Abstract
I provide an overview of the current state of the direct-to-consumer (DTC) genetic testing industry and the challenges that different types of testing pose for regulation. I consider the variety of services currently available. These range from health and ancestry tests to those for child talent, paternity, and infidelity. In light of the increasingly blurred lines among different categories of testing, I call for a broader discussion of DTC governance. I stress the importance of shifting our attention from the activities of the most prominent companies to viewing DTC genetics as an industry with a wide spectrum of services and raising a wide variety of issues. These issues go beyond questions of clinical utility and validity to those of data security, personal identity, race, and the nature of the family. Robust DTC testing has the power to provide meaningful clinical, genealogical and even forensic information to those who want it; in unscrupulous hands, however, it also has the power to deceive and exploit. I consider approaches to help ensure the former and minimize the latter.
1. Introduction
The direct-to-consumer (DTC) genetic testing industry is growing: Several companies have already amassed quite significant databases, which are being or could be used for ongoing health research (examples include 23andMe, AncestryDNA, Gene by Gene, and Illumina's new Helix venture) and other purposes, such as targeted marketing and broader surveillance (Table 1).1,2
Table 1.
Categories of tests offered by DTC companies.
| Category | Number of companies | Percentage |
|---|---|---|
| Ancestry | 74 | 30% |
| Athletic | 38 | 15% |
| Child talent | 4 | 2% |
| Matchmaking | 3 | 1% |
| Surreptitious | 34 | 14% |
| Nutrigenetic | 74 | 30% |
| Non-legal paternity | 88 | 36% |
| Legal paternity | 83 | 34% |
| Genetic relatedness | 92 | 37% |
| Carrier | 27 | 11% |
| Only health testing | 31 | 13% |
| Total companies analyzed | 246 |
In part the growth has occurred because DTC genetics is now relatively frictionless. One can purchase a genetic test online, receive a test kit by mail, and collect a DNA sample in one's own home. Consumers will typically receive the results at home as well without the guidance of a genetic counselor or medical practitioner. One can now purchase tests online for disease predisposition and carrier status, which in some cases do have clinical utility and validity. One can also order tests for ancestry and paternity.
However, there are also tests available that have more dubious purposes (and in some cases more suspect validity), such as those identifying child or athletic talent, offering matchmaking services, or “proving” infidelity. It should be noted that whatever the type of test offered, the majority of companies do not currently offer whole-genome or whole-exome scans, which means that the utility of test results for the individuals tested is inherently limited.
The industry challenges existing regulation primarily because it does not fit neatly into existing legal categories, as it is centered on the provision of genetic tests via the Internet for a variety of purposes, not all of which are medical. In the absence of specific regulation, for the most part, companies are using wrap (clickwrap or browsewrap) contracts to govern the transaction (the purchase of a genetic test) between consumer and company. This is typical of internet based industries and there is a general need for reform of online contracting practices. Clickwrap agreements normally require viewing of the document (although it is common for this to be done without reading): the consumer will be required to scroll through the document and then they normally signal their agreement with terms by clicking a button (typically labeled “I agree”). Browsewrap agreements resemble clickwrap and there is sometimes overlap, but the terms are typically located on a hyperlink and the consumer may not be required to even open the document before signaling their acceptance by clicking “I agree”.3
Generally, these types of contracts are also used to govern participation in research activities. These contracts can be viewed as a form of private legislation that allows companies to self-regulate, but at present this means that regulation is heavily biased in favor of companies' interests without adequate regard for the rights of consumers in this context or the harmonization of standards across the industry.
My current research focuses on examining the regulation of the DTC industry and examination of the contracts used by DTC companies. I compiled a list of companies operating in this area. In total, as of 10 January 2016, 246 companies were identified that offer some form of DNA test online.4 This list builds upon the previous work of the Human Genetics Commission, the US Government Accountability Office (GAO), and the Johns Hopkins Genetics and Public Policy Center. I have reviewed the wrap contracts used by 71 companies that offer health-related testing services; future work will examine the contracts used by companies offering other types of testing.5
Increasingly, companies are not limited to providing testing of one type (Table 2). Thus, my aim in this article is to stimulate a broader discussion about wider industry practices and potential issues they raise. The most significant issues applicable to all types of DTC tests are: whether these services are fit for their claimed purposes; whether the genetic data and other personal information collected from consumers is being stored securely; whether companies provide sufficient protection for consumers' privacy in genetic and other types of personal information; whether companies are being sufficiently transparent about the respective benefits and limitations of their services6; and finally, whether consumers actually understand the contracts they enter into when purchasing these tests. I also make suggestions for improving regulation.
Table 2.
