific term “IP” is not explicitly mentioned in the provided text, the researchers’ work on data minimization and its impact on the classification of personal data as a trade secret aligns with the broader topic of “personal data vs IP.” They seek to address one of the important tensions between personal data protection and market competition, which are critical considering a data-driven society’s legal and ethical implications.

Abstract of the Working Paper:

Personal data is a resource with significant potential economic value and has a natural and intrinsic “bloodline” tied to personal privacy. The control over personal data, at the intersection of personal privacy and commercial assets, shapes market competition to slight advantages for market dominants. The data minimization from the General Data Protection Regulation as a general benchmark builds bridges between personal data and trade secrets and imprisons excessive breaches against personal data by trade secrets. Still, the legal and technical framework for achieving this target is left open. This work contribution is multifold. (1) It explores the intersection and relationship between personal data and trade secrets, specifically whether personal data can be considered a trade secret beyond personal data protection and minimization. (2) A high-quality GDPR-compliant teaching model is proposed to protect personal data and trade secrets with legal and technical data minimization considerations. (3) It presents the parallelisms between the European framework for electronic transactions and the introduced model. In the long run, we aim to provide citizens with tools to understand and mitigate privacy issues.

LeADS Working Paper Series Part I: The Flawed Foundations of Fair Machine Learning

The Flawed Foundations of Fair Machine Learning


Robert Lee Poe (ESR 14) and Soumia Zohra El Mestari (ESR 15) authored “Borders Between Unfair Commercial Practices and Discrimination in Using Data.” Robert and Soumia, having initially investigated algorithmic fairness/discrimination in their Crossroad “Trust in Data Processing and Algorithmic Design,” narrowed the WOPA subject matter to an in-depth analysis of particular fair machine learning strategies used in practice for purportedly ensuring non-discrimination/fairness in automated decision-making systems. The intersection of algorithmic unfairness and non-discrimination law is the focal point of Robert’s Ph.D. research, specifically the legality of using fair machine learning techniques in automated decisions from both a European Union and United States legal perspective (hiring, admissions, loan decisions, etc.). Soumia’s Ph.D. research focuses on the implementation of privacy-preserving techniques as constraints to be enforced to achieve trustworthy processing in complex machine learning pipelines, where she also investigates the gap between data protection legislation and trustworthy machine learning implementations, and how the different components of trustworthiness such as privacy, robustness, and fairness interact. The study of the dynamics of these interactions offers a better understanding of how a trustworthy machine learning pipeline should be implemented, exposed as a service, and interpreted under the different legal instruments. The WOPA focuses on studying one type of those interactions namely: the robustness (measured as accuracy) and fairness (measured as group similarity) and how the focus on one of those two components affects the other under different data distributions. The main contribution of the WOPA is the clarity provided by the conceptual and empirical understanding of the trade-off between statistically accurate outcomes (robust) and group similar outcomes (fair). While that distinction is not a legal one, it has many implications for non-discrimination law, and further research in that direction is needed, with specific suggestions being given in the conclusion of the article.

Abstract of the Working Paper

The definition and implementation of fairness in automated decisions have been extensively studied by the research community. Yet, there hides fallacious reasoning, misleading assertions, and questionable practices at the foundations of the current fair machine learning paradigm. Those flaws are the result of a failure to understand that the trade-off between statistically accurate outcomes and group similar outcomes exists as an independent, external constraint rather than as a subjective manifestation as has been commonly argued. First, we explain that there is only one conception of fairness present in the fair machine learning literature: group similarity of outcomes based on a sensitive attribute where the similarity benefits an underprivileged group. Second, we show that there is, in fact, a trade-off between statistically accurate outcomes and group-similar outcomes in any data set where group disparities exist and that the trade-off presents an existential threat to the equitable, fair machine learning approach. Third, we introduce a proof-of-concept evaluation to aid researchers and designers in understanding the relationship between statistically accurate outcomes and group-similar outcomes. Finally, suggestions for future work aimed at data scientists, legal scholars, and data ethicists that utilize the conceptual and experimental framework described throughout this article are provided.

LeADS Working Paper Series

This blog post inaugurates the LeADS Working Paper Series, a series of blog posts that will give the possibility for our Early-Stage Researchers (ESRs) to present and contextualize the Working Papers they have been working on over the past months.

Working Papers (WOPA) represent the state of the art in the field of Privacy and Data  Protection, Intellectual Property, Algorithm Regulation, Privacy Enhancing Technologies, and Data Processing Transparency. These papers were written by groups of Early Stage Researchers, in an effort to reflect how each crossroad topic still needs to be addressed circlein data-driven societies that cannot be viewed and fully grasped in isolation but are instead fully interconnected.

The Working Papers are also a very important landmark for the LeADS project since they constitute the first public deliverable of the project. For this “LeADS Working Paper Series,” each WOPA team wrote an introductory text which should serve to contextualise their work with regard to the LeADs project. It is followed by the abstract of their respective paper. The following 6 WOPAs were written and will have dedicated blog posts.

  • “The Flawed Foundations of Fair Machine Learning”
    Robert Lee Poe and Soumia Zohra El Mestari 
  • “Contribution to data minimization for personal data and trade secrets” – Qifan Yang and Cristian Lepore
  • “Transparency and Relevancy of Direct-To-Consumer Genetic Testing Privacy and Consent Policies in the EU” – Xengie Doan and Fatma Dogan
  • “Data Access And Re-Use In The European Legal Framework For Data, From The GDPR To The Proposed Data Act: The Case Of Vehicle Data” – Tommaso Crepax, Mitisha Gaur and Barbara Lazarotto
  • “From Data Governance by Design to Data Governance as a Service” – Armend Duzha, Christos Magkos, and Louis Sahi
  • “Data Collaboratives with the Use of Decentralised Learning – an Interdisciplinary Perspective on Data Governance” – Maciej Zuziak, Onntje Hinrichs and Aizhan Abdrasulova

Keep tuned in for the first blog post in a few days!