24 February 2022

Workplace Genomics

Voluntary workplace genomic testing: wellness benefit or Pandora’s box?' by Kunal Sanghavi, Betty Cohn, Anya E. R. Prince, W. Gregory Feero, Kerry A. Ryan, Kayte Spector-Bagdady Wendy R. Uhlmann, Charles Lee, J. Scott Roberts and Debra J. H. Mathews in (2022) 7(5) npj Genomic Medicine comments 

Consumer interest in genetic and genomic testing is growing rapidly, with more than 26 million Americans having purchased direct-to-consumer genetic testing services. Capitalizing on the increasing comfort of consumers with genetic testing outside the clinical environment, commercial vendors are expanding their customer base by marketing genetic and genomic testing services, including testing for pharmacogenomic and pathogenic variants, to employers for inclusion in workplace wellness programs. We describe the appeal of voluntary workplace genomic testing (wGT) to employers and employees, how the ethical, legal, and social implications literature has approached the issue of genetic testing in the workplace in the past, and outline the relevant legal landscape. Given that we are in the early stages of development of the wGT market, now is the time to identify the critical interests and concerns of employees and employers, so that governance can develop and evolve along with the wGT market, rather than behind it, and be based on data, rather than speculative hopes and fears. 

22 February 2022

Australian IoT

'Consumer IoT and its under-regulation: Findings from an Australian study' by Diarmaid Harkin, Monique Mann and Ian Warren in (2022) Policy & Internet comments 

The expansive growth of consumer internet of things (IoT) has created a range of concerns around privacy, security, and their broader societal impacts. This article reports on findings from interviews with 32 key stakeholders from the fields of information security, policy and regulation, the IoT industry, consumer and privacy law, and academia in Australia. It details a broad variety of issues and concerns that go beyond the well-recognised issue of privacy or the technical standards of information security, to encompass a wider set of issues regarding the implications for vulnerable communities, the environment and industrial standards of IoT production. Most key stakeholders expressed the view that more robust regulation is required in Australia, but no clear regulatory priority or strategy was identified by our sample. The implications of these findings for further regulation of consumer IoT and future regulatory strategies are considered.

The authors argue 

The growth in popularity of consumer internet of things (IoT) devices for home use continues to advance globally. Available estimates suggest that 854 million units of ‘smart home devices’ were shipped worldwide in 2020 (IDC cited in Business Wire, 2020), and most projections indicate further expansion in the foreseeable future (e.g., Data Bridge Market Research, 2020; Mordor Intelligence, 2020; Report Crux Market Research, 2020). Consumer IoT is on the rise with more households having more devices and a flourishing industry is placing internet-connected features into a wider variety of everyday domestic goods. 

Consumer IoT is becoming entrenched in the community along three dimensions. First, there is an increasing breadth of the user-base with more individuals and groups encountering or deploying consumer IoT devices (Rainie & Anderson, 2017). Second, the volume and types of data collected by consumer IoTs are expanding and creating deepening ‘data-troves’ on personal activity (Ranger, 2020). Third, IoTs are used in a diversifying set of circumstances for an increasing array of functions such as assistance with home health, particularly for people with disability or the aged (Domingo, 2012; Metcalf et al., 2016). This creates numerous and increasing possibilities for IoT to provide valuable services for those in need, but also creates a range of potentially damaging impacts, unexpected harms, and a variety of legal, ethical and regulatory dilemmas around the questions of security, privacy and consent. 

This paper explores some of the issues created by the rapid growth of consumer IoT and their perceived under-regulation in the Australian context. While there is a commentary about the threats posed by the growth of IoT from scholars (e.g., Manwaring, 2017a), civil society groups (McSherry, 2015) and cyber-security professionals (see e.g., Herold, 2015), this paper adds to these debates by comprehensively mapping a broad range of perspectives about consumer IoT. By documenting empirical data from in-depth interviews with 32 key stakeholders and subject-matter experts in Australia, it will be shown that: (a) there are significant concerns about the growth and proliferation of consumer IoT; (b) these concerns focus on a multitude of issues that range from worries about the cyber-security of IoT devices to their impacts upon the environment; (c) many feel that consumer IoT is under-regulated in a way that is likely to lead to ongoing and foreseeable negative impacts; but (d) there is no clear consensus on how to regulate, what to regulate or the regulatory priorities. 

It will thus be shown that consumer IoT presents a unique confluence of issues that create a knot of regulatory problems. To demonstrate this argument, the paper will proceed over five parts. First, a brief overview of the current regulatory context for consumer IoT in Australia is provided, describing the environment that many experts regard as ‘under-regulated’. Second, the methods of this study are outlined describing how the interviews were conducted and with whom. Third, the key findings from the interviews are presented around the core concerns of the rapid growth in consumer IoT and the issues this presents for consumers, in addition to the broader impacts on areas such as the environment. This includes a discussion of how the majority of interview participants argued that consumer IoTs are, at present, under-regulated in Australia, but also expressed no clear unanimity of what the regulatory priorities should be. Finally, the implications of these findings for future regulatory efforts in Australia are unpacked.

21 February 2022

Prediction

'Predictions and Privacy: Should There Be Rules About Using Personal Data to Forecast the Future?' by Hideyuki Matsumi in (2018) 48 Cumberland Law Review 149 comments 

Companies now regularly use data to infer all kinds of information about people. These inferences have real consequences for peoples’ lives, yet data privacy law lacks a principled viewpoint to distinguish and discuss the different characteristics and risks of various types of predictions. Whether it is called profiling, inferences drawn, or predictive analytics, privacy and data protection law typically treats all types of predictions equally. As a result, the law fails to appreciate and address the different risks associated with each. This Article provides an analytical framework that will help lawmakers distinguish between the different types of predictions. Specifically, it categorizes predictions along certainty lines. Present predictions are vested. These are guesses about past or present facts, like whether you are married, and the data subject knows or has reasonable means to know whether or not they are true or accurate. Because they are vested, people can dispute inaccurate present predictions. The other type of prediction forecasts an unvested future, like whether you will get divorced within two years. Unlike present predictions, people cannot confront the accuracy of future forecasting because it hasn’t happened yet. Data protection regimes often give data subjects have the right to correct inaccurate information, but how can one say a prediction about the future is inaccurate? 

This article concludes that lawmakers should better distinguish between predictions that have already vested and those that have not. Doing so would help lawmakers determine when substantive accuracy should be demanded and when it is impossible. When information has not yet vested, important legal remedies like the right of correction are less effective and a turn to procedural accuracy might be required to fill the gap. But when information can be ascertained as accurate, lawmakers should be less content to reply upon pure proceduralism, preferring substantive accuracy where reasonable. Future forecasting is fundamentally distinct and more dangerous than predictions about present, vested information, because data subjects are less capable to confronting automated forecasting about people’s future behavior. Meanwhile, companies are content to reply upon procedural protections even when forecasting on a speculative future can adversely affect people and communities. With a better analytical framework based around degree of certainly, lawmakers, courts, and scholars can discern and discuss the risks associate with various types of prediction in a more precise way and address the unique challenges raised by future forecasting.