Direct-to-consumer testing companies offer a wide range of services. This table provides a breakdown of the non-health specializations of these companies, highlighting that many offer more than one type of service. Of note: ~ 56% of companies offer tests in more than one category.
| Categories of tests offered | Number of companies | Percentage |
|---|---|---|
| 0a | 31 | 12.6% |
| 1 | 77 | 31.3% |
| 2 | 50 | 20.3% |
| 3 | 33 | 13.4% |
| 4 | 37 | 15.0% |
| 5 | 16 | 6.5% |
| 6 | 1 | 0.4% |
| 7 | 1 | 0.4% |
| Total | 246 | 100.0% |
Companies only offering health related testing.
In subsequent sections I discuss the current makeup of the DTC industry, the outstanding problems posed by it, and a potential rational approach to global governance.7
2. Variety of tests available
2.1. Health testing
In total, I identified 136 companies that offer (or have offered in the past three years) some form of health-related testing service. Note that I have also included companies that only allow ordering through physicians, but which have websites that market to physicians and consumers. I note that in the health context test results are complex in nature and there is a need for further education for many consumers in order for these tests to actually be useful. It is also questionable whether some health tests for serious conditions ought to be offered as consumer services.
2.1.1. Carrier testing
Twenty-seven companies have been identified that offer carrier testing. Examples include: 23andMe; DNA Testing Centres of Canada; Bio Logis; and Genetic Centre Company Limited.8
As many of the carrier tests offered by DTC companies have been approved and used in clinical settings, there are fewer issues around clinical utility and validity here. However, carrier testing is intended to allow individuals to understand whether they are at heightened risk of having a child affected by a serious illness or disability and may affect their reproductive decision-making.9 In a clinical setting patients undergoing carrier testing would normally have genetic counseling and receive extensive information regarding the consequences of such testing.10
2.1.2. Nutrigenetic testing
Seventy-two companies have been identified which offer (or have offered) nutrigenetic testing. This number seems likely to increase: the space remains largely unregulated and recent searches have identified a number of new companies in this area. As companies providing nutrigenetic testing often provide other services related to diet and fitness, they often have more in common with fitness, wellness, and nutrition companies than with clinical genetics providers. Some examples are: My Gene Diet (Natures Remedies Ltd); Smart DNA; Inherent Health; Halo Health; and Gene Planet.
Companies that offer nutrigenetic testing often also offer tailored diet services, food supplements and/or meal plans. The category of nutrigenetics raises issues regarding clinical validity, as many tests currently offered have not been appropriately validated and consequently the consumer may be paying for something that is ultimately useless. Some have argued that DTC companies should not offer this type of testing unless the tests offered are properly validated.11 The Association for Molecular Pathology's (AMP) Updated Position Statement from 2015 includes a category dubbed ‘business interest’, which refers to those companies where 1) the ‘information garnered does not meet criteria that would make the test ‘clinically meaningful’; and 2) the test purveyors attempt to sell ancillary products or services owned and/or endorsed by the laboratory’.12 AMP does not support tests in this category; many nutrigenetic tests would probably come under this classification.13 As with other DTC offerings, nutrigenetic companies' policies regarding sale of data, data sharing and storage bear careful monitoring.
2.2. Ancestry
Seventy-four companies have been identified which offer (or have offered) ancestry testing. Companies normally offer several options and many ancestry-testing companies will perform other types of testing for genetic relatedness, including tests for paternity, maternity, grandparent identification and sibling identification (Table 2). Some examples are: African Ancestry; African DNA; AncestryDNA; AncestrybyDNA; Britain's DNA; DNA Ancestry Project; Family Tree DNA; easyDNA; National Geographic's Genographic Project; and Nimble Diagnostics.14 I will briefly describe the activities of AncestryDNA and Gene By Gene below to illustrate how ancestry testing is consolidating and that the research activities of ancestry companies are now competing with health testing companies.
