Who Knows What, and When?: A Survey of the Privacy Policies Proffered by U.S. Direct-to-Consumer Genetic Testing Companies.

Direct-to-consumer genetic testing (DTC-GT) companies have proliferated in the past several years. Based on an analysis of genetic material submitted by consumers, these companies offer a wide array of services, ranging from providing information about health and ancestry to identification of surreptitiously-gathered biological material sent in by suspicious spouses. Federal and state laws are ambiguous about the types of disclosures these companies must make about how the genetic information they obtain is collected, used, and shared. In an effort to assist in developing such laws, this Article reports a survey of the privacy policies these companies purport to follow. It canvasses ninety DTC-GT companies operating in the United States and provides a detailed analysis of whether and to what extent those policies inform consumers about how their genetic information will be used and secured, with whom it will be shared, and a host of other issues. Using the Federal Trade Commission’s articulation of the Fair Information Practice Principles and the agency’s proposed Privacy Framework as the baseline, we conclude that most policies fall well short of the ideal.