A framework for user-centered, legal-ethical collective consent models: genomic data sharing

Sharing genomic data can be useful for personalized medicine, advancing research, or uncovering genetic ancestry. However, there are also unintended and unexplored risks because genomic data can implicate identifiable collectives from genetic relatives (in the past and future) to genetic minorities (those sharing a rare disease or trait). Individual rights to consent are insufficient, and a collective consent process to inform groups and individuals and safeguard their rights should be put into place. While collective consent has been mandated for Indigenous groups, the same process is not offered for other collectives. To study how to build a collective consent process, I used methods from computer science (requirements engineering), privacy (contextual integrity), HCI (user studies), and governance (European Union (EU) regulations and bioethics) to center both end-users and business users in a compliant, ethical collective consent framework. I analyzed the EU legal and ethical regulations and guidelines to characterize gray areas and conflicts regarding consent. Then, I assessed public privacy and consent policies of leading direct-to-consumer genetic testing companies -- combining well-established contextual integrity analyses with analysis of user-relevant governance terms and risk and benefit information. This analysis revealed that a majority of information about genetic data sharing was vague, confusing, and not framed in a useful way to the user, with no collective risks and benefits explained, which does not align with the EU General Data Protection Regulation (GDPR). Subsequently, I tested the adaptability of contextual integrity methodologies in eliciting and validating policies for businesses to improve their documentation through mixed-method interviews. Employees revealed that the method would be useful for more specific, structured, and complete information flows for future audits and documentation, as well as helping employees write documentation and analyze the quality, which overall can increase communication between teams. In parallel, I also tested using Business Process Model and Notation (BPMN) modeling for consent processes, developing requirements, creating artefacts, and piloting a validation study with employee interviews. Participants reported that it offered a useful visual overview and helped to identify conflicts and analyze compliance processes. I then surveyed and asked potential end-users to rank the most useful and engaging features of different mediums (video, infographic, comic, plain text, newsletter) to better understand their needs, goals, and desires for consent management and their ranking of attention-grabbing elements. Users revealed that they wanted quick, relevant, and understandable information to make a consent decision, which they preferred to be stored digitally on a centralized app or platform. Supporting the prioritization of information, elements like structure, step-by-step design, and readability were the most highly ranked individually, and present in the winning infographic medium. My work offers a framework to build collective consent through increased transparency, user-centered consent management, and methods with real-world business applicability. Given the many unexplored challenges regarding collective consent for a general population, the specific gaps, methods, and user perceptions I have characterized could significantly advance our understanding of how to build collective consent to address existing needs.