Privacy legislation, especially on the state level, seems to be appearing at a rapid clip these days. But one area that has been noticeably slow to catch on are DNA privacy laws. Last spring, Sens. Marco Rubio and John Cornyn introduced the Genomics Expenditures and National Security Enhancement Act of 2021 or the GENE Act, as well as the Genomics Data Security Act.
These two bills, which update the Defense Production Act of 1950, cover all transactions involving genetic information. The Genomics Data Security Act seeks to modernize the National Institutes of Health’s national security strategy, prohibits NIH funding to support entities with direct ties to the government of the People’s Republic of China, updates licensure requirements for any laboratory with access to Americans’ personal health data and revises the NIH’s genomic data sharing policy, among other things.
A Need for Healthcare Security Governance
The introduction of DNA privacy laws has been viewed as a response to allegations that in 2020, a Chinese-owned COVID testing company approached states to set up facilities in the United States—with the intent to use said sites to collect DNA. All of the states refused the offer.
Domestically, the U.S. has protections in place to prevent legal discrimination based on genetic information. But these laws don’t extend to international vendors, researchers, and others who could access this sensitive data.
As technology evolves, we have seen the incredible medical advances that can be achieved with genetic data, and we can imagine other applications. For instance, it’s not inconceivable that a test could reveal a newborn baby’s predisposition to specific diseases and allow parents to pursue prevention treatments.
Yet, at the same time, we would be naive if we did not consider the potential for unethical use of such data, particularly given that we are constantly and unknowingly leaving traces of ourselves behind, such as errant hairs and the like.
It may be illegal to discriminate based on this data, but can it be used to target customers for products? Are there other possibilities that fall into gray areas? Cloning, which is already a reality, is another important area to explore…
DNA Privacy Laws: Protection From the Future
We should be thinking of our DNA as the most precious of personal data and we should be doing what we can to protect it. There’s a widely held assumption that in 2021, most of our data has already been leaked by now—and that has led to a blasé attitude about data privacy—but we should not be so cavalier about the material that makes up our unique identity when we are only beginning of truly understanding all of its capabilities.
In 2017, for instance, researchers established that all of the world’s data could be stored in a single room full of DNA. Meanwhile, in Montreal, chemists constructed the world’s smallest antenna using DNA. Without a full understanding of what our DNA can do (or what can be done with it), we must be forward-thinking in anticipating all of the future risks and not just looking at current technologies.
I generally believe that regulation is not the answer to most social ills, but in this case, we need more of it. In protecting against the foreign use of genetic information, the GENE Act is a good and necessary measure, but it’s not all-inclusive. Given that we continue to live through a pandemic in which COVID testing (and even “risk evaluating” genetic testing for COVID) is a regular occurrence, we should face this reality head-on.
As of writing this article, both bills have been read twice and referred to committees. Whether or not either of these bills gain any traction in the near future is unknown, but we should think of this as only the beginning—we need to create some meaningful safeguards for our data before it’s too late.