Why Australia should quickly improve its legal framework for Whole Genome Sequencing of foodborne diseases and food pathogens
By Joe Lederman
(FoodLegal Co-Principal) and John Thisgaard (FoodLegal Senior Associate)
© Lawmedia Pty
Ltd, November 2020
Whole Genome
Sequencing (WGS) is a major opportunity for Australia to implement a
comprehensive best-practice system for food pathogen surveillance using WGS
technologies. Australia has potential to become a world leader in tracking
foodborne pathogens and diseases across food supply chains domestically and
internationally. This article identifies the regulatory impediments and
inconsistencies relating to the collection and sharing of WGS data in Australia
or for Australians, including privacy law issues. This article identifies the
issues and solutions that could give Australia a leading edge if improvements
were to be expedited.
What is WGS?
The best WGS
technology allows a relatively quick and cheap way to extract the complete DNA
sequence of the genome of an organism in a single instant. WGS technology has rapidly
emerged during the COVID-19 pandemic as a significant contact-tracing tool for
helping track down the source of each infection breakout. Its usefulness has
demonstrated and proven the potential for also being able to trace pathogens
that coexist with foods and which can be the source of foodborne illness
outbreaks. In food supply chains, it is possible that by looking for common
gene sequences between food that may have caused illness and particular known
bacteria, WGS can identify food contaminants and detect threats quickly.
The application
of WGS technology to foodborne pathogens and illness is an imperative that should
be considered by all governments around the world. Although the Australian
framework has been handicapped by the joint nature of a federal-state
governmental system, it is our view that there is considerable scope for
improvement of the Australian system if additional enabling laws were to be
enacted.
How WGS
operates within Australia’s federal regulatory framework
Any use of WGS
in Australia must currently contend with the division of various powers and
responsibilities between Australia’s Federal government, and the governments of
the individual Australian States and Territories.
The Australian
Federal Government is signatory to international treaties that guarantee
Australian access to important international databases with genomic data.
However, it is the State sand Territories that are responsible for food safety
regulation and enforcement. Moreover, while the Federal government oversees the
sharing of genomic data within and outside of Australia, it relies on
cooperation by the States and Territories for this to occur.
The Federal
Government established the National Notifiable Diseases Surveillance System (NNDSS)
in 1990. Under the NNDSS, the Federal Health Minister is required to compile a National
Notifiable Disease List (NNDL), which is intended to capture any disease
that would create a public health risk should an outbreak occur. As at November
2020, the following notifiable foodborne illnesses are included in the NNDL:
·
Campylobacteriosis
·
Cholera
·
Clostridium
botulinum infection (botulism)
·
Haemolytic
uraemic syndrome (HUS)
·
Hepatitis
A
·
Hepatitis
E
·
Listeriosis
·
Paratyphoid
fever
·
Salmonellosis
·
Shiga-like
toxigenic Escherichia coli
·
Shigellosis
·
Typhoid
fever
Each of the
above diseases (notifiable diseases) can be identified through WGS technology.
However, the Federal
government relies on State and Territories to disclose data in relation to notifiable
diseases on the NNDL under the National Health Security Act. The National
Health Security Act provides for the Federal and State and Territory
governments to enter into an agreement for the sharing of data relating to notifiable
diseases.
State and
Federal discrepancies, and inconsistencies between State jurisdictions
Even though the
National Health Security Act provides for an agreement to act as a mechanism
for information-sharing by States and Territories, this agreement remains
voluntary. The Federal government has no power to compel States and Territories
to provide this information. Moreover, States and Territories are responsible
for implementing their own notification and data collection arrangements
through their respective public health frameworks.
Notification
conditions vary greatly between States and Territories. Differences can be
found in the timing and method of notification, and the entities that are
obliged to report on a particular disease. While most foodborne diseases on the
NNDL are classed as either urgent or routine across all jurisdictions, there are
inconsistencies in the classification of Hepatitis E, Listeriosis and
Shiga-like toxigenic Escherichia coli. Furthermore, while all include mandatory
notification obligations for diseases in the NNDL, some States have imposed
notification requirements for other foodborne diseases outside of the NNDL,
which again vary.
