Comments – Information and Privacy Commissioner of Ontario

Notice

Comments are posted in the language in which they were received.

Dear Ms. Zimmerman,

Please find attached a letter from Patricia Kosseim, Information and Privacy Commissioner of Ontario.

The following is the requested demographic information:

  1. Province or territory: Ontario
  2. Affiliation: Other
  3. Capacity in which you are submitting the comments: Representative of a group or organization
  4. Your main discipline: Other

Kind regards,

Patricia Edwards
(she/her)
Executive Assistant / Adjointe de direction
Office of the Commissioner / Bureau du commissaire
Information and Privacy Commissioner of Ontario
Commissaire à l’information et à la protection de la vie privée de l'Ontario
2 Bloor Street East / 2 rue Bloor Est
Suite 1400
Toronto, Ontario M4W 1A8
Toronto area / région de Toronto: 416-326-3333
Toll free / sans frais: 1-800-387-0073
TTY: 416-325-7539
Patricia.Edwards@ipc.on.ca

October 4, 2021

Ms. Susan Zimmerman
Executive Director
Secretariat on Responsible Conduct of Research
Canadian Institutes of Health Research
160 Elgin Street, 9th Floor
Ottawa ON K1A 0W9

RE: Submission of the Information and Privacy Commissioner of Ontario on the Proposed Guidance for Public Consultation

The Panel on Research Ethics has posted for public consultation four documents related to the Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans (TCPS2).Footnote 1 This submission focuses on the document titled “Proposed Guidance Regarding Broad Consent for the Storage and Use of Data and Human Biological Materials.”Footnote 2

The Information and Privacy Commissioner of Ontario oversees the province’s access and privacy laws. These laws include Ontario’s Personal Health Information Protection Act, 2004 (PHIPA), which governs the responsibilities of health information custodians (custodians) with respect to individuals’ personal health information.

Proposed guidance regarding broad consent for the storage and use of data and human biological materials

Although the concept of broad consent has significantly evolved over the years through international ethics norms, the TCPS2 has been notably silent on the issue and Canadian researchers have lacked clear guidance in this gray and complex area. I commend you for taking this difficult, yet critically important step of articulating the principle within appropriate ethical parameters and consulting broadly on your draft text (the “Proposed Guidance”).

Over ten years ago, I set out my views on broad consent in an article entitled, “Banking for the Future: ‘Informing’ Consent in the Context of Biobanks”, published as part of the proceedings of the IV International Seminar on the UNESCO Universal Declaration on Bioethics and Human Rights, organized by the UNESCO Chair of Bioethics at the University of Barcelona and the Catalan Data Protection Authority. An English version is available here and, for your convenience, has also been reproduced in full as an Appendix to this submission. Although the views expressed in that paper were written while I was in a different capacity, they are still representative of my views today. To the extent you may find it helpful, I refer you to that paper in its entirety for more detailed input into your consultation process.

In addition, I provide here below some general, high-level comments on your draft text, followed by more specific comments relating to the application of Ontario’s PHIPA. Our comments are based on the basic premise that privacy, conceived as the right to control how information about oneself is shared with others, is not necessarily incompatible with the concept of broad consent.

A. General comments

Cross-sectional versus longitudinal

As currently written, the Proposed Guidance does not distinguish between cross-sectional studies when contact with the individual to collect data or samples occurs typically only once, at a specific point in time, versus longitudinal studies where repeated contact with individuals and ongoing data or sample collection are intended to occur over a longer period. The difference is important in terms of setting out the expectations of the researcher to obtain the ongoing consent of individuals. While some of the reasons cited as justifying the acceptability of one time consent (such as individuals not wanting to be re-contacted, or being lost to contact over time) may arise in the context of cross-sectional studies, they would not necessarily hold true in the context of longitudinal studies. In the latter context, researchers are highly motivated to maintain contact with individuals and the opportunity more feasibly exists to periodically renew or confirm consent.

Purpose

The Proposed Guidance appears to suggest that data repositories or biobanks may be created with very broad and open license to be used for any future, downstream purpose. However, more often than not, these data repositories or biobanks are funded with a more circumscribed research purpose or theme that is of particular interest or relevance to the sponsors. They have also been peer reviewed for their scientific merit and viability by specialized experts in that area of study, e.g. cancer, healthy aging, diabetes, cardiovascular diseases, maternal, prenatal and newborn care, etc. In such cases, the purpose that is described to individuals should accord with the purpose set out in the approved research proposal; individuals should not be asked for broader permission than is necessary to achieve the approved and authorized purpose.

