2022 Future of Global Governance Series

Proceedings for Panel Discussion on Health Policy, Research Infrastructure, and Health for All

by the Center for Global Agenda (CGA) at Unbuilt Labs at the UN General Assembly Science Summit

29 September, 2022

Abstract

We are delighted to welcome an esteemed panel to discusses topics including (1) data privacy, (2) engagement with civil society, and (3) the future of clinical research.

Excerpts

Excerpts have been edited for clarity.

Steve MacFeely (Director of Data and Analytics, World Health Organizations (WHO))[1]

SM: I am coming to you from Paris. In fact, I am just leaving a meeting at UNESCO, where we are talking about these very issues. From a World Health Organization perspective (WHO), obviously, we deal with a lot of sensitive information. As official statisticians, our job is to ensure that we do not breach confidentiality either inadvertently or deliberately obviously. Health data is particularly sensitive. As an example, AIDS or hepatitis in some countries may be taken as an indicator of sexual preference, and that in itself then may be illegal. So we have to be really, really careful around the use and the access to data.

SM: But more globally, then, the WHO is part of the UN system. I just had a meeting today where we are discussing a forthcoming Summit in 2024 called the Summit of the Future. A large measure of that Summit will deal with data issues and in particular, data governance. The issue of privacy as a whole, the human rights aspects of data – in fact, whether even access to your own data should become a human right. These are all types of issues that we are discussing, and trying to balance data privacy without restricting the opportunities that data presents. You read out that piece from my submission where I said: data can be a tool, but it can also be dangerous. That is where we are trying to strike a balance between the two - we do not want to limit opportunities that data can provide, but we want to restrict or try and mitigate against the worst misuses and abuses of data, and try to protect individuals and communities.

SM: It is a great question – effective ways to engage with civil society, and I wish I had a good answer. It is the thing that is actually keeping us awake at night. As we sit there discussing at the UN different kinds of data governance models, the kind of realization is that the traditional UN model was to engage with member states. But when we are talking about data governance, discussing with member states alone is not going to cut it. So we need to engage with private sector, which is challenging because that itself is the homogeneous group or a heterogeneous group. But the biggest challenge is how do we engage with civil society, how do we engage with the individuals? Because every individual is being impacted by the development from the data world. And it is a real challenge because the UN is not really geared up to communicating with individuals. It is really designed to communicate with governments. And this is a big challenge.

SM: So here we are on one hand discussing data governance kind of in the abstract, trying to formulate good policies. But when we go to do the consultation piece, how do we do it? We can organize regional sessions and that will be important because there will be different cultural views. And I could spend a lifetime just talking about what Rachele had said a few minutes ago, because I think that was really interesting. But that is still not enough. We are looking at online options, we are looking at all sorts of things. But honestly, I do not know. This is the big challenge. How do you communicate effectively with 8 billion people, a billion of whom at least do not even have a legal identity. And how do we talk to them about having an identity and having data? Because that is the reality that we face.

SM: Now, we all have multiple identities. We do not even know how many we have. Like as a thought experiment, could you imagine if you woke up tomorrow morning and all of the databases for your data exist were just white? It would be a great book. So you wake up in the morning, nothing works. So here I am. I physically exist, but in every other sense of the word, I would not exist anymore. So this is what we are trying to grapple with. What I would do is I turn around the question to the rest of the panel and say, if anybody's got any good ideas, I would love to hear them because this is the piece that is really worrying us. How do we have this discussion with 8 billion people? Not a very satisfactory answer, I know, but thank you.

Ivy Kwan Arce (Board Member, Treatment Action Group (TAG); Research in Action Award (RIAA) Honoree)[2]

IKA: I am interested in the equality of access to data. Data is really important, but I think about the impact of what we consider data protection here, and the impact of what that does in different countries as well. What makes you vulnerable when you are a commodity of information? Data can help solve a lot of issues, but then that same commodity can put you in danger as well. So those are the kind of concerns as active as humans, especially when you are tasked with a certain issue, whether it is a virus in your body or mobilizing community. What does that look like when data is important? Is the only place in clinical trials? You have to have some kind of infrastructure where the person whose data is being extracted has an understanding that it is happening and is able to establish some kind of boundary.

