TILT seminar Prof. Leslie P. Francis

Leslie P. Francis, Ph.D., J.D., holds joint appointments as Alfred C. Emery professor of law and professor of philosophy, and adjunct appointments in Family and Preventive Medicine (in the Division of Public Health), Internal Medicine (in the Division of Medical Ethics), and Political Science, at the University of Utah. She was appointed to the rank of Distinguished Professor in 2009 and became director of the University of Utah Center for Law and Biomedical Sciences in 2015. Professor Francis was President of the Pacific Division of the American Philosophical Association in 2015-2016. From 2015-2019 she served as the elected Secretary-General of the International Society for Philosophy of Law and Social Philosophy.  She is a past member of the Ethics Committee of the American Society for Reproductive Medicine, and past co-chair of the Privacy, Confidentiality, and Security Subcommittee of the National Committee on Vital and Health Statistics, where she currently serves as a member of the Working Group on Data Access and Use. Professor Francis also has been a member of the Medicare Coverage Advisory Committee and of the American Bar Association's Commission on Law and Aging.

Professor Francis's books include The Patient as Victim and Vector: Ethics and Infectious Disease (co-authored with Battin, Jacobson, & Smith; Oxford University Press 2010) and Privacy: What Everyone Needs to Know (co-authored with John Francis; Oxford, 2017). She edited the Oxford Handbook of Reproductive Ethics (Oxford University Press, January 2017) and is the author of many papers in the areas of disability law and ethics, privacy and data use, justice, and bioethics.  Her current book in progress is States of Health: Federalism and Bioethics (under contract with Oxford, mss to be submitted in fall 2020).

The Perils of De-identified Data: It’s data use, not de-identification, that matters

Privacy laws typically draw a firm line between identifiable personal information and de-identified data.  The GDPR, for example, applies to “personal data,” defined as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person…”. In the United States, the common rule governing research with human subjects applies only to research involving interactions with living subjects or the use of identifiable private information; the US health privacy rule applies only to individually identifiable health information.  Whether this line between identifiable and de-identified information can be maintained has been the subject of considerable controversy.  It has been argued that some types of information (such as radiologic images or genetic data) cannot be de-identified and that when sufficiently rich data sets are combined re-identification attacks can succeed.  In this talk, I will raise a different set of concerns about uses of de-identified data.  Uses of successfully de-identified data, I contend, can pose significant issues for individual integrity and social justice.

Attached is a copy of the paper that will be used as a basis for the presentation.