Accountability

The Proposed Guidance appears to contemplate situations in which data or samples from the repository may be shared with future researchers who are located in different jurisdictions and/or not otherwise subject to the TCPS2. This may be the case when new opportunities for cross-sectoral and/or international collaborations arise, and joint efforts and resources can be leveraged to new heights. In such cases, the Proposed Guidance suggests that researchers “must consider the repercussions of this decision for participants”, which includes taking necessary procedural steps to realize any assurances made to the individual or informing the individual when they are unable to do so. However, basic notions of accountability would, in our view, necessitate much stronger language to require those responsible for the governance of the data repository or biobank to take responsibility for ensuring, contractually or otherwise, that the general ethical principles of the TCPS2 and any applicable legal obligations also apply to those downstream researchers.

Transparency

The Proposed Guidance acknowledges that not all participants will be interested in receiving detailed information about the repository’s governance framework up front during the consent process, preferring instead to focus on that which is most relevant for informing their decision to participate. The Proposed Guidance suggests that researchers could provide individuals with these further details by way of addendum for reference later on, as well as a means by which individuals may obtain ongoing information about any changes to the repository’s governance, such as contact information and a website. In our view, the transparency obligations imposed on those responsible for governing a data repository or biobank should be more explicit in terms of setting out the basic information elements that should be published for all to see on such a website. Transparency serves not only to inform individual participants, but also serves to hold researchers to account to the general public, to funders, and to regulators.

Reasonable expectations of the individual

The concept of broad consent is predicated on the reasonable expectations of the individual. Some individuals may indeed be comfortable with giving broad consent for their data or bio samples to be used for any and all research in the interest of advancing science, with no desire to limit the scope whatsoever. This may be the case for individuals who are well-versed in the field of science and research either by reason of personal circumstance or choice of career, have become acclimatized to the risks involved and generally know “the unknowns”. However, the vast majority of individuals who participate in large-scale, population based research may not necessarily share this perspective and generally do not know what they don’t know. From our experience, working in the field of data protection for many years, the key aspects that individuals would not reasonably expect, and may come back to surprise them if they are not specifically told about and alerted to the associated risks are: 1) the potential involvement of private sector partners and any commercialization of the research; 2) any broadening or change in what they understand to be the purpose of the research, particularly on issues they fundamentally disagree with or object to; 3) the potential risks that they may be re-identified by future researchers based on information the individual has provided or other information about them available from other sources; and 4) that their personal data or bio samples may be shared with researchers outside Canada.

B. Specific recommendations

In addition to the more general comments above, we offer the following specific recommendations for your consideration.

The TCPS2 states that researchers who must comply with the TCPS2 are also “responsible for ascertaining and complying with all applicable legal and regulatory requirements with respect to consent and the protection of privacy of participants.”Footnote 3 In Ontario, custodians – and non-custodian researchers who receive personal health information from custodians – must comply with applicable requirements found in PHIPA and its regulation. While we understand that PHIPA and its regulation do not apply to all research conducted in accordance with the TCPS2, our comments in this submission refer to PHIPA concepts that the Panel may find helpful to consider.

Our recommendations pertain to three sections of the Proposed Guidance: The shared responsibility to protect participants; Informed broad consent; and Ongoing broad consent.

The shared responsibility to protect participants

1. Require that researchers consider whether disclosure of data or bio-samples to other researchers would be permitted by the law of their jurisdiction

In the section on the shared responsibility to protect participants, lines 56-58 state: “Researchers who intend to make their collections of data or human biological materials available to other researchers not subject to the TCPS2 must consider the repercussions of this decision for participants.” We recommend adding that the researcher must consider not only the repercussions of this decision for participants, but also whether this decision would even be permitted by the law of their jurisdiction. For example, if the data to be shared with other researchers is personal health information within the meaning of PHIPA, this would be a disclosure under PHIPA, and PHIPA places limitations on a researcher’s ability to disclose personal health information received from a custodian.

2. Discuss re-identification

We recommend adding that the shared responsibility to protect participants includes the responsibility to refrain from re-identifying (or attempting to re-identify) data about them that has been de-identified, unless permitted by law. For example, section 11.2 of PHIPA prohibits any person from using or attempting to use information that has been de-identified “to identify an individual, either alone or with other information, unless this Act or another Act permits the information to be used to identify the individual.”Footnote 4 It is an offence under PHIPA to wilfully contravene section 11.2.

The Proposed Guidance touches briefly on the topic of re-identification at line 160, where “[r]isks of re-identification” is given as an example of a reasonably foreseeable risk that may arise from the storage and research use of data and human biological materials. We recommend that when discussing the risks of re-identification, the researcher explain that identifiability is a spectrum and describe the level of identifiability of the data that will be shared.

