PRIVACY + SECURITY BLOG

News, Developments, and Insights

Privacy of Genetic Information

Richard Epstein has posted a reply continuing our debate over whether employers should be able to use genetic testing information to make employment decisions regarding employees. Here are the posts in our debate so far:

1. Solove, IBM vs. NBA: Using Employee Genetic Information

2. Epstein, Two Cheers for Genetic Testing

3. Solove, A Reply to Richard Epstein on Genetic Testing

4. Epstein, A Third Cheer for Genetic Testing

Epstein’s latest reply, A Third Cheer for Genetic Testing, slips in another cheer for genetic testing. He asserts that my argument that genetic information only reveals propensities, not the presence of certain conditions, actually cuts in favor of employers using genetic information:

That information should not make the employer instantly hand out a pink slip. It is one factor among many to be taken into the overall assessment. The insurance could be supplied, but in exchange for an additional premium that reflects that additional risk. Or the health insurance could be supplied subject to an exclusion for the risky condition. Judgments like that are made all the time in the insurance business, and there is no reason why they cannot be made with the processing of genetic information.

Epstein is certainly correct that genetic information is helpful in assessing risk, and he is right that employers need not just fire or refuse to hire people with genetic predispositions. But there are larger normative issue at stake: What risks ought people to bear? Who ought to bear these risks? How ought these risk to be distributed throughout society?

With insurance, there’s the issue of how equal a risk distribution one wants to achieve. We could have health insurance, for example, that is prohibited from charging people extra based on pre-existing conditions. In other words, we all bear the cost of health insurance equally. Another model is for those who are more at risk to pay higher premiums and those who are less at risk to pay lower premiums. I generally support insurance that is more equal – even if that means I pay more. The primary benefit of insurance, I believe, is to spread risk throughout society so as to eliminate certain contingencies in life. Society as a whole absorbs these losses, rather than particular individuals. Unfortunately, insurance only partially functions in this way today.

Epstein also takes issue with my arguments about countervailing values such as freedom and autonomy as well as privacy. He argues that employers have freedom too:

There is nothing in the ideal of personal freedom or autonomy that requires one individual to offer a subsidy for the health care of a second. . . . Solove’s revised notion of autonomy and freedom, but only for some, means additional duties imposed others. Yet no justification for that imposition on employers is given.

Everything in life involves a tug-of-war between freedom and duties. Tort law, for example, imposes duties on everybody’s conduct, and thus limits everybody’s freedom. The law routinely limits the freedom of some to promote the freedom of others. That said, Epstein makes a fair point in demanding a justification for why employee freedom should trump employer freedom with regard to genetic testing. I believe that employers already stand in an incredibly powerful position vis-à-vis employees. Employers have a vastly greater ability to limit employee freedom than vice versa. The law recognizes the profound power of employers and will often try to equalize the employment relationship, such as through laws regulating sexual harassment and workplace safety.

Epstein challenges my argument about privacy as a countervailing value:

The appeal to privacy is subject to similar limitations. No doubt privacy covers the case where individuals want to snoop into the private lives of others. But here the deal is quite simple: either you waive your right to privacy or you will not receive a job from me. People waive their liberties when they agree to work for another individual. They can, if they choose, waive their privacy rights as well.

People indeed are forced by employers to waive many rights, but to say this still leaves open the question of whether the law should allow employers to force people to waive particular rights. We could allow people to sell themselves into slavery; we could allow employers to force people to consent to sexual harassment or to ultra-dangerous workplace conditions. But we impose limits on what employers may reasonably require an employee to consent to.

Genetic testing should be one of those limits. Employers should not be privy to everything in a person’s life, even things that are relevant for the job. For genetic information, there’s a social value in preventing people from being disadvantaged for reasons beyond their free will.

One of the greatest advances of civilization, in my opinion, is the attempt to help ameliorate the horrible contingencies nature and chance create: hurricanes, earthquakes, diseases, accidents, pestilence, fire, and countless other calamities. Without protection against these catastrophes, life becomes all the more precarious. A person’s entire life’s labor and toil can suddenly be wiped out in a stroke of bad luck. Fortunately, we’ve found ways to eliminate these contingencies. We spread and redistribute risk. We protect those who have suffered bad luck. And in return, we can live life with at least some measure of protection from the vagaries of chance and the harshness of nature.

I believe that such a system is much more preferable than one that places the risk on the lone individual, who, through no fault of her own, finds herself dealt a bunch of “bad” genes. So we could say “tough luck” to the person who has “bad” genes or “tough luck” to the employer who hires that person. I’d rather have the employer bear that burden. Employers generally have more power and options to absorb the loss and to figure out how to insure against and ameliorate the risk.

Originally posted at Concurring Opinions

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.

Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum and International Privacy + Security Forum, annual events designed for seasoned professionals.

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
*
LinkedIn Influencer blog
*
Twitter
*
Newsletter

TeachPrivacy Ad Privacy Training Security Training 01