Future of Privacy Forum and Leading Genetic Testing Companies Announce
Best Practices to Protect Privacy of Consumer Genetic Data
23andMe, Ancestry, Helix, and other leading consumer genetic and personal genomic testing companies back strong protections, including express consent, transparency reports, and strong security requirements
Washington, DC – Today, Future of Privacy Forum, along with leading consumer genetic and personal genomic testing companies 23andMe, Ancestry, Helix, MyHeritage, and Habit, released Privacy Best Practices for Consumer Genetic Testing Services. The Best Practices provide a policy framework for the collection, protection, sharing, and use of Genetic Data generated by consumer genetic testing services. These services are commonly offered to consumers for testing and interpretation related to ancestry, health, nutrition, wellness, genetic relatedness, lifestyle, and other purposes.
“Supporting strong and transparent industry-wide guidelines that provide people with confidence that companies in this growing field will protect their privacy is critical to the continued success of this nascent business sector,” said Jules Polonetsky, CEO, FPF. “That is why we have been working with the industry leaders for the past year to develop privacy and data principles that we and our peers in the personal genomics industry can embrace. We believe that these best practices are essential to engendering trust so that all people can safely access their genetic information.”
Consumer genetic tests, tests that are marketed to consumers by private companies, have empowered consumers to learn more about their biology and take a proactive role in their health, wellness, ancestry, and lifestyle. When consumers expressly grant permission and provide an informed consent, they can choose to share their genetic data with responsible researchers to help support a better understanding of the role of genetic variation in our ancestry, health, well-being, and much more.
“Protecting our customers’ privacy is Ancestry’s highest priority,” said Eric Heath, Chief Privacy Officer, Ancestry. “As a leader in the direct to consumer DNA testing market, Ancestry recognizes the important role that our industry can play in protecting the privacy and data of all customers. We understand the sensitive nature of the information our industry handles and our responsibility as stewards. We are grateful for the Future of Privacy Forum’s leadership in working to get these Best Practices drafted, vetted and aligned, and look forward to seeing these Best Practices broadly adopted across the industry.”
Today, more consumer genetic testing services are available than ever before, prices for testing are becoming increasingly affordable, and the speed at which testing is completed is accelerating. As the industry continues to expand and the technology becomes more accessible, it is vital that the industry acknowledge and address the risks posed to individual privacy when Genetic Data is generated in the consumer context.
“We’re seeing such a rapid progression of the industry, owing to both the advances in technology and the increasing accessibility of genomic information for personal and research use,” said Elissa Levin, Head of Policy and Clinical Affairs, Helix. “We think it’s essential to take a leadership position to continue to grow the industry responsibly, in ways that keep consumer safety at the forefront of action, and pave the way for better experiences and learnings that ultimately help people lead better lives.“
“Everyone who participates in a genetic testing service deserves to have their information protected, no matter which service or product they use. It’s imperative that all consumer genetic testing companies adhere to comprehensive privacy protections, and clearly communicate their policies to consumers in a transparent manner,” said Kate Black, Global Privacy Officer, 23andMe. “With over a decade of experience as a leader in consumer genetic testing, we’ve built incredibly strong privacy practices. We are happy to now work with the industry and an organization like the FPF to solidify best practices, and help ensure proper protection of consumers’ genetic information more broadly.”
The Best Practices are also supported by other consumer genetic testing companies including African Ancestry and FamilyTreeDNA.*
The Best Practices establish standards for genetic data generated in the consumer context by making recommendations for companies’ privacy practices that require:
- Detailed transparency about how Genetic Data is collected, used, shared, and retained including a high-level summary of key privacy protections posted publicly and made easily accessible to consumers;
- Separate express consent for transfer of Genetic Data to third parties and for incompatible secondary uses;
- Educational resources about the basics, risks, benefits, and limitations of genetic and personal genomic testing;
- Access, correction, and deletion rights;
- Valid legal process for the disclosure of Genetic Data to law enforcement and transparency reporting on at least an annual basis;
- Ban on sharing Genetic Data with third parties (such as employers, insurance companies, educational institutions, and government agencies) without consent or as required by law;
- Restrictions on marketing based on Genetic Data; and
- Strong data security protections and privacy by design, among others.
“The Best Practices recognize that Genetic Data is sensitive information that warrants a high standard of privacy protection,” said Carson Martinez, Policy Fellow, FPF. “Genetic Data may be used to identify predispositions and potential risk for future medical conditions; may reveal information about the individual’s family members, including future children; may contain unexpected information or information of which the full impact may not be understood at the time of collection; and may have cultural significance for groups or individuals. It is therefore critical that the appropriate level of privacy protections is implemented.”
In producing the Best Practices, FPF and privacy leaders at the companies incorporated input from the FTC, a wide variety of genetics experts, and privacy and consumer advocates.
To request comment from FPF or the leading consumer genetic testing companies that were involved with these Best Practices released today, please find contact information below:
- FPF: [email protected]
- Ancestry: [email protected]
- 23andMe: [email protected]
- Helix: [email protected]
- MyHeritage: [email protected]
- Habit: [email protected]
The Future of Privacy Forum is a non-profit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. Learn more about FPF by visiting www.fpf.org.
*In January 2019, Family Tree DNA revealed an agreement with the FBI that conflicts with FPF’s Best Practices. FPF immediately removed Family Tree DNA as a supporter.