What is direct-to-consumer (DTC) genetic testing? Think of a company like 23andMe. You, as a consumer, receive a saliva collection kit and return the DNA embedded in your saliva. In exchange, the company provides information about your genetics, such as your ancestry composition, health, and family tree. For example, information about your health is based on whether your DNA includes genetic variants associated with the risk of developing a particular trait.
There are many companies like 23andMe across the world, and an estimated 100 million individuals have undergone DTC genetic testing. The DTC genetic testing market is estimated to be approximately $1.5 billion, with the U.S. holding 43% of the market share. Some estimate that the market will surpass $5 billion by 2030.
Does this Act sufficiently protect consumer privacy rights? Arguably not, given that the Act does not reach anonymized genetic data, which researchers have shown can be re-identified. But this inquiry gets more complicated when weighing the benefits of data sharing to advances in genetics research: for example, to better understand human genetics and to develop personalized medicine as illustrated by the Human Genome Project. For example, computational models predicting an individual-level risk score are much more well-powered with a greater sample size and heterogeneity of samples. These models, used in both clinical and translational research, can benefit from accessing the wealth of genetic testing data.
To compromise these competing aims, I propose a data-centric approach, where different levels of protection are applied depending on the data's vulnerability to identification. Genetic testing data comes in many different shapes and forms, from raw genotype data to summary statistics, each with varying levels of vulnerability. For example, p-values obtained from analyzing across samples are not as vulnerable as a raw genotype data that can be used to identify an individual. To some extent, Maryland’s Genetic Information Privacy Act does create varied levels of protection by distinguishing de-identified genetic data, but this is not enough. Regulating less vulnerable genetic data may curtail scientific innovation; accordingly, legislators and regulators should pay special attention to the nature and character of particular genetic testing data. During this process, lawmakers should also engage in active communication with the scientific community to better understand DTC genetic testing.