Privacy Best Practices for Consumer Genetic Testing Services

The Future of Privacy Forum, along with leading consumer genetic and personal genomic testing companies 23andMe, Ancestry, Helix, MyHeritage, and Habit, released Privacy Best Practices for Consumer Genetic Testing Services. These companies have been joined by African Ancestry, FamilyTreeDNA,* and Living DNA in supporting the Best Practices as a clear articulation of how leading firms can build trust with consumers.

Consumer genetic tests, tests that are marketed to consumers by private companies, have empowered consumers to learn more about their biology and take a proactive role in their health, wellness, ancestry, and lifestyle. When consumers expressly grant permission and provide an informed consent, they can choose to share their genetic data with responsible researchers to help them discover important breakthroughs in biomedical research, healthcare, and personalized medicine.

The Best Practices establish standards for genetic data generated in the consumer context by making recommendations for companies’ privacy practices that require:

• Detailed transparency about how Genetic Data is collected, used, shared, and retained including a high-level summary of key privacy protections posted publicly and made easily accessible to consumers;
• Separate express consent for transfer of Genetic Data to third parties and for incompatible secondary uses;
• Educational resources about the basics, risks, benefits, and limitations of genetic and personal genomic testing;
• Access, correction, and deletion rights;
• Valid legal process for the disclosure of Genetic Data to law enforcement and transparency reporting on at least an annual basis;
• Ban on sharing Genetic Data with third parties (such as employers, insurance companies, educational institutions, and government agencies) without consent or as required by law;
• Restrictions on marketing based on Genetic Data; and
• Strong data security protections and privacy by design, among others.

Supporters of the Best Practices include: Ancestry, 23andMe, Helix, MyHeritage, Habit, African Ancestry, FamilyTreeDNA,* and Living DNA.

The Association for Molecular Pathology (AMP), the premier global, molecular diagnostic professional society, recently revised its official position for all consumer genomic testing. Among other conditions, AMP will support consumer genetic testing if test providers adhere to FPF’s Best Practices (among other requirements): Announcement and Position Statement.

Should you have questions about this report, please contact the lead author, Carson Martinez, at [email protected]. 

*In January 2019, Family Tree DNA revealed an agreement with the FBI that conflicts with FPF’s Best Practices. FPF immediately removed Family Tree DNA as a supporter.

---

Video and Podcast

---

Additional Resources

---

• Read Best Practices
• Read Highlights Page
• Download Infographic

---

Press

---

• Press Release (various)
• Best Practices for Protecting Consumers’ Privacy (23andMe)
• Embracing Privacy Practices for the Industry (Ancestry)
• Setting high standards for the privacy of our customers (Helix)
• Ancestry, 23andMe and others say they will follow these rules when giving DNA data to businesses or police (Washington Post)
• Consumer Genetic Testing Companies Adopt Privacy Guidelines (GenomeWeb)
• Popular genetic testing companies agree to best practices guidelines (IAPP)
• Ancestry and 23andMe Agree to Rules on Providing DNA to Third Parties (Fortune)
• 23andMe, Ancestry, and other DNA testing companies agree to protect your genetic information (Mic.com)
• Ancestry and 23andMe Agree to New Rules to Make You Feel Safer Handing Over Your DNA (Gizmodo)
• 23andMe, Ancestry, and others agree to genetic privacy guidelines (engadget)
• Morning eHealth (Politico)
• What to say to your friend who’s obsessed with their own genetic makeup (theSkimm)
• DTC Genetic-Testing Giants Throw Their Weight Behind Privacy (Healthcare Analytics News)
• Ancestry, 23andMe and other top genetic testing companies agree to new voluntary privacy policy including additional consent forms and annual reports about how many requests they receive from police for DNA data (Daily Mail)
• Ancestry, 23andMe accept new third party data-sharing guidelines (Fortune)
• New Release – Privacy Best Practices for Consumer Genetic Testing Services (IBIA)
• 23andMe and other DNA-testing firms promise not to share data without consent (The Verge)
• 23andMe has pledged to follow new guidelines on how they handle people’s DNA (Mashable)
• Privacy pledge: Consumer genetic-testing firms agree to new rules (Genetic Literacy Project)
• 23andMe, Ancestry, and other genetic companies adopt new privacy rules (Upturn)
• 23andMe, Ancestry, other consumer genetic testing companies publish data privacy guidelines (MobiHealthNews)
• A Primer on Genetic Privacy (The Privacy Guru)
• Sociogenetic Risks — Ancestry DNA Testing, Third-Party Identity, and Protection of Privacy

  (The New England Journal of Medicine)

• Consumer DNA Testing Takes a Step Towards Privacy, Transparency (Threatpost)
• Behind at-home DNA testing companies sharing genetic data with third parties (CBS News)
• Privacy guidelines launched to protect DNA data (The Daily Swig)
• Genetic-testing technology is progressing rapidly. The rules need to keep up. (The Washington Post)
• What Consumers Should Know About Commercial DNA Testing (The Wall Street Journal)
• How Companies Can Safeguard Consumer Genetic Data (American Society of Human Genetics)