IKA: One of the things that would be interesting to work through in the future is who are the governors, who are the good people, who is really guarding data privacy? For example, you are genetically testing your heritage. The transfer and acquisition of data and business is something nobody really monitors. So you think it was Facebook, or you are trying to find your heritage, that is one company, in a couple of years, the data gets sold, and it is the same way when we update our phone, we have to say yes, otherwise we cannot really go to the next phase. So it really does not give any sense of ownership of your own data, and the processes in place are so easily bypassed. That is also bypassed by certain governors of elections in different countries – every four years especially in the US, things can change. Whatever the understanding was four years ago may not hold today. Other countries have more longevity in terms of building things and fixing things, but I think the future, especially when we have the younger generations born into culture where accepting the terms and conditions is mandatory – I mean, even the whole exchange of Apple now saying on their website, do you really want to share this or go under and personalize that? Most people do not do that. It is written in a way that you just say yes. So the governance of data - who you think is good or who dictates the terms are the safekeepers. It is a huge issue that needs to be defined.

IKA: What I found interesting was to watch Covid play out after being HIV positive for 32 years. For most diseases where clinical trials happen, most communities do not know who the participants are, versus in HIV. We adamantly shape those clinical trials and force the government to be part of that planning with us rather than just having pharmaceutical companies draw out their goals. We drew our goals and we summon each other to come to participate in that. We summon ourselves to know when side effects were too much and changed the safety program. Covid has a little of that history mixed in because some of the people working on that have also worked on HIV challenges. Unless you have active participation from communities, clinical research can be very disassociated. It goes back to bigger companies taking whatever, determining the product, designing the clinical trial and their outcomes, without the participation of patients, individuals, and communities. That is the part that for me has been really hard – to stay in community and to tell the story – that one needs to participate in, even with short a four-year timeframe in this country, if you do not have that, you really lose the little control that you have as a consumer and as somebody that could even be on a path for health recovery.

IKA: The only way I have seen civil society engagement work is when the higher ups and the people on the ground participate. Either end of this balance has never shown to work. Many models where patients are included takes time when you are talking to people. The people on the ground need the space and that time to learn to be able to be at that table and then you have to create the table for them to come to you. That is the reflection from HIV especially here in New York. At one point the people living with the challenges of HIV do not have to navigate their daily lives with all this heavy policy of how you are supposed to behave in a workspace. The person that is dealing with the illness needs the right tools from very specific education. When we say be educated, education has to be very, very specific – you have to be very militant about learning and exploring challenges in order to participate. Without that, it just looks like what always seems very separate – a separate project that does not consider the person or their conditions. These methods are old science already. We are at a time when medications are personalized. Therefore, policy people and researchers can only function more efficiently when patients are educated enough to participate in and help shape those clinical trials. And that time and time has been the success of HIV treatment. You can see it in different parts of population globally: when they are in environments where the patient is educated enough, that becomes incredibly valuable to policy makers and researchers. That is when clinical research works best. Thank you.

Shady El Damaty, Ph.D. (President, Opsci; Co-Founder, Holonym)[3]

SED: I just wanted to chime in a little bit because actually a lot of what I do has to do with cryptography and identity. Self-sovereign identity is a key cornerstone for how we think of intellectual ownership as well as patient and data privacy. I think if you work meaningfully with data, trying to transform it or use it to make decisions or analyze it, you end up finding that provenance is really important. If you follow the branches of providence: the history of data to its roots, it always goes down to an identity. There always has to be an identity that commits that data, that transforms that data, that signs off that data. So data and identity seem, at least in my mind, completely intertwined and very difficult to dissociate if you are trying to build resilient systems that are private and self-owned.

SED: This conversation also really reminds me of the UN's convention on the Rights of the Child. I am sure you all have more expertise and knowledge regarding that, but a key provision is that the granting of every living person with the most basic right, the right to have an identity. I think this naturally extends to data. Typically, these identities will include data such as your name, date of birth, nationality, or maybe a Social Security Number or something that is issued by the state. This is a very kind of patriarchal way of thinking about systems, where you have this granting of your identity and attestation of your identity. Anyway, I am just going to wrap up there. But I do want to put something on your radars called zero knowledge proof systems. 

Rachele Hendricks-Sturrup, DHSc, MSc, MA (Research Director, Real World Evidence, Duke-Margolis Center for Health Policy)[4]

RHS: My name is Dr. Rachele Hendrick Sturrup, the Research Director of Real World Evidence at the Duke-Margolis Center for Health Policy in Washington, DC. I am really happy to talk about data privacy within the context of real world data and also the broader context of big data, which many argue is quite different. Real world data is largely applied to the regulatory context. So thinking about the U.S. Food and Drug Administration (FDA), the European Medicines Agency, Health Canada, and others that oversee or regulate medical products. They consider data from a variety of different sources, whether it is from a healthcare system, Fitbit Watch, the internet, social media, your email, whatever that might be. Those fall under the bucket of our definition of real world data. Big data – data that is outside of the regulatory context, has additional real world and broader implications.

