Direct-to-consumer genetic testing (DTC-GT) companies have proliferated in the past several years. Based on an analysis of genetic material submitted by consumers, these companies offer a wide array of services, ranging from providing information about health and ancestry to identification of surreptitiously-gathered biological material sent in by suspicious spouses. Federal and state laws are ambiguous about the types of disclosures these companies must make about how the genetic information they obtain is collected, used, and shared. In an effort to assist in developing such laws, this Article reports a survey of the privacy policies these companies purport to follow. It canvasses ninety DTC-GT companies operating in the United States and provides a detailed analysis of whether and to what extent those policies inform consumers about how their genetic information will be used and secured, with whom it will be shared, and a host of other issues. Using the Federal Trade Commission’s articulation of the Fair Information Practice Principles and the agency’s proposed Privacy Framework as the baseline, we conclude that most policies fall well short of the ideal.
[1]
Matthew B. Kugler,et al.
Is Privacy Policy Language Irrelevant to Consumers?
,
2016,
The Journal of Legal Studies.
[2]
Pascal Borry,et al.
Third party interpretation of raw genetic data: an ethical exploration
,
2017,
European Journal of Human Genetics.
[3]
Mary J. Culnan,et al.
Strategies for reducing online privacy risks: Why consumers read (or don't read) online privacy notices
,
2004
.
[4]
F. Cate.
The Failure of Fair Information Practice Principles
,
2006
.
[5]
Lorrie Faith Cranor,et al.
A comparative study of online privacy policies and formats
,
2009,
Privacy Enhancing Technologies.
[6]
Robert C Green,et al.
GINA, genetic discrimination, and genomic medicine.
,
2015,
The New England journal of medicine.
[7]
M. Curnutte.
Regulatory controls for direct-to-consumer genetic tests: a case study on how the FDA exercised its authority
,
2017
.