AncestryDNA launched its DTC service in 2012. Ancestry.com began as a genealogy company, which has been operating for several decades. It allows its customers to compile family trees and search for related family members and also search archival documents. In just three years AncestryDNA exceeded one million customers.15 More recently the company announced its intention to transition into the field of medical research16; as of July 2015 it had launched its AncestryHealth division, which is so far not using genetic information, but has begun collecting consumers' health information via surveys; it is possible that there will be overlap between the different branches in the future.17 AncestryDNA has also acquired other ancestry companies including Relative Genetics, GeneTree, and Sorenson Molecular Genealogy Foundation; it has also entered into collaboration with Google's Calico.18
Meanwhile, Gene by Gene was founded in 2000 as Family Tree DNA. It initially specialized in ancestry testing and has a partnership with National Geographic to provide the testing for National Geographic's global genetic survey, the Genographic Project (this has over 740,000 participants).19 In 2011 Family Tree DNA launched DNA Traits and DNA DTC,20 which provide health testing and whole-genome and whole-exome sequencing, respectively.21 These two have now been amalgamated under the name Gene by Gene. The company has also purchased other smaller ancestry companies including DNA Heritage and DNA-Fingerprint.22 To date, Gene by Gene has received less attention, but it is worthy of more due to its involvement in several different categories of genetic testing and its acquisition of other companies.23
Overall, thirty-two companies offer testing for both maternal and paternal lineages. Thirteen companies specifically test for African ancestry while fifteen test for Native American ancestry. Companies that test for one or both include: African DNA; Alpha Biolabs; AncestryByDNA; DDC; and DNA Consultants. It is also common for companies to offer a ‘family finder’ function, which allows people to connect with others to whom they may be related. This sometimes leads to unexpected discoveries including false paternity and unknown siblings. While this information might be beneficial for some people it can also cause distress and have a serious impact on families.24
The lines between the activities of DTC companies that perform ancestry testing and those that perform health-related testing are becoming increasingly blurred. Many companies are not limited to offering merely one type of genetic test and may offer ancestry together with paternity and health testing. This also raises the question of how and whether it is possible to apply different regulatory regimes to ancestry testing and health-related testing.
Ancestry is also often linked with notions of identity; sometimes when a person learns unexpected information about their origins this may have a significant impact on their conception of their own identity.25 Another area of concern is the increasing number of companies that specifically offer testing for Native American ancestry. Historically, indigenous people in many countries have been marginalized and exploited in many ways, including through their involvement in health research.26 While companies market on the promise of giving consumers insight into their ancient origins, even the largest DTC databases are generally not very representative of these population groups or minorities in general. A recent 23andMe study looking at ‘genetic origins’ analyzed ‘160,000 genomes’, but less than one percent of the study's participants identified as Native American and ‘only three percent’ were African American.27 As humanity has a long and unfortunate history when it comes to notions of ethnicity and race it is possible that an increase in ancestry testing focussing on ethnic origins may serve to fuel further racial divisions.28 It seems prudent to suggest that companies providing testing of this type should be subject to closer scrutiny and oversight.
2.3. Genetic relatedness
In the relatedness category the most common type of testing is paternity testing, with eighty-three companies offering this service. Some examples include: Who'z the Daddy?; Test Country; Gensys; International Biosciences; and Genetic Profiles.29 Ninety-six percent of the companies offering paternity testing offer both a ‘legal’ and a ‘peace-of-mind’ or ‘home’ option. While ‘legal’ tests may be admissible in litigation, many ‘home’ tests will not. Companies that do not offer a ‘legal’ option may also not actually be adhering to the same standards regarding test quality. For instance, a UK company (High Profile DNA) was closed down and its head jailed where it was found that the company had fabricated 150 test results.30 The fact that it is common practice to provide these distinct options calls for careful scrutiny of company practices in this context, as sample collection by individual consumers without witnesses poses a substantial risk of sample contamination or misuse. Where a child is also tested in this context the adequacy of consent is also questionable. If DTC companies continue to offer this kind of testing, there is a need for better standards, as unreliable parental testing could potentially result in significant harms to families.
Sixty percent of these companies offer both paternity and maternity testing. Thirty-five percent of the companies identified also offer prenatal paternity testing. Forty-one percent of the companies offering paternity testing also offer non-consensual (infidelity) testing (more on that in Section 2.6).
2.4. Athletic ability
Thirty-eight companies were identified in the athletics category and recent web searches suggest that this category of testing is growing. Two prominent examples are Genetic Sports Performance and DNA Fit. DNA Fit's slogan on its website is ‘[L]et your DNA work for you’ and it provides tests for diet and what it dubs ‘ideal training’. Regarding its athletic testing it makes the following claim, ‘[W]e test your DNA for 20 key genes to help you truly understand your body, and how best to train for your genetics’.31 Tests for athletic ability are generally not well validated and even those that have been validated are often of little predictive value.32 Companies that offer testing for children raise further questions about both the adequacy of consent and the capacity to consent.
2.5. Child talent
So far, only four companies have been identified that specifically market DTC tests for child talent in a general way (i.e., outside of athletics). Two prominent examples are Map My Gene and Genetic Center Company Limited. The former offers Map My Gene's DNA Innate Talent service (this is now called Inborn Talent Genetic Test) and tests for 46 talents and traits, which it divides into different categories. It is currently priced at $1500 (USD). The division of character traits includes: optimism; risk-taking; shyness; depression; hyper activeness; and adaptability.33
Generally, tests for child talent are not well validated and are not used widely in clinical settings; in addition, most policy guidance to date has opposed DTC companies aimed at minors. There are legitimate concerns about minors' capacity to consent and compromised autonomy.34 If these tests are to be offered then there is a need for greater transparency and fair advertising practices in this context.
