When a member of the PGP-10 and an investor in 23andMe writes about curating one's online, personal data, a lot of people listen. Unfortunately, Esther Dyson (writing in MIT's Technology Review) does not mention the decision to share medical information or how she plans to curate her own genomic data online. Dyson rightly notes that "current website 'privacy' policies don't suffice. They're full of abstractions, euphemisms, and generalities, such as, 'We may, at any point in time, provide certain Specified Information to selected Marketing Partners ... .'" She appears to favor a complex, itemized consent policy, one that would allow users to opt in or out of sharing specific categories of information (user name, address, credit history, etc.) with a list of potential users (advertisers and other companies).
Imagine a similar consent for medical records sharing. For example, could someone like Esther consent to share her genome with a 23andMe social network, but not with researchers in this network? Or, perhaps, Esther could chose to share some of her genomic information, but not all of it. Then, again, maybe Esther would be willing to share her prescription history with an academic researcher, but not with pharmaceutical companies. The options could go on and on, resulting in an increasing complex array of choices.
Esther Dyson is obviously a very sophisticated information agent, but (as the opportunity to share medical information online increases) will the average user and patient be prepared to make informed decisions about the risks and benefits of participating? - J.O.