Montana governor Greg Gianforte recently signed into law SB 351, the Genetic Information Privacy Act. It’s the latest in Montana’s concerted effort to protect its citizens’ privacy interests in the face of evolving threats from emerging technologies.
Montana was in the vanguard of digital privacy protection in 2013 when it passed HB 603, requiring judicial authorization before law enforcement is permitted to access location data. This was a full five years before Carpenter v. United States, in which the U.S. Supreme Court recognized that warrantless access to such information violates the Fourth Amendment. Since that time, Montana’s has passed into law:
(Hat tip to Jennifer Lynch of the Electronic Frontier Foundation for a good breakdown of this decade-long trajectory.) Montana also passed a 2021 constitutional amendment with sweeping support that added electronic data and communications to the state’s search and seizure protections. (Montana’s recent ban on TikTok resulted in some privacy benefits but significantly more consternation from some in the media.) This year’s Genetic Information Privacy Act is one of the most robust genetic privacy laws of its kind, reinforcing the 2021 law and creating consent requirements for genetic data processing and for all subsequent uses of that data. It requires a “high-level privacy policy overview” from companies for all new customers. And, absent consent, it strictly prohibits the transfer of genetic data to employers or health and life insurance companies. The statutory definition of genetic data, meanwhile, has been broadened to include “self-reported health information” and otherwise plug gaps in potential uses of consumer information. To date, Washington has failed to pass much in the way of meaningful digital privacy legislation (or genetic privacy legislation outside of a non-discrimination bill in 2008 and piecemeal HIPAA protections). The United States has a number of older information privacy laws related to specific sectors such as health care and finance, and they’ve been used to prevent certain harms. In short, the federal government broadly allows the collection of personal data, then subsequently regulates certain industries that use that data. It’s a reactive – rather than proactive – way to address a growing threat to privacy. As a result, individual states are stepping in to act on privacy in the digital age. It’s encouraging to see a bipartisan array of state legislatures do so: California, Connecticut, Colorado, Indiana, Iowa, Montana, Tennessee, Virginia, and Utah have already passed or enacted comprehensive data privacy laws. As for genetic privacy, other states should consider following Montana’s lead. As digitization of medical records becomes standardized and genetic sequencing becomes easier, authorities and private actors have ever more avenues for accessing your information. Whether it’s warrantless law enforcement searches of DNA databases, use of medical information by private companies for employment and insurance purposes or even the private patenting of human genes – the threats are manifold – and scary. Our (cowboy) hats are off to Montana for its forward-thinking efforts to safeguard our rights in the face of rapidly advancing technology. Comments are closed.
|
Categories
All
|