Public health
legislation in each State and Territory imposes notification requirements on
pathology labs and medical practitioners that find that a patient has a
notifiable disease. However, the deadline for notifying the relevant State or
Territory authority differs significantly between jurisdictions:
·
Tas:
facsimile before 5:00pm on the next working day
·
NSW:
24 hours
·
Qld:
48 hours
·
WA:
72 hours
·
SA:
3 days
·
Vic
and ACT: 5 days
In NSW, Queensland
and the ACT, notification obligations are also imposed on persons in charge of
a hospital. In the ACT, this obligation also extends to a person responsible
for the care, counselling, support or education of another. In Tasmania,
notification obligations apply to the superintendent and senior health
professional responsible for care in a residential, education, healthcare or
childcare facility.
In Victoria and
NSW, medical practitioners and labs also have the power to voluntarily inform
the relevant government Authority of other matters that could pose a threat to
public health.
Challenges
posed by privacy legislation
In addition to
the issues that arise from the division of responsibilities between the Federal
government and Australia’s States and Territories, the sharing of data relating
to notifiable diseases often contains personal information. As such,
data-sharing can run into obstacles under Australia’s various privacy
regulations.
The Federal Privacy
Act sets out principles that apply to the collection and distribution of
personal data. These principles apply to the vast majority of large businesses.
They include:
·
Data
must be collected from the individual unless unreasonable or impracticable to
do so. In most instances, the individual must give consent for their data to be
collected.
·
If
a health service provider receives unsolicited personal information it
otherwise would not have been allowed to collect, it must destroy or
de-identify the information as soon as possible if it is lawful and reasonable
to do so.
·
Consent
must be obtained before the data can be shared or disclosed, unless an
exception applies.
A breach of the
Privacy Act can lead to substantial fines, court enforceable undertakings and
statutory penalties of up to $2.1m for repeated breaches. It is also worth
noting that Victoria, NSW and the ACT also impose privacy restrictions with
respect to medical data. In Victoria, for example, the misuse of medical data
can incur a penalty of up to $49,500.
Although they
play an important role in the protection of personal information, these privacy
laws present a risk that could in fact serve to restrict the flow of WGS data,
thereby impairing Australia’s ability to respond to foodborne diseases and
other issues, by acting as a disincentive for relevant parties to collect and
share relevant data. As the laws currently stand, medical practitioners and
other parties sharing WGS data might be at the mercy of administrative or
judicial discretions in interpreting privacy laws.
Legal
defence arguments to counter alleged Privacy law breaches
Even under
existing laws there are a number of potential avenues to argue that the sharing
of WGS data does not amount to a breach of privacy laws. Expert advice should
be sought in relation to your specific circumstances if seeking to rely on one
or more of the following arguments:
1.
The
data does not fall under the definition of “personal information”.
In many cases,
WGS data must contain personal information such as patient age, location,
immune status, underlying conditions, and clinical outcome of the illness. The
removal of such data may impact the extent to which the data can be relied on
by health professionals. Even
if laboratories limit the exchanged information to metadata which describes the
source and details of the isolate, this still requires passing on patient
demographics and clinical information.
Nevertheless,
where it is possible to separate the data from personal information, it might
be possible to argue that the collection and use of the data does not trigger
any privacy requirements as the data is not “personal information”.
2.
Consent
has been given regarding the collection and use of the information
In most cases,
personal information may only be used with consent. As such, parties collecting
WGS data should obtain broad consents authorising wide use of the data for WGS
data-sharing purposes.
Where consent
is not readily available (for example, if the person to whom the information
belongs is not legally able to provide consent), it might be possible to argue
that consent has been implied or has been granted by some other person with the
power to give consent.
3.
The
disclosure of data is for the purpose of notification of a “notifiable disease”
As identified
above, the NNDL comprises a list of notifiable diseases. Each State and
Territory also has a list of notifiable diseases requiring mandatory
notification and data-sharing by law. However, there are discrepancies amongst
these lists and they do not always align with the NNDL.
Nevertheless,
where disclosure is mandated under State and Territory legislation, it might be
possible to argue that the Australian Privacy Act should not be interpreted in
a way that impedes this notification.
4.
The
disclosure of data is required under another State or Territory law
Separate to the
various State and Territory disease notification frameworks, States and
Territories have various laws which could require the notification of food
contaminants or foodborne illnesses that are not on the NNDL but which justifies
acceptable reasons for disclosure of the personal data.
