The Doctoral School in Sciences and Engineering is happy to invite you to Xengie Cheng DOAN’s defence entitled
A framework for user-centered, legal-ethical collective consent models: genomic data sharing
Supervisor: Prof. Gabriele LENZINI
Sharing genomic data can be useful for personalized medicine, advancing research, or learning about genetic ancestry. However, there are also unintended and unexplored risks because genomic data can implicate identifiable collectives from genetic relatives (in the past and future) to genetic minorities (those sharing a rare disease or trait). Individual rights to consent are insufficient, and a collective consent process to inform collectives and individuals and safeguard their rights should be put into place. While collective consent has been mandated for Indigenous groups, the same process is not offered for other collectives. To study how to build a collective consent process, I used methods from computer science (requirements engineering), privacy (contextual integrity), HCI (user studies), and governance (European Union (EU) regulations, bioethics) to center both end-users and business users in a compliant, ethical collective consent framework. I analyzed the EU legal and ethical regulations and guidelines to characterize gray areas and conflicts regarding consent. Then, I assessed the status quo of leading direct-to-consumer genetic testing company policies combining well-established contextual integrity analyses with user-relevant governance terms and risk and benefit information. This analysis revealed that a majority of information about genetic data sharing was vague, confusing, and not framed in a useful way to the user, with no collective risks and benefits explained, which does not align with the EU General Data Protection Regulation (GDPR). Following this, I tested how well the contextual integrity methodologies could adapt to eliciting and validating policies for businesses to improve their documentation through mixed-method interviews. Employees revealed that the method would be useful for more specific, structured, and complete information flows for future audits and documentation, as well as helping employees write documentation and analyze the quality, which overall can increase communication between teams. In parallel, I also tested using Business Process Model and Notation (BPMN) modeling for consent processes, developing requirements, creating artefacts, and piloting a validation study with employee interviews. Participants reported that it offered a useful visual overview and helped to identify conflicts and analyze compliance processes. I then surveyed potential end-users to better understand their needs, goals, and desires for consent management in addition to their ranking of the most useful attention-grabbing elements of different mediums (video, infographic, comic, plain text, newsletter). Users revealed that they wanted quick, relevant, and understandable information to make a consent decision, which they preferred to be stored digitally on a centralized app or platform. Supporting the prioritization of information, elements like structure, step-by-step design, and readability were the most highly ranked individually, and present in the winning infographic medium. My work offers a framework upon which to build collective consent that offers increased transparency, user-centered consent management, and methods with real-world business applicability. Given the many unexplored challenges regarding collective consent for a general population, the specific gaps, methods, and user perceptions I have characterized could significantly advance our understanding of how to build collective consent to address existing needs.