2.6. Surreptitious testing (non-consensual, including infidelity)
Thirty-four companies were identified offering surreptitious testing services. These tests are often marketed as ‘infidelity’ tests. Some examples include: All About Truth DNA Services; Any Lab Test Now; Infidelity Testing; She Cheated; and Test Infidelity.35
It is worth noting that some companies providing more reputable types of testing will also offer these tests. Overall, forty-one percent of companies that offer paternity testing also offer ‘infidelity testing’.
Surreptitious testing happens in other ways as well. Some companies encourage customers to purchase tests as gifts. Others specifically offer infidelity tests alongside their other services. For example, Advanced Healthcare Inc. (which, despite its name, does not in fact offer health testing, but instead specializes in various tests for genetic relatedness), was found to offer an infidelity test for 9800 Rupees.36
In addition to encouraging customers to send in samples belonging to other individuals without their consent,37 some also encourage the collection of samples of dubious quality, e.g., collected from bedsheets and clothing. Surreptitious testing is probably the most concerning type of DTC testing, primarily due to the dubious nature of these services, the lack of quality control, and companies' marketing practices. Often the content of websites providing testing of this type seems open to challenge on the grounds that it is misleading. For example, All About Truth DNA Services states on its website that: ‘Statistically, approximately 60% of husbands and 40% of wives will have an affair at some point in their marriage or relationship. DNA testing typically provides a conclusive way to find out if someone is cheating on you.’38
Testing of this type is worthy of more scrutiny. Companies providing these services to UK consumers (and others providing other tests where the individual tested is a third party who has not consented) are possibly in breach of UK law: the Human Tissue Act 2004 makes it an offense to analyze DNA without qualifying consent. In the US, such companies may be breaching state laws.39
2.7. Matchmaking
Only three DTC genetic matchmaking companies have been identified and one of these is no longer operating. These are: GenePartner; Instant Chemistry; and Scientific Match. While this type of service has not yet proliferated, its offerings are dubious. Companies engaged in this service often make exaggerated claims about the benefits of testing. For example, Instant Chemistry claims that ‘Become closer to your partner. Learn about yourself.’40 Also, ‘A long-term relationship is important to you. Science has a lot to say about that, especially if you want to ensure your unceasing compatibility. Relationships grow, but your DNA and core personality stay constant. Find out the underlying compatibility between you and your partner to help your relationship grow.’41 Again, there is a need for more scrutiny here.
3. A way forward for regulation — some suggestions
Currently, most DTC services sit outside existing regulatory regimes. With the growing popularity of these services it is vital that the public be able to access information about the industry and educational initiatives that explain the respective risks, benefits, and limitations of genetic testing and DTC services. There is an overall need to increase transparency in the industry.
While the law is prone to lag behind technological innovation, the lack of regulation at present is not beneficial for consumers and while it may benefit companies in the short term, litigation and regulatory sanctions will not be beneficial for them in the long term. Companies wishing to develop tests and conduct research that is respected by the scientific community and retains the trust of consumers will benefit from appropriate regulation. There is a need for harmonized standards across the industry.