Informed broad consent

3. Require that researchers provide the information to participants in plain language

Lines 106-109 acknowledge “not all participants are interested in the details of a repository’s governance and their inclusion in the consent form may distract from information that is more relevant to the participant at the time of initial consent.” Along these same lines, we recommend that the Proposed Guidance affirm that the information provided to participants should be in plain language that can be easily understood.Footnote 5

4. Require that researchers provide parameters on the purposes for which data will be used

Lines 129-130 refer to providing the participant with a “[d]escription of what data and human biological materials will be stored for research, for what purpose, if known...” Even if the exact purposes are not known, we recommend that the researcher put some general parameters around the purposes for which the data may be used; it should not be completely open. For example, the researcher might know what purposes the data will not be used for, or the general areas of research that will be permitted. Additionally, researchers should build in a process that allows them to inform participants if there is a significant change in purpose from what was originally described.

5. Require that participants be informed of related indirect collections

Lines 128-140 provide details on how the researcher should inform the participant of “what is being collected and stored for unspecified research and why.” We recommend that researchers should also inform the participant whether any other personal health information or personal information will be collected indirectly through other means, such as linkage with other records.

6. Consider any impact on the participant’s family members

Research involving a participant’s personal health information, particularly in the context of biobanks, could have an impact on the participant’s family members as well. We recommend adding to the list of requirements for informed broad consent that the participant be informed of the implications that their participation may have on their family members. For example, the researcher should explain whether they will be asking the participant for family history or genetic-related information which may reveal information about their family members. Similarly, the researchers should explain whether they will require contact information of family members, and whether and in what circumstances the researcher would contact the individual’s family members.

7. Require that participants have access to ongoing information

Lines 148-150 refer to providing the participant with an “[e]xplanation of what and how to obtain information that will be provided as part of ongoing consent (e.g., details of research) or that participants will not have access to this information.” In our view, and for purposes of basic transparency, participants should always have access to ongoing information about the purposes for which the data is being used. We recommend that the Proposed Guidance omit the phrase “or that participants will not have access to this information”.

8. Emphasize that commercialization is a highly sensitive topic

Lines 182-184 refer to providing the participant with “[i]nformation concerning whether the repository financially benefits from the commercialization of findings, the data or human biological materials or products derived from them and whether participants will financially benefit.” We recommend that the Proposed Guidance acknowledge that the possibility of commercialization of research results continues to be a matter of significant public concern, particularly in a publicly-funded health care system, and this may be the case, even when the data has been de-identified.Footnote 6

9. Expand on the idea of transparency

The information elements listed in lines 118-190 of the Proposed Guidance that should be communicated to individuals in order for broad consent to be informed, should also be communicated to individuals -- and indeed the public at large -- for the sake of transparency --even where individual consent is not required by law or by the TCPS2.

Additionally, we recommend that the researcher include information on the source of the data (if it is not collected directly from the individual), the nature of the data and any data linkages that will be performed.

Ongoing broad consent

10. Add a note about who may contact the participant

This section sets out the duty of repositories and researchers “to provide participants who wish it with information relevant to their consent throughout the storage and use of their data or human biological materials for research” and notes “[r]esearchers must respect the wishes of participants who do not want to be re-contacted.” We recommend adding that there may be legislative requirements about who may or may not contact the participant.

For example, where a custodian has disclosed an individual’s personal health information to a researcher without consent, PHIPA contains these requirements with respect to who may contact the individual:

We appreciate the opportunity to make this submission and commend you and your organization once again for taking on this important initiative. Please do not hesitate to let us know if you have any follow up questions.

Sincerely,
Patricia Kosseim
Commissioner

References

Banking for the Future: "Informing" Consent in the Context of Biobanks

Paper submitted at the IV International Seminar on the UNESCO Universal Declaration on Bioethics and Human Rights, organized by the UNESCO Chair of Bioethics in the University of Barcelona and the Catalan Data Protection Authority

January 21, 2011
Barcelona, Spain

Patricia Kosseim, General Counsel, Office of the Privacy Commissioner of Canada
and Dara Jospe, Student, University of Ottawa

I. Introduction

In 2009, Time magazine chose biobanking as one of the ten 'ideas changing the world right now'.Footnote 1 Biobanking stands to fundamentally change the way we prevent, diagnose and treat disease, however it is also changing traditional ethical, legal and social norms of medical research. As Elger and Caplan note: "The challenge produced by biobanks is immense: after more than 50 years of classical health research ethics, regulatory agencies have begun to question fundamental ethical milestones".Footnote 2 One fundamental ethical milestone being challenged by the growing emergence of biobanks today is consent. This paper attempts to address this challenge by suggesting ways of operationalizing consent from a data-protection perspective.

