A number of major genomic testing companies have agreed to a new set of guidelines on the sharing of DNA with law enforcement and other third parties.
Under new rules set about by various companies including 23andMe, Ancestry, Habit, Helix, and MyHeritage, and published by The Future of Privacy Forum, such businesses must obtain separate consent from customers before sharing “individual-level information” with organizations such as law enforcement and research companies.
The guidelines, which seek to advance “responsible data practices in support of emerging technologies,” that involves the obtaining “express consent for the collection, analysis, sharing, or reporting of Genetic Data,” and providing “clear and complete information regarding the Company’s policies and procedures for the management of personal data.”
“Companies should provide a public report describing requests from law enforcement for Genetic Data,” the guidelines continue. “Such reports should be made on at least an annual basis.”
The question of DNA sharing came to a head in April after the arrest of 72-year-old Joseph DeAngelo, 72, who was charged with serial of murders that led to the name “Golden State Killer.” He was arrested after crime scene DNA matched that of a relative who previously sent his DNA to the analysis firm GEDmatch, raising privacy concerns about how such companies handle people’s personal data.
“I don’t think the average consumer has wrapped their head around the range of issues they should think about when they make a decision to share [DNA] data,” The Future of Privacy Forum CEO Jules Polonetsky told the Washington Post.
Meanwhile, Ancestry’s chief privacy officer, Eric Heath, told Gizmodo in a statement that “protecting customers’ privacy is the company’s “highest priority.”
“We understand the sensitive nature of the information our industry handles and our responsibility as stewards,” Heath said. “Ancestry looks forward to seeing these Best Practices broadly adopted across the industry.”