If industry-specific regulation could be developed, this would afford greater protection for consumers. If legislation is not forthcoming, developing an industry code of conduct and a method of certification for the industry would be a good step forward. This could draw upon the previous work of: the Human Genetics Commission; the Association for Molecular Pathology; the American Society of Human Genetics; the Canadian College of Medical Geneticists; the Office of the Canadian Privacy Commissioner; the European Academies of Science Advisory Council and Federation of European Academies of Medicine; the European Society of Human Genetics; and Australia's National Health and Medical Research Council.42 In the UK the now-disbanded Human Genetics Commission produced two reports and a set of guiding principles, which could prove helpful in developing industry-specific regulation.43
3.1. The use of wrap contracts to govern purchase and participation in research
The use of wrap contracts in this context is problematic, as such contracts often deem consent or agreement with terms on use or viewing of the website or accessing services. They may also deem consent or agreement to altered terms through continued use of the website. This means that contracts as they are currently framed often provide that by merely visiting a website a consumer is bound by that website's terms. In the DTC context this makes the adequacy of consent open to challenge because it is common to be able to view a website without reading or even seeing its terms. Clauses of this type are concerning regardless of the type of test offered. An illustrative example from the Makings of Me's Terms of Use (dated 29 November 2011) is: ‘By using this Site and/or any of its Services, you agree to these terms, including any modifications we make, and further waive any rights or claims you may have against us’. Informed consent cannot be obtained in this manner and while consumers are free to choose to access these services, they should not be bound by such terms through passive viewing of a website.44
Clauses that allow unilateral alteration of terms without notice ought not to be included. These clauses could allow companies to make significant changes to their policies on storage, sale, and sharing of data without consumers being made aware of changes. An example from AncestryDNA's Terms and Conditions (dated 20 March 2013) is: ‘AncestryDNA has the right, at its sole discretion, to modify this Agreement at any time. Changes will be posted on the AncestryDNA Website and by changing the date of last revision on this Agreement. If any portion of this Agreement or any change to the AncestryDNA Website is unacceptable to you or will cause you to no longer be in compliance with the’.45
Both contracts and privacy policies used by DTC companies are also generally not industry-specific, meaning that they do not adequately address the issues raised by the nature of the DTC industry itself. In e-commerce more generally websites will often have very similar contracts regardless of the service offered. With DTC, companies often do not mention what is done with stored genetic data in their privacy policies, but focus on what is done with other types of personal information collected via website cookies.
Furthermore, in their use of exemption clauses, indemnity clauses, limitations on scope of purpose, and variation of terms clauses, DTC contracts strongly resemble the contracts used by other large Internet Service Providers that are not providing genetic testing services.46 However, it may not be appropriate given the nature of DTC services to use the same terms as other Internet companies, without more tailoring of these contracts. At present, the use of these contracts allows companies to impose terms on consumers47 and effectively engage in industry self-regulation, which is biased in their favor.
It is likely that certain terms commonly included in these contracts (such as those allowing for unilateral alteration of terms without notice, indemnity clauses, and certain exemption clauses, including those limiting liability for fitness for purpose or accuracy) are not enforceable where tests are sold to European of UK consumers. It is also likely that these documents often fail to meet transparency requirements in the EU and UK. In the UK it is possible that the Competition and Markets Authority could play a role in working with the industry to discontinue usage of certain unfair terms.
DTC contracts need to be shorter, more interactive, and they need to use language that an ordinary consumer can understand. Otherwise, there is a real possibility that many consent mechanisms currently used by DTC companies may be found wanting.
Kim has suggested that one way to improve wrap contracts more generally in online commerce is to introduce a model of specific assent, meaning…48; something similar to this (perhaps a model of specific consent) might be useful in the DTC genetic context. Kim also suggests imposing a duty on companies to draft their terms reasonably.49 This would also be helpful and allow for a fairer balance between the rights of consumers and those of companies.
Where companies want to engage in research there could be several clauses that allow consumers to make choices about how their data are to be used, stored, and shared. In accordance with Kim's suggestions, consumers might tick boxes corresponding with clauses they have accepted,50 but in the context of DTC something more is needed, especially where on-going involvement in research is contemplated. The best protection for consumers here is to discontinue using particularly onerous terms, such as those allowing for unilateral changes or deemed consent. In online commerce more generally this may slow down purchase in a way that consumers may not like, but in the context of DTC genetics it is important that consumers actually take some time to understand the implications of purchasing a genetic test.
Clauses to participate in research should be on an opt-in rather than an opt-out basis. This will improve consumers' choice and improve consumer protection, given the complex nature of genetic testing and research (together with its longevity) and the online environment that tends to encourage consumers to make impulse purchases. This would not prevent companies from re-contacting consumers. It is important to remember that just as not all DTC services are created equal neither is all secondary research conducted by DTC companies of the same merit.
3.2. Fitness for purpose
One of the most significant issues in this context is whether many of the tests currently offered by DTC companies are fit for their claimed purposes: Do they fulfill consumers' expectations? Do they actually perform in accordance with marketing claims? Are the services performed accurate and reliable? Marketing claims included on DTC websites often promote the benefits of testing in a genetically deterministic manner. In the context of health testing, current marketing may also lead consumers to believe that the information they are acquiring through such tests will be useful in medical treatment and diagnosis.51 Yet many companies attempt to limit the scope of their services in their contracts. For instance, of the 71 companies' contracts I examined, thirty-eight percent of companies disclaim liability for fitness for purpose, which may be in breach of consumer protection legislation. For instance, in the UK certain terms are implied into consumer contracts and this includes that services and digital content (i.e., genetic test results) will be fit for purpose. For example if a test is marketed for Alzheimer's, both the sequencing and interpretation offered by the company should be reliable and accurate so that if a consumer took the test to their