a. Emergence of Biobanks

Although there is no consensus definition of a biobank, it is generally understood as "a collection of biological material and the associated data and information stored in an organized system, for a population or a large subset of a population."Footnote 3 Biobanks may vary in terms of size, scale, scope and type, but they otherwise share a number of typical characteristics including, a combination of genotypic and phenotypic data, a public interest focus, and some governance mechanism that permits access by researchers for future research purposes, subject to certain conditions.Footnote 4 Researchers use biobanks to understand how health is impacted by genetic, environmental and/or lifestyle factors, to improve the detection, prevention, diagnosis and treatment of disease and ultimately, to enhance the health of populations.

At the time of writing, the Public Population Project in Genomics (P3G) - a not-for-profit international consortium that provides access to expertise, resources and up-to-date information on public population genomics - reported the existence of 164 large population-based studies; each larger than 10,000 individuals and together targeting nearly 13 million participants in more than 40 countries.Footnote 5

Biobanks can take various forms: they may be comprised of archived material left-over from clinical use, or collected prospectively for the purposes of biobank research. They may be broad population based collections of biosamples and data from healthy individuals, or may be targeted collections from disease-specific communities. Biobanks may be designed to collect biosamples and data at a specific point in time (cross-sectional prevalence) or on an ongoing, longitudinal basis in order to study health changes in a population over long periods (cohort). For the purposes of this paper, we consider biobanks created prospectively for longitudinal cohort studies that are epidemiological in nature.

b: Informed consent

Informed consent remains a fundamental legal and ethical principle in health research. Firmly anchored in seminal codes of research ethics involving human subjects, informed consent engages the foundational principle of respect for persons. As a legal principle, it finds roots in common law as a waiver to the tort of battery and negligence in medical research, and in human rights law, as an express manifestation of the individual right to autonomy, liberty and human dignity. To the extent that biobanks also involve the collection of personal data, the requirement for informed consent is engaged by internationally recognized principles of data protection as well. Footnote 6

Informed consent requires individuals to know and understand the nature and consequences of their inclusion in research, including all the risks involved, before deciding whether or not to participate. While this concept may be practicable in the context of individual research projects, such as clinical trials for example, where the specific details of the trial must be firmly set out in the study design and protocol, it is considerably more difficult to apply to in the context of biobanks. General information about the governance of the biobank may be described at the time of recruitment and prospective data collection, but certainty about how the biobank may evolve over years or even decades cannot be predicted and specifics about future research projects that will make use of the biosamples and data in the biobank are not yet known.

Given the sheer size of the populations involved and the vast number of research projects expected to make use of the biobank collections, it may be unrealistic to expect researchers to re-contact individual participants to obtain their specific informed consent each time an access request is made for a new research project. It is argued that the cumbersome, expensive and impracticable nature of such a requirement could potentially inhibit socially-valuable research from proceeding. Practical issues aside, re-contact may also run counter to individuals' express wishes to permit use of their biosamples and data for future research purposes without having to be re-consented every time.Footnote 7

c. Broad Consent

Increasingly, academics, policy-makers and even some legislatures have come to acknowledge the practical difficulties of transposing a specific informed consent requirement from the traditional medical research paradigm into the context of biobanks. As a result, there has been a growing movement away from a model of specific informed consent to one of broad consent.Footnote 8

Broad consent is a more general form of consent whereby individuals agree to have their biosamples and personal information collected and stored in the biobank and used for future, unspecified research. Under a broad consent model, individuals may be given information about the purpose of the biobank, the data collection process, how their data will be managed, including procedures for granting researcher access to the data for future research studies, but without knowing the specifics of what those future studies will entail.

A review of international guidelines illustrates the increasing acceptance of broad consent as an alternative model for biobank research. For instance, the 2009 OECD Guidelines on Human Biobanks and Genetic Research Databases (HBGRD) recognize the possibility for broad consent at Article 6:

Where authorised by applicable law and the appropriate authorities, the operators of the HBGRD could consider obtaining a consent that will permit human biological specimens and/or data to be used to address unforeseen research questions. Participants should be fully informed of the breadth of such consent and there should be additional safeguards in place to ensure that participants are protected.Footnote 9

Other international instruments however are more guarded in their approach by requiring anonymization of data as a condition for allowing broad consent instead of specific informed consent. For example, the World Health Organization has recommended:

In some cases it might be desirable to seek broad, open-ended consent to future research, the purposes, limits or consequences of which are currently unknown. In such cases, blanket future consent is only permissible where anonymity can be guaranteed, and there is no risk that unexpected results will filter back to the subjects concerned. If this guarantee is not possible, or if linking of data is necessary for the research, then specific consent to the specific research must be obtained. The use of sunset clauses, whereby consent will only be valid during a finite period of time, might be considered as a means to ensure adequate protection of individual interests.Footnote 10

