Biological privacy: Protecting DNA sharing

• Author:
• Author name

  Quantumrun Foresight
• November 25, 2022

Insight summary

Biobanks and biotech testing firms have made genetic databases increasingly available. Biological data is utilized to discover treatments for cancer, rare genetic disorders, and a variety of other diseases. However, DNA privacy may increasingly be sacrificed in the name of scientific research.

Biological privacy context

Biological privacy is a critical concern in the era of advanced genetic research and widespread DNA testing. This concept focuses on safeguarding the personal information of individuals who provide DNA samples, encompassing the management of their consent regarding the usage and storage of these samples. With the increasing use of genetic databases, there is a growing need for updated privacy laws to protect individual rights. The uniqueness of genetic information poses a significant challenge, as it is inherently tied to an individual's identity and cannot be separated from identifying features, making de-identification a complex task.

In the US, some federal laws address the handling of genetic information, but none are specifically tailored to the nuances of biological privacy. For instance, the Genetic Information Nondiscrimination Act (GINA), established in 2008, primarily addresses discrimination based on genetic information. It prohibits discrimination in health insurance and employment decisions but does not extend its protection to life, disability, or long-term care insurance. 

Another critical piece of legislation is the Health Insurance Portability and Accountability Act (HIPAA), which was amended in 2013 to include genetic information under its Protected Health Information (PHI) category. Despite this inclusion, HIPAA's scope is limited to primary healthcare providers, such as hospitals and clinics, and does not extend to online genetic testing services like 23andMe. This gap in the law indicates that users of such services may not have the same level of privacy protection as patients in traditional healthcare settings. 

Disruptive impact

Because of these limitations, some US states have enacted stricter and more defined privacy laws. For example, California passed the Genetic Information Privacy Act in 2022, restricting direct-to-consumer (D2C) genetic testing firms like 23andMe and Ancestry. The law requires explicit consent for DNA use in research or third-party agreements.

In addition, deceptive practices to deceive or intimidate individuals into giving consent are prohibited. Customers can also request their data be deleted and any samples destroyed with this law. Meanwhile, Maryland and Montana passed forensic genealogy laws that require law enforcement officials to obtain a search warrant before viewing DNA databases for criminal investigations. 

However, there are still some challenges in protecting biological privacy. There are concerns regarding medical privacy. For instance, when people are required to allow access to their health records based on broad and often unnecessary authorizations. Examples are cases where an individual must first sign a medical information release before being able to apply for government benefits or acquire life insurance.

Another practice where biological privacy becomes a gray area is newborn screening. State laws require that all newborns are screened for at least 21 disorders for early medical intervention. Some experts worry that this mandate would soon include conditions that don’t manifest until adulthood or don’t have any known treatment.

Implications of biological privacy

Wider implications of biological privacy may include: 

• Research organizations and biotech companies requiring explicit consent from donors’ for DNA-based research and data gathering.
• Human rights groups demanding state-driven DNA collection to be more transparent and ethical.
• Authoritarian states like Russia and China creating genetic profiles from their massive DNA drives to better identify which individuals are well-suited for certain civil services, like the military.
• More US states implementing individual genetic data privacy laws; however, since these are not standardized, they may have a different focus or contradictory policies.
• Law enforcement organizations’ access to DNA databases being restricted to prevent over-policing or predictive policing that re-enforces discrimination.
• Emerging technologies in genetics fostering new business models in insurance and healthcare, where companies may offer personalized plans based on individual genetic profiles.
• Consumer advocacy groups increasing pressure for clearer labeling and consent protocols on products using genetic data, leading to greater transparency in the biotechnology market.
• Governments worldwide considering ethical guidelines and regulatory frameworks for genetic surveillance to prevent misuse of genetic data and protect individual liberties.

Questions to consider

• If you have donated DNA samples or completed online genetic testing, what were the privacy policies?
• How else can governments protect citizens’ biological privacy?