FPF Releases Follow-Up Report on Consumer Genetics Companies and Practice of Transparency Reporting

Today, the Future of Privacy Forum (FPF) published “Consumer Genetic Testing Companies & The Role of Transparency Reports in Revealing Government Requests for User Data,” examining how leading consumer genetic testing companies require valid legal processes before disclosing consumer genetic information to the government, as well as how companies publish transparency reports around such disclosures. The report analyzes transparency reports from leading consumer genetic testing companies to draw conclusions about the frequency of law enforcement requests, the type of information requested, the frequency with which companies complied with law enforcement requests, and how consumer genetic testing companies’ transparency practices differ from other related industries.

The report builds on FPF’s 2018 “Privacy Best Practices for Consumer Genetic Testing Services,” which acknowledges that government agencies may have legitimate reasons to request access to consumer genetic data from time to time, but requires that companies only provide access to such information when required by law. The new report will be helpful in conveying the benefits of transparency reporting, the different avenues for law enforcement requests, and the types of law enforcement requests issued to consumer genetics companies.

“Genetic data can help law enforcement agencies solve crimes and vindicate wrongfully accused individuals, but unfettered government access to genetic information held by commercial services presents substantial privacy risks” says FPF Vice President of Policy John Verdi. “Transparency reporting plays a key role in mitigating these risks by shedding light on how consumer DNA testing services respond to government access requests for both genetic information and non-genetic account information.”

The report articulates five main conclusions:

• The majority of law enforcement requests seek non-genetic information, such as credit card data;
• Leading consumer genetic testing companies have received few law enforcement access requests overall, and volume has been stable over time;
• Of the small number of requests for genetic information that companies receive, few result in the disclosure of genetic data – companies have declined to disclose data and have fought requests in court;
• Consumer genetic testing companies’ approach stands in contrast to public genealogy services, which have taken a more cooperative approach to law enforcement access and/or have failed to adopt transparency reporting; and
• None of the leading consumer genetic testing companies surveyed reported that they have received a National Security Letter or request for information under the Foreign Intelligence Surveillance Act.

To learn more, read the report.