Broad consent is gaining some traction at the national level as well. A growing number of jurisdictions are adopting laws or policies in support of broad consent, albeit subject to a wide variety of conditions such as: partial restrictions on use, anonymization of data, approval by a research ethics committee and the ability to opt-out. Iceland, Estonia, U.K., Australia, Germany, Switzerland and Japan have express legislation or national policies directly on point.Footnote 11 Among those absent from this list is Canada. The concept has not been expressly adopted into data protection laws and the December 2010 revision of the Tri Council Policy Statement (TCPS) on Ethical Conduct of Research Involving Humans made no explicit mention of broad consent.Footnote 12

Accordingly, the legal acceptability of broad consent, subject to different conditions, will vary from jurisdiction to jurisdiction depending on the laws and policies in place.Footnote 13 The variation across these norms can be explained in part by differences in local cultures, values and traditions which influence publics' preferences and expectations of what researchers can or cannot do with their personal information.Footnote 14 Where the normative balance is ultimately struck reflects the relative weighting each society places on foundational ethical principles such as individual autonomy and self-determination on the one hand, and principles of solidarity, citizenry and universality, on the other.Footnote 15

II. Recent Challenges in the Courts

With the relative weighting of these normative principles still in flux, a number of recent court cases demonstrate the practical challenges of applying consent in the context of biobanks and the complexity of the issues at stake.

In British Columbia, Canada, parents recently launched a lawsuit against two hospitals alleging breach of privacy, an unlawful search and seizure and breach of fiduciary duty. Parents took objection when they learned, after the fact, that their infants' blood samples obtained through routine newborn screening tests for genetic diseases at birth, were being retained by the hospitals and used for secondary research purposes without consent.Footnote 16

The BC Supreme Court has yet to rule on the case but in a similar case in Texas, parents filed a civil suit against the defendant State Department of Health for failure to obtain their consent for retention and use of their newborn blood spot samples (NBS). The parents argued that this non-consented practice constituted unlawful search and seizure and violation of their liberty and privacy rights under the Fourth and Fourteenth Amendment of the U.S. Constitution and applicable state laws.Footnote 17 After failed attempts to have the suit dismissed, the State Department of Health eventually agreed to settle the claim by: posting, online, all the research projects that used the NBS; informing parents how their child's NBS was used; and destroying over four million NBS it had obtained between 2002 and 2009 without parental consent.Footnote 18 This destruction resulted in waste of valuable public resources and loss of opportunity to conduct socially-important paediatric research. The irony here is that, had parents been asked, many would have likely agreed to have their newborn's NBS used for research purposes which may have prevented litigation in the first place.Footnote 19

The Havasupai tribe of Arizona sued Arizona State University over a genetic study conducted by its researchers. In this case, although the plaintiffs had consented to the collection of their DNA for research, they understood the purpose of the research was to investigate the high incidence of type-2 diabetes among the tribe. It was only years later that they learned their DNA samples were also being used to research other conditions, including schizophrenia (a condition which they considered socially stigmatizing) and the geographic origins of their tribe (research they found objectionable given their own traditional beliefs of their ancestral origins). In this case, participants had signed a broad consent form which stipulated that their blood could be used to "study the causes of behavioural/medical disorders". However, most participants did not understand this to mean research beyond diabetes. Ultimately the University settled the suit for millions of dollars.Footnote 20

These recent cases demonstrate the legal fragility of biobanks that are maintained and used for secondary research purposes without consent, or biobanks for which consent is ostensibly obtained but in such broad terms that it is misunderstood by participants and becomes virtually meaningless. The interesting question here is whether broad consent obtained prospectively at the time of collection and properly explained could have been sufficient to alleviate participant concerns, meet their needs and expectations, and ultimately maintain their trust. Without commenting on the legality of broad consent in Canada or the U.S. -- particularly given notable differences between North American and European policy and legislative frameworks -- there are a number of partial solutions, at least from a data protection perspective, that could have made broad consent more palatable for participants in these cases.

