All your data (effectively) belong to us: Data practices among direct-to-consumer genetic testing firms

Abstract

Purpose:Direct-to-consumer genetic testing (DTC-GT) has become a convenient method to help people to understand their genetic makeup. Owing in part to concerns regarding confidentiality, privacy, and secondary use of data, professional and government bodies created guidelines to promote transparency among these companies. Using a comprehensive and systematic approach, this study assessed DTC-GT company compliance with international transparency guidelines.Methods:A framework analysis was performed on 30 DTC-GT health and/or ancestry websites identified using a US-based online search strategy during the summer of 2015. A codebook was developed from a synthesis of relevant guidelines from seven DTC-GT guideline documents and applied to each website.Results:Although most companies met guidelines related to transparency regarding security protocols, storage procedures, and third-party disclosures, few met guidelines regarding sharing risks from data disclosures. Additionally, few companies disclosed how long data would be kept for services or research. Use of data for research was frequently mentioned only in privacy policies and terms of service documents, and only two-thirds of companies required an additional consent to use consumer data for health-related research.Conclusion:Our analysis shows that DTC-GT companies do not consistently meet international transparency guidelines related to confidentiality, privacy, and secondary use of data.