Best Practices to Protect Privacy of Consumer Genetic Data

The Future of Privacy Forum and leading genetic testing companies announced Privacy Best Practices for Consumer Genetic Testing Services.

The genetic testing companies included: Ancestry, 23andMe, Helix, MyHeritage, Habit, African Ancestry, FamilyTreeDNA, and Living DNA. The Best Practices provide a policy framework for the collection, protection, sharing, and use of Genetic Data generated by consumer genetic testing services.

Consumer genetic tests, tests that are marketed to consumer by private companies, have empowered consumers to learn more about their biology and take a proactive role in their health, wellness, ancestry, and lifestyle. When consumers expressly grant permission and provide an informed consent, they can choose to share their genetic data with responsible researchers to help support a better understanding of the role of genetic variation in our ancestry, health, well-being, and much more.

The Best Practices establish standards for genetic data generated in the consumer context by making recommendations for companies’ privacy practices that require:

* Detailed transparency about how Genetic Data is collected, used, shared, and retained including a high-level summary of key privacy protections posted publicly and made easily accessible to consumers

* Separate express consent for transfer of Genetic Data to third parties and for incompatible secondary uses

* Educational resources about the basics, risks, benefits, and limitations of genetic and personal genomic testing

* Access, correction, and deletion rights

* Valid legal process for the disclosure of Genetic Data to law enforcement and transparency reporting on at least an annual basis

* Ban on sharing Genetic Data with third parties (such as employers, insurance companies, educational institutions, and government agencies) without consent or as required by law

* Restrictions on marketing based on Genetic Data

* Strong data security protections and privacy by design, among others.

In producing the Best Practices, the Future of Privacy Forum and privacy leaders at the genetic testing companies that were involved with these Best Practices, incorporated input from the Federal Trade Commission, a wide variety of genetic experts, and privacy and consumer advocates.

Related Articles on FamilyTree.com:

* Police Used DNA to Identify the Golden State Killer

* Genetic Testing Company Used Child’s Photo Without Permission

* How to Revoke Research Consent from DNA Testing Companies

< Return To Blog