A PRIVATE COMPANY called Genomics Medicine Ireland (GMI) has an ambitious plan to collect the genetic code of a significant portion of the Irish public.

To start with, let’s deal with the science bit. As I’m not a scientist, let’s hear what Orla Hardiman, professor of neurology at Trinity College and David McConnell, a fellow emeritus in genetics, had to say about this in an opinion piece for the Irish Times last year.



Clinicians are being contracted and asked to obtain consent from their patients to transfer clinical information to GMI, along with a tissue sample for WGS. We understand GMI will pay for the additional hospital clinical costs required for the project. It will obtain the full genetic code for each patient (WGS), and it will analyse all the data. For the most part (with notable exceptions in some paediatric cases) there is minimal tangible benefit to the patient who participates in this programme.

The State has pumped approximately €73.5 million into GMI, as a commercial investment via the Irish Strategic Investment Fund (ISIF). This investment was made alongside Google’s Venture capital fund.

The beneficial ownership of the company is obscure but it has acknowledged it is a subsidiary of WuXi NEXTcode, part of the Chinese WuXi pharma group.

(Read more here on how you can support a major Noteworthy project delving into why a private rather than public initiative was funded to sequence Irish genomes.)

But the business plan is clear. Collect up 400,000-ish Irish genomes. Hold it as the private asset of the company. Take payment to let other companies access it.

This is a bad idea.

It is not just a bad implementation of a good intention.

It is the wrong policy altogether.

It will be an irreparable error to allow GMI to collect up this genetic data and hold it as a corporate, private asset, selling access to it for profit. If there is to be a research benefit from genetic data, it is critical that we do not allow the privatisation of the critical private data of individuals.

Senator Alice Mary Higgins was less convinced by the benefits of GMI when she said last summer that “some very concerning issues arose in regard to GMI in that it has been asking questions about where biobanks might be stored, indicating that the genetic data it is collecting would be shared first with pharmaceutical companies”.

No national framework

In the UK, the NHS established a special vehicle to collect and secure genomic data for the public good.

Our Government has simply abdicated its duty to set a national framework genomic policy. As Dr Ciara Staunton wrote recently “this investment has serious legal and ethical concerns that are likely to negatively impact genomic research in Ireland”.

So let’s look at some of those legal concerns.

To do that, we need to understand the personal experience of a patient who is asked to give consent to their genetic data to be given to GMI.

The issue of consent

We can do this pretty clearly because Digital Rights Ireland (DRI), whom I act for, obtained the paperwork submitted to Galway University Hospital’s Ethics Board to allow for data sharing with GMI. This included the information leaflet proposed to be given to patients to obtain a consent.

And, reassuringly, there was a special section in that information leaflet headed, in all caps ‘ARE THERE ANY RISKS INVOLVED IN PARTICIPATING’. Less reassuringly, the likelihood of re-identification is neither addressed nor referred to under this risk register section at all.

This is despite that Dan Crowley, while Acting CEO of GMI, confirmed that:

All participants are made aware in the Patient Information Leaflet (PIL) that we can never fully eliminate the risk of re-identification… In the case of rare disorders, we have specifically stated in the Patient Information Leaflet that, if a participant has unusual clinical symptoms, it could result in their identification.

Last May, our office wrote on behalf of DRI to the Clinical Research Ethics Committee pointing out the Patient Information leaflet they had approved did not have any specific statement highlighting the specific rare disorders risk, or what the consequence of re-identification could be (or the consequence for their family members).

Without these risks of participation detailed to patients, we did not believe that any consent gathered for sharing genetic data with GMI would meet the standard to demonstrate valid and informed consent under Article 7.1 of the GDPR.

We also highlighted that the leaflet did not inform patients of the identity of the data controller(s) in respect of their sensitive personal data, distractingly discussing the legally irrelevant question of ‘access’.

In a document endorsed by all of the EU’s data regulators (the Article 29 Working Party) it was confirmed “at least the following information is required for obtaining valid consent: (i) the controller’s identity”.

Similarly Recital 42 of the GDPR says “for consent to be informed the data subject should be aware at least of the identity of the controller”.

The proposed information leaflet didn’t even meet the ‘least’ requirement to allow for informed consent.

An irreversible error

Despite this, at the start of July, the Clinical Research Ethics Committee replied that it was not their responsibility “to ensure and monitor compliance with any relevant legislation in the country where the study is due to take place” and that “study sponsors Genomic Medicine Ireland state they are in compliance with the GDPR”. They said they saw “no reason to change our opinion on the study”.

Digital Rights Ireland was sufficiently concerned with this approach from the Galway University Hospital that our office was instructed to forward all of the documents and the correspondence to the Data Protection Commission last August, raising an official concern.

In early November, the Irish Data Protection Commission confirmed that it had commenced what it termed a “widespread compliance and supervision exercise into the processing of personal data by Genomics Medicine Ireland and its clinical research partners”.

This is just one project. There are many others where GMI have been urgently pressing the Department of Health to declare they don’t have to rely on valid consent.

Some policy errors are reversible. Some mistakes can be fixed later.

Letting the genetic code of a sizeable chunk of the Irish population fall into private hands to be used for profit, forever, isn’t one of the fixable kinds of mistakes.

Simon McGarr is a solicitor with litigation firm McGarr Solicitors and the Director of Data Compliance Europe.

SELLING OUR GENES Investigation

Do you want to know if the Government should be funding a private company to collect 400,000 Irish people’s DNA?

The Noteworthy team want to do an in-depth investigation into why a private rather than public initiative was funded to sequence Irish genomes and find out what is being done to protect Irish genomes and data privacy in terms of genetic material.

Here’s how to help support this proposal>