For example,
under Victorian laws hospitals are required to notify the Victorian Department
of Health and Human Services where a patient experiences an anaphylactic
reaction after consuming food.
5.
The
disclosure of data is required for public health and safety
As identified
above, both Victoria and NSW permit the disclosure of data by medical
practitioners and pathology labs where there is a sufficient risk to public
health. It could be argued that the public policy underlying these provisions
justifies the collection and distribution of such personal information.
Transmission
of data across jurisdictional borders
When
transmitting data within Australia across State and Territory borders, the
general rule of thumb is that the person sharing the data must ensure that all
relevant laws that apply to the use of the data within that State or Territory
must also be observed in relation to any usage outside of the State or
Territory. A party should verify that these laws will be observed prior to
sharing data.
When
transmitting data internationally, it is important to be able to justify the
use of any personalised information. In the post-COVID-19 era, it might be
possible to justify the international transmission of WGS data that could
relate to a global health and safety risk.
Accuracy of
data
A party
involved in the collection and distribution of WGS data could potentially face
legal liabilities if the data is inaccurate.
More than five
years ago, FoodLegal was involved in a case raised by a State food regulator that
asserted that a ready-made meal product sold by a retailer was alleged to
contain meat that was substituted by a different animal species. The allegation
was made in the midst of beef substitution cases in Europe with horse meat and
concern that similar contamination might have occurred in Australia. Upon a
thorough analysis of all the supply chains of the business in question, FoodLegal
was able to rule out any points at which the meat could have been contaminated
or substituted.
We then
commissioned one of Australia’s pioneer experts in early WGS technology. His
analysis of the tests carried out by the regulator was able to demonstrate that
the finding of “substituted meat” in the product was a false positive and had
arisen because of an improper analysis of the data. He showed that there is a
common gene sequence between different animal species and that even though there
were some common genes, the product in question contained the authentic meat
and not the substitute.
The facts of
this case illustrated the potential for loss and damages that might be caused
by testing errors or poor data analysis. Such losses may or may not always be
covered by the appropriate insurances.
Ownership of
data
In Australia,
the law is not primarily concerned with ownership of data. It is about custody
and responsibility of those who possess the data. Privacy laws in Australia and
the laws of evidence impose obligations on the parties who control and collect
data, and impose liability on the basis of acts or omissions that are done
whilst that party has possession of the data.
Many genomic
databases (in particular in the US) are maintained in the public domain, but
there are also private databases being created by private business operators or
industry bodies. Contractual obligations therefore need to be considered on top
of the legislative framework.
Opportunities
for regulatory improvements
It is clear
that WGS data presents a major opportunity for Australia to implement a
best-practice food surveillance system both domestically and internationally.
However, we have identified a number of obstacles that could prevent the effective
transmission of data.
We could
overcome a significant hurdle by implementing a better national system starting
with better and more consistent standards and timelines and disclosure
acceptance thresholds and processes, especially for notifying and sharing
information about notifiable pathogens and diseases. This could be done by
implementing a uniform national system that is adopted by each State and
Territory. This would remove inter-jurisdictional discrepancies in relation to
notification deadlines, responsible parties and notifiable diseases.
In addition,
there is scope for Australia’s privacy laws to be amended to expressly deal
with data collected and used for the purposes of protecting public health or
safety. Such amendments would remove current ambiguities and provide the
parties responsible for collecting and distributing data with greater certainty.
This would put Australia in a much better position to make use of WGS data as
it relates to foodborne illnesses.
Australia’s
potential role
Australia plays
an important role in global food trade and Australian companies are important exporters
and importers of food. Relatively speaking, to date Australia has fared better
than others in relation to the COVID-19 pandemic. Part of this has been the
quick take-up of WGS and other tools for improved contact tracing.
Australia has
always been a leading player in food and transport logistics, even going back
to such technologies as refrigerated meat shipment in the mid-19th
century and the recycling of pallets throughout the world in the second half of
the 20th century. Australia has the expertise and the wherewithal to
optimise WGS and other traceability technologies throughout food supply chains
regionally and globally.
This is general information rather than legal advice and is current as of 30 Oct 2021. We therefore recommend you seek legal advice for your particular circumstances if you want to rely on advice or information to be a basis for any commercial decision-making by you or your business.