 Since 2008, it’s been illegal to discriminate against someone based on their genetic information, thanks to the Genetic Information Nondiscrimination Act (GINA). But when 23andMe personal genomics company filed for bankruptcy in March, sharp new issues in genetic privacy emerged. The 23andMe debacle raised the specter that the genetic data of millions of people would be sold to the highest bidder – with almost no oversight from a privacy-rights standpoint. The company did the right thing, asking a judge to approve the sale of its data to a nonprofit research institute that will only access the profiles of customers who explicitly allow their data to be used in deanonymized form for medical research. Still, as Colin Loyd wrote in the Minnesota Journal of Law, Science & Technology, that 23andMe’s bankruptcy and potential sale “reveals deep flaws in the current regulatory system governing genetic data privacy.” There are astonishingly few constraints on the sale and use of genetic material, other than in a handful of state statutes. Which makes Rep. Ben Cline’s (R-VA) “Don’t Sell My DNA Act” a big step to protect privacy. The bill, co-sponsored in the House with Rep. Zoe Lofgren (D-CA), has a Senate companion introduced by Sen. John Cornyn (R-TX). The bill updates the Bankruptcy Code to:
All of these measures are a direct response to the privacy threats raised by the potential post-bankruptcy sale of 23andMe. They are focused on bankruptcy scenarios. What Americans need next is legislation that builds robust privacy guardrails around genetic information itself, agnostic to specific scenarios. In other words, we need guardrails that ASU law school professor Laura Coordes calls “baseline protections.” Stopping this data from being bought, sold, and potentially misused as a result of bankruptcies is good policy, but essentially lumps our most deeply personal information into the category of furniture, real estate, and other assets. What about situations that don’t involve bankruptcy? For example, should data brokers be able to sell genetic information at any time, without affirmative consent, to anyone, including government agencies and foreign entities? In a very real sense, genetic information represents the future of data privacy, which means the time to enact sweeping legislation is now – whether it’s expanding HIPAA compliance to include genomics companies or reviving legislation such as Sen. Bill Cassidy’s Genomic Data Protection Act. In only a few years’ time, no data will be as valuable as genetic information – irresistible prey that buyers of all kinds would love to sink their algorithms into. In the meantime, if you’ve already sent a DNA sample to 23andMe, as tens of millions have, consider deleting it – here’s how. And before sharing it in the future, ask to see privacy and consent policies in advance. With any luck, you’ll be supported by robust federal statutes, built, we hope, on important foundations like Rep. Cline’s “Don’t Sell My DNA Act." Comments are closed.
|
Categories
All
|
RSS Feed