In May this year the BBC reported a that a young woman who had applied to join the British Army, had been rejected as medically unfit, apparently solely on the basis of a family history of a genetic variant that increases the risk of cancer (see BioNews 1241). This was surprising because Carys Holmes is a fit and healthy 17-year-old, who does not have cancer.
Since the original BBC coverage, the Army has reversed its decision, citing 'a process mistake', and offered Holmes a place. Much media commentary on this case has focused on whether the original decision was discriminatory. But is also worth looking at issues of data protection and privacy to explore whether the Army used information about Holmes' family history of cancer in unlawful or ethically unjustifiable ways.
Genetic cancer risk
The Army had obtained information from Holmes that her mother and late aunt had both been diagnosed with breast cancer and tested positive for a particular gene alteration, known as a 'BRCA1 variant'.
In women, this mutation is associated with a 65-85 percent chance of developing breast cancer during their lives (compared with a risk in the general population of 15 percent) as well as an elevated chance of developing ovarian cancer. Men with this mutation have elevated risks of prostate, breast, and pancreatic cancer. About one in 400 people carry the BRCA1 and the related BRCA2 variants. Not everyone carrying these variants will get cancer, and people can develop cancer without carrying them. Because Holmes' mother is a carrier, Holmes has a 50 percent chance of also being one. But she has not been tested for this variant. The BBC reported an NHS genetic counsellor as estimating that, if Holmes does carry this variant the chance of her developing cancer by the age of 30 is 1.9 percent.
Employers use of genetic data
Data protection in the UK is regulated under the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018, and overseen by the information watchdog, the Information Commissioner's Office (ICO). The ICO's 'Employment practices and data protection' guidance sets out what employers are permitted to do with workers' genetic data.
According to this guidance, employers cannot compel workers to undergo genetic testing or to reveal results from exiting tests. However, provided a test is reliable, and the worker voluntarily agrees to disclose the results, employers can use these results 'as a last resort' to ascertain whether the worker has 'a particular detectable genetic condition [that] is likely to pose a serious safety risk to others', or if the 'specific working environment or practice might pose a specific risk' to the worker.
What might this mean in Holmes' situation?
Clearly the Army was not yet Holmes' employer. However, it can ask applicants about their own and their family's medical history as part of meeting its health and safety responsibilities. The Army provides a list of examples of health conditions that could 'stop or delay' recruitment. Their examples include conditions such as epilepsy and heart disease, as well as common health problems such as asthma. BRCA-related cancers are not included, but the list is explicitly not exhaustive.
The most salient facts in Holmes' case, however, are that not only does she not have cancer, but also that neither she, nor the army, knows if she is a BRCA1 carrier. Even if she is, her chance of developing cancer in the next 17 years is 1.9 percent. And protective measures such as screening, lifestyle, preventative surgery, and timely treatment could all help to reduce the impact of cancer on her future health and her ability to be a safe and effective soldier.
While a potential 1.9 percent risk is understandably significant for potential BRCA carriers and their families, it is a strikingly tenuous basis for an employer to determine a health and safety risk, even given a demanding working environment like the Army. Moreover, the ICO guidance states that employers should not use results from predictive genetic testing to find out general information about a worker's future health, as this is both too intrusive and uncertain. There are several reasons, then, to think that the Army's original decision based on Holmes' unknown risk of a future disease of unknown severity and onset might not have complied with permissible uses of genetic test results.
Notably, the Army based their original decision on Holmes' family history, not her test results. So we might query whether the ICO guidance on genetic testing directly applies here. But, even if it does not, other data protection measures do.
Because of notorious ambiguities in the GDPR definition of genetic data, it is somewhat unclear whether inferences drawn from Holmes' mother's carrier status count as Holmes', or indeed her mother's, genetic data in law. But it would count as Holmes' health data. Due to their sensitivity, both genetic data and health data are categorised as 'special category data' under the GDPR. This means their use is prohibited unless particularly stringent conditions are met, including explicit consent and the strict necessity of using the data. If these conditions were not met, unlawful use of sensitive data cannot be ruled out.
Privacy
If the Army was found to have retained or used Holmes', or her mother's, genetic information in ways that were otherwise unlawful, or unnecessary and disproportionate to fulfilling its legitimate role in protecting national security, this could potentially have infringed their rights to respect for private life under Article 8 of the Human Rights Act 1998 (HRA).
Discrimination
The Equality Act 2010 does not include specific protections against genetic discrimination. However, sex is a protected characteristic. If it was found that the army was using family history of BRCA variants (or other genetic risk factors) only, or disproportionately, in decisions about recruitment of women, then this might constitute unlawful discrimination under the 2010 Act, and potentially under Article 14 of the HRA.
Wider ethical considerations
The army has defended its actions by denying that it had a policy of routinely rejecting people with BRCA1 variants. However, this seems to misunderstand the nature of discrimination and institutional bias. There does not need to be an explicit policy of excluding people with particular characteristics for an organisation's practices to constitute unjust discrimination.
Using genetic disease susceptibility data when making employment decisions also risks creating (dis)incentives that could work against people's fundamental interests. For example, discouraging them, and their relatives, from taking tests that could be critical to their health, or forcing them to confront genetic risks they, or their relatives, did not want to know.
Looking to the future
In many ways the GDRP and ICO guidance fail adequately to account for the quantities and significance of genetic information about us that comes from sources other than our own biological samples. This sits against a background of an explosion of genetic data from sources including direct-to-consumer testing, and concerted efforts to mainstream genomics in NHS care. This is not yet matched by an increase in skills among the healthcare workforce in interpreting what this complex information means; a deficit demonstrated perhaps by the Army's occupational physician's use of Holmes' data.
Invasive and distressing situations, like that experienced by Holmes, are only likely to increase in coming years, unless the law, ICO guidance, and professional practices in occupational health, better reflect both the shared nature of genetic information, and its complex and often uncertain significance.
Leave a Reply
You must be logged in to post a comment.