III. Broad Consent from a Data Protection Perspective

As a data protection principle, informed consent requires advising individuals of what they need to know to understand how personal information about them will be collected, used, stored and disclosed, taking into account the reasonable expectations of the individuals, depending on the circumstances and the sensitivity of the data.Footnote 21

Whereas informed consent as a waiver to the tort of battery or negligence in medical research requires explanation of all specific risks to the body, no matter how rare or minimal, informed consent for data protection purposes requires disclosure of what a person would reasonably expect to know taking into account the circumstances and nature of the data involved. Applied to prospective collection of biosamples in the context of longitudinal cohorts, this would require providing individuals with the following classes of information: 1) the data collection process; 2) the purpose of the biobank; 3) the governance framework of the biobank; 4) the future purposes to which the data will be put; and 5) the terms of their engagement.

a. Data Collection Process

In prospective, longitudinal cohorts, information provided to individuals about the data collection process itself should be as specific as possible. Individuals would reasonably expect to know details at this level so as to understand what their active involvement will entail, particularly given the long-term nature of their involvement, the potential involvement of family members, and the significant physical and personal inconveniences involved. Individuals would reasonably want to know the frequency with which they will be contacted and for what purpose; which biosamples and other physical measures will be taken, how, how often and what - if any - are the risks; the nature and extent of the personal information to be collected directly through questionnaires, how and how often; the general nature of the questions to be asked and how personally intrusive they may be (e.g. general questions about physical well-being or sensitive questions about emotional and mental state, and/or lifestyle choices); what other personal information will be collected indirectly through other means (e.g. linkage with health records etc.); how often they or their family members will be contacted, how long will each contact take and for what purpose (more data collection or periodic confirmation of contact information only); travel and expense implications etc.

Given the scientific imperative to collect robust, comparable data on a systematic basis over time, details about the data collection method are typically specified in a well-established research protocol that has been through a rigorous peer review process, approved and funded accordingly. These details are not likely to be deviated from, or at least not easily. To do so would risk creating undue bias in the selection and collection process. Hence, these details would be available at the time of recruitment and should be shared with prospective participants to inform their decision on whether or not to be included in the biobank.

b. Purpose of the Biobank

From a data protection perspective, purpose identification is a key factor for informing an individual's consent to collection, use or disclosure of their personal information. Individuals would reasonably expect to know what the purpose of the biobank is intended to serve. The case involving the Havasupai tribe of Arizona described above is a case in point -- although the consent form described broad research purposes, the tribe understood the purpose of their DNA collection was to study type-2 diabetes.

In some cases, the purpose of the biobank may be to create a very large cohort of healthy individuals across a broad age span to support general research related to public health, epidemiology, and population genomics. In these contexts, it would be understandably difficult to circumscribe the objective of the biobank beyond these general health research purposes.

In other cases, however, biobanks may be created for the purpose of supporting research on a certain disease or class of diseases (e.g. certain chronic diseases or cancers), or for examining the health determinants of certain cohorts (e.g. children, adult or aging populations). These purposes will typically be specified in the original research protocol. Again, these are not likely to be easily changed without affecting the scientific validity of the data collection method on the basis of which the biobank was peer reviewed, or the sponsors' expectations on the basis of which funding was approved. In these cases, researchers should inform prospective participants of the circumscribed purpose of the biobank and avoid the temptation to artificially broaden it to keep as many doors open as possible. Rather, to the extent that the scope of the biobank could change sometime in the future, researchers should build in a process from the very outset that would allow them to inform participants of any significant change in purpose and provide them with an opportunity at that point to confirm/affirm their consent to continue to participate.

c. Governance of the Biobank

A key data protection principle related to informed consent requires openness and transparency about the policies, processes and procedures in place to ensure proper governance of the personal data that will be collected, stored, used and disclosed by an organization. Applied to biobanks, this entails a broad category of disclosure requirements. These include: the independent oversight mechanisms in place to oversee the development, implementation and use of the biobank; the accountability processes setting out roles and responsibilities of the funders, biobank developers, researchers and various institutions involved; the data access policies governing researchers' access to the data, subject to which conditions and review processes; procedures for de-identifying and/or coding the data and where applicable, the entities responsible for maintaining the code key, re-identifying the data and/or linking them with other datasets; plans for data storage and safeguards for protecting the confidentiality and security of the data from unintended breach; relevant contact information and processes in place for challenging compliance in the event of breach; and plans for long-term retention of data and evolution of the biobank upon the completion of its stated purpose and/or expiry of funding.

Providing prospective participants with details about how their personal information will be managed and processed is difficult to carve in stone particularly given the long term nature of biobanks, their increasing complexity and the rapidly evolving nature of information technologies (e.g. cloud computing, data analytics, gene sequencing, etc.) However, this does not dispense with the need to put in place a proper governance process from the outset and to respect the reasonable expectation of individuals to understand in simple terms who will be accountable for making which decisions, in accordance with what processes and subject to what conditions along the way.

Different tools and approaches have been used and suggested for providing governance-related information in layperson terms and through a multi-layered approach to support a meaningful informed consent process. These include providing links to more detailed information that can be found in descriptions of the biobank governance structure, its data access and privacy policies and any applicable data sharing agreements; developing information pamphlets and frequently asked questions; and using visual aids, data flow diagrams and explanatory videos wherever possible. Most importantly, individuals must be afforded with sufficient time and opportunity to reflect on this information, seek out further information at the level they desire, and ask questions or raise concerns.

d. Future research uses of the data

From a data protection perspective, a person would reasonably expect to know what future uses will be made of their personal data and the risks involved. However, therein lies the crux of the challenge since details of future research studies that will make use of the biosamples and personal data contained in the biobank are still unknown at the time of recruitment and the initial consent process. The question then is whether individuals, knowing what they do about the purposes of the biobank and its governance structure, would be reasonably willing to accept a certain degree of uncertainty, fully informed of the inherent risks associated with not knowing the specific details of individual research projects that will eventually make use of their personal information and biosamples.

While individuals may consent to assume such risk, in order for it to be meaningful and informed, there must be clear understanding - and agreement -- of what constitutes an acceptable threshold of risk beyond which re-contact will be necessary.

One key factor in determining the acceptable and agreed-upon threshold of informational risk associated with providing access to third party researchers for future yet unspecified research projects is the level of identifiability of the data that will be shared. Individuals reasonably expect to know and understand the risks that third party researchers may identify or re-identify them based on data provided to them, either alone or in combination with other available data. Recognizing that absolute de-identification cannot be guaranteed and that identifiability is a spectrum rather than a black-and-white concept, there must be clear explanation of the form released data will take (coded, double-coded, encrypted, etc.) and clear agreement on the level of identifiability risk that individuals would be willing to accept, and agree to, based on initial, broad consent. Any time the risk of identifiability is elevated beyond that agreed-upon threshold, either due to the nature or form of the data being requested and/or the unique particularities of an individual research project, re-contact would be necessary to seek specific permission.

A second threshold factor affecting informational risk that may trigger the need for re-consent is purpose. Where the future research purposes exceed the scope of purposes originally described to them (see discussion on "The Purpose of the Biobank" above), a person would reasonably expect to be informed of this significant change and re-contact will be necessary to seek their renewed consent. For example, future research purposes that exceed the original stated purpose of the biobank or expand to include commercially-related purposes would clearly exceed what a person would reasonably expect and consider appropriate in the circumstances. Unless expressly stipulated at the outset, these new purposes would go beyond the valid parameters of initial broad consent, thereby triggering the requirement for re-contact and renewed consent.

A third threshold factor in determining the level of informational risk that an individual may be reasonably willing to assume and accept through broad consent at time of recruitment without knowing the details of future, yet unspecified research studies, is jurisdiction. Recognizing the significant discrepancy in levels of data protection available across different jurisdictions internationally, individuals would reasonably expect to know whether their biosamples and personal data will be disclosed beyond Canada's borders and if so, where. Unless this possibility was clearly explained and specified at the time of initial, broad consent, re-contact would be necessary to renew consent based on this new information. In such cases, informed consent must be predicated upon reasonable assurance that a comparable level of data protection can be provided by virtue of the laws of that other jurisdiction or by way of contractual arrangement or data sharing agreement between the biobank and the international researcher in question. In any event, by Canadian standards at least, ultimate accountability for informational risks would continue to reside with the biobank.

From a data protection perspective, although specific details of individual research projects may not be available at the time of initial consent, they must be made available as soon as practicable thereafter. This may be done through a variety of means including a public website or registry listing details of all of the research projects which make use of the biobank as these become known; a shared information network among biobank participants that can provide this information; published materials about the studies can be provided to participants each time they are re-contacted as part of the ongoing data collection process; and/or by way of a 1-800 toll-free number that individuals could call to seek out this information and have it sent to them upon request.

e. The Terms of Engagement

From a data protection perspective, individuals would reasonably expect to know the terms and conditions of their engagement when they agree to participate in a biobank. This includes clear understanding of what will happen if they change their mind? What, if anything, could they expect to get out of participation? And who, other than themselves, are they engaging in the process?

A hallmark feature of informed consent is the correlative right of individuals to withdraw their consent at anytime. However, to be meaningful, individuals must be informed of the opportunities to withdraw consent and these opportunities must be real and practicable. For example, a clear contact number or email address should be provided to participants and regularly updated; the process for withdrawal should be simple, non-cumbersome and at zero cost. In the context of a longitudinal cohort, each recurring contact (which is already built into the research design for ongoing data collection purposes) allows researchers to check in with participants on a regular basis, provide them with a chance to ask questions or raise concerns, and afford them an ongoing opportunity to confirm, or at least affirm, consent.

Moreover, there must be clear and common understanding of what "withdrawal" means and what the available options are. Does withdrawal mean that researchers will stop contacting them and cease all further data collection, but still continue to use and link data previously collected? Or does it mean that researchers will make no further use of the individual's existing data? Will individuals' personal data and/or biosamples be anonymized or altogether destroyed? What about withdrawal of their data from already analyzed and/or completed research findings? Expectations about what withdrawal entails must be clearly managed at the outset, particularly where practicalities would prevent researchers from meeting them (e.g. biosamples once anonymized cannot be practicably identified for removal or destruction; certain data in the biobank may be required to be kept by sponsors or oversight bodies for verification and audit purposes; personal data once aggregated, analyzed and pooled into published research findings may no longer be feasibly extricated, etc.)

Another significant term of engagement that a person would reasonably expect to have explained to them upon initial recruitment is what access, if any, could they have to research results about themselves? Are there certain physical or well-established clinical measures forming part of the data collection process that they could have access to, should they wish? What of incidental findings that researchers may come across in the course of research - would individuals want to know about those under exceptional circumstances? If so, is there an agreed-upon manner in which the results will be delivered to them - directly by the researcher or through their treating physician, and what are the implications for their insurability or employment prospects? If they do not wish to be informed of incidental findings, do they understand the implications of not knowing about potentially serious health conditions that might be preventable, treatable or otherwise have significant implications for family members or future reproductive decisions? What about research results that do not yet have any established clinical significance, utility or validity? Would individuals expect to have access to those, and if not, has that been made clear to them from the outset, or at least, has a decision-making framework and communication strategy been put in place to deal with these issues?

A further term of engagement, particularly important in the context of biobanks, is what impact individual participation will have on family members? Will individuals be asked to provide personal information about themselves as part of the data collection process which may also be revealing of family members? Will individuals be asked to provide names and contact information of family members and if so, for what purpose? Is it to assist the biobank to locate individuals and maintain contact with the longitudinal cohort? Or is it to make substitute decisions on behalf of individuals should they become incapacitated over time or die? Once again, these terms of engagement must be clarified from the outset and individuals should be encouraged to discuss their participation with family members.

IV. Conclusion

Throughout this paper, we have adopted a concept of privacy, strongly anchored in the right of autonomy, which recognizes the ability of individuals to determine for themselves when, how, and to what extent information about them is communicated to others.Footnote 22 Had we started from the premise that privacy is the right to be free from intrusion or be protected from harm, we may have come to different conclusions or perhaps similar ones but in a different way.Footnote 23

Privacy, as the right to control how information about oneself is shared with others, is entirely compatible with a specific informed consent model whereby individuals are re-contacted on a case-by-case basis and afforded with the opportunity to decide whether or not to allow data access to researchers depending on the details of each individual study. Privacy conceived in this same way, however, would not necessarily be incompatible with a broad consent model either, within certain parameters. Inherent in the right of control is the option of choosing to assume an acceptable and agreed-upon threshold of uncertainty, based on meaningful disclosure of the informational risks that a person would reasonably expect to know about and consider to be appropriate in the circumstances.

To meet these minimal disclosure requirements in the context of prospective, longitudinal cohorts, broad consent must necessarily be a layered and ongoing process -- particularly where there exist built-in opportunities for periodically re-contacting individuals as part of the ongoing data collection process. In this way, individuals could be kept meaningfully apprised of changes in risk thresholds or be made aware of new risks unknown at the time of enrollment. This affords them with the ongoing opportunity to assess for themselves whether they still accept and agree to these new thresholds. Recognizing the inherent complexity of the informational risks involved and the significant challenges associated with explaining risk thresholds in such a way that participants can understand them, is no reason for researchers to dispense with the requirement. Guided by principles transparency and accountability, a respect for persons, and a deep commitment to public trust, researchers will find creative ways.

Is broad consent an idea whose time has come? The ethical, legal and social lens which has conventionally been trained on protecting individuals from the physical risks associated with medical research - namely clinical research- must be refocused to acknowledge the significant informational risks at stake in the context of biobank research. From a data protection perspective, disclosure of informational risks in biobank research, while no less critical a requirement for meaningful consent, is qualitatively focused on different things. Informational risks in this context are not necessarily specific in nature, but better characterized in terms of risk thresholds. We have suggested five classes of minimal disclosure requirements relating to informational risks a person would reasonably want to know about before agreeing to provide broad consent to participate in a longitudinal cohort biobank-- particularly given the sensitivity of the data and the long-term, uncertain nature of the endeavor.

References

Date modified: