Consumer advocates want Washington to tackle 'Wild West' of DNA test kits
A consumer advocacy group leader says it's time for Washington lawmakers to set some rules in the "Wild West" of at-home DNA testing kits.
Following a report that Family Tree DNA gave the FBI access to its vast genetic database, Sally Greenberg, the executive director of the National Consumers League, says Congress must make sure people are aware of the broad privacy implications of using these common services. Most people who buy DNA kits think they're learning about their ancestors or relatives, Greenberg says, and they don't know that companies often have sweeping terms of service agreements that allow them to share customer genetic data with law enforcement or other companies.
The underlying science of genetic testing is still evolving, she warns, and no one knows how this data could be used (or abused) down the line. "We need some rules of the road," she told me. "Right now it puts consumers at great risk of having their very private information shared, sold and misused in ways they didn't sign up for."
Consumer DNA tests are growing in popularity as they top everything from Black Friday shopping lists to wedding registries, and consumer advocates say it's way past time for Washington lawmakers hold hearings and craft legislation that requires companies to be more transparent about how they collect and use genetic information. One clear potential reform suggested by consumer advocates: Requiring companies to give customers clear ways to opt in to sharing their genetic information with other parties.
The Family Tree DNA report, Greenberg says, underscores how companies can't be trusted to regulate themselves.
In February, Family Tree DNA admitted it had been sharing information with the FBI, saying the agency could use the information to place suspects at the scene of violent crimes or to identify decomposed bodies. It has been well-documented that DNA testing companies often hand over data if they have a warrant or other request from law enforcement, but Family Tree DNA gave law enforcement the ability to create accounts that granted them the same access to the database as customers who take the tests.
Many of the Family Tree DNA's customers felt duped because the company had positioned itself as a leader in privacy within the DNA testing industry. As my colleagues Tony Romm and Drew Harwell reported last year, Family Tree DNA was among the businesses that supported privacy rules developed by the Future of Privacy Forum. Participating companies said they would be upfront with users when they shared DNA information they collected with groups such as law enforcement or researchers. The genetic testing companies said they would obtain "separate express consent" when sharing the data with other parties like insurers, and they would release law enforcement transparency reports.
Following Family Tree DNA's disclosure that it was giving the FBI access, the Future of Privacy Forum removed the company as a supporter of its best practices, according to its website. As my colleagues noted, failing to meet the public pledge could invite regulatory scrutiny.
"Those that promise to protect consumers' sensitive personal data - then fail to adhere to those promises - could invite penalties from the Federal Trade Commission," my colleagues wrote when the pledge was unveiled last year.
Greenberg is calling the agency to look into Family Tree DNA sharing data with law enforcement. The FTC has previously issued a warning to consumers that using these kits come with considerable privacy implications. But that's not enough for Greenberg.
"99 percent of consumers have no idea what the FTC said, maybe 99.9 percent," she said.
Because the FTC has limited rule-making authority, Greenberg thinks a more effective path may be to get the issue in front of Congress. The National Consumers League is trying to elevate the privacy concerns surrounding DNA kits as Congress tries to craft federal privacy rules. Greenberg thinks DNA test kits could be the next key issue in the privacy debate.
Greenberg has asked Rep. Jan Schakowsky, D-Ill., the chair of the consumer protection and commerce subcommittee, to host a hearing on DNA test kit privacy. The House Energy and Commerce Committee declined to comment on whether it would do so. Even if the committee doesn't host hearing just on DNA test kits, it's possible the issue could come up in other broader privacy hearings.
Just this week, there were two of those in the House and Senate. Lawmakers have previously shown interest in the issue. Rep. Frank Pallone Jr. (D-NJ), the Energy and Commerce Committee chair, last year sent letters to four top companies - including Family Tree DNA, asking them to clarify their privacy policies.
Greenberg says lawmakers should also consider crafting laws that would apply to genetic information. Greenberg says that genetic information is so sensitive that it should be protected in the same way as medical records. After all, a test that predicts likelihood of a future condition could have serious implications in the hands of an insurer.
That's why Greenberg is calling for a law protecting health care information similar to the Health Insurance Portability and Accountability Act, the 1996 law that created broad safeguards for patient data and medical records.
"We need a strengthened HIPAA for DNA testing companies," she said.