RHS: Given that data comes from a variety of sources, it may or may not be deidentified or identifiable. And given that the data can travel at the speed of light across oceans and across time zones within seconds, the data can be transferred to different legal jurisdictions. As an example, we can think about the United States and the state of our privacy policy landscape, and then comparing that to say the European landscape, which many argue is a bit more robust and protective over data privacy and discretion. As we think about privacy, there are a lot of implications here. There are many different levels. We can think about protecting the discretion of the data itself, protecting the system in which the data is collected or exchanged, and then also thinking about the ways in which the data can be engineered or re-engineered to obscure the identities of the data subjects.

RHS: When we think about identity, going back to my comment about levels, I think two key layers to this, at least within the human experience and this context – we have the right to be individuals and a right to have that identity. With that comes ideals around individualism. There are community level considerations that certainly have privacy implications as well, such as protecting the identity of a community, such that the community has sovereign rights as an identifiable and self-identifying community. The privacy of that community and the discretion of their data should therefore be acknowledged within the broader policy context. But then, to Ivy's point about commoditizing data, whether it is data about an individual or data about a population or a subpopulation, we also have to think about what was the basis for creating identity. Ultimately it boils down to the fact that identity was a way of creating order within a system. With that order came the ability to protect assets within that system. It is arguably paternalistic, but at the end of the day, there is a financial or asset management component to that. We see that with companies as well. To Ivy's point, whereas a company like direct-to-consumer genetic testing company cannot acquire an individual's genetic data in exchange for a genetic profile about that person. So really appealing to that person's desire to be understood as an individual. They have commoditized that. Separately, they have figured out a way to also use the data that they acquire to not only conduct generalizable research, but then also engage in further commoditizing of the data to serve a financial purpose. A financial purpose that is solely owned by that company's or solely within that company's interest. That data can be used to create new drugs, it can be sold to drug companies. Those are just two examples.

RHS: I think what Steve just highlighted is that we live in this grey area of identity in the 21st century. We obviously have our physical identity, whether it is legal or illegal, and we also have a digital identity. Quite frankly, not having a digital identity these days as an adult is very dangerous. In fact, you can quickly fall behind. There are some people who might disagree with that in one way or another, but the fact of the matter is that today, in order to navigate our world and its complexities, and in order to navigate day to day living, you have to have some form of digital identity, whether it is minuscule or maximum. And then obviously, again, with that comes this huge grey area that one has to choose to live in on a certain spectrum. That is certainly up to the individual. It is certainly not up to them if they are born somewhere where having a digital identity is mandatory. That introduces an entirely different level of human rights that we have to consider. We are still in the process of disentangling all of that, especially from a policy standpoint, and then also trying to build in some of the cultural aspects that accompany one sense of identity as well. Trying to reconcile digital identity with community identity or individual identity. There are some cultural contentions even within that. In some places, having an individual or having an individualistic, I would say, perspective of oneself is not quite welcome, whereas it is the community's identity that you need to be more concerned about. So we have not even figured it out as human beings, but now we have added in the 21st century, again, another layer to understanding what identity means by creating a digital world that we must live in in order to survive.

[1] Steve MacFeely was a co-lead on the Data Strategy of the Secretary-General for Action by Everyone, Everywhere 2020 – 2022, and a lead author of the 2020 System-wide Roadmap for Innovating UN Data and Statistics. He has also recently authored the article “Towards an International Data Governance Framework”. Steve submitted a statement to the Center for Global Agenda (CGA) at Unbuilt Labs ahead of the panel discussion, this has been included in Section 5.2.8.

[2] Ivy Kwan Arce was featured at the recent Whitney Biennale: “Activism for Global Pandemic Equity”, she was also recently interviewed by the National Aids Memorial: “Ivy Kwan Arce -Women and AIDS - Surviving Voices”.

[3] Shady El Damaty, Ph.D. contributed as a member of the audience

[4] Rachele Hendricks-Sturrup, DHSc, Msc, MA was a co-author of FDA User Fee Reauthorization and the Value of Real-World Evidence, as well as a moderator and presenter at the 2022 Duke-Margolis Convening on the State of Real-World Evidence Policy.