Are differential privacy approaches to health data sharing legal?
June 8, 2020
Crypt4GH and the Law
Genomic data is inherently identifying and can reveal sensitive information about the health of individuals. Broad access, use and exchange of genomic data, however, is vital to progress in understanding etiologies of human disease. There is need therefore to ensure genomic data from individuals are kept secure, while simultaneously making it readily accessible for research. Crypt4GH, a container format developed at the European Bioinformatics Institute prevents unintended disclosure of sensitive information by storing genomic data in an encrypted state at all times. Genomic analysis tools or libraries can directly access the data from anywhere in the world in the same way as unencrypted files, and with no changes to existing workflows. While Crypt4GH affords data confidentiality, integrity and authentication from technical standpoints, its compliance with European and American data protection regulations has not been formally assessed. Without such assessment, it is unclear whether Crypt4GH can legally be used to support scientific collaboration via secure data exchange between these two leading jurisdictions for genomic research. My proposed Life Science Exchange grant will contribute this comparative regulation scholarship. It will also provide new methodological training in modern cryptography and tool development to strengthen a growing collaboration between EMBL-EBI and the Stanford Center for Biomedical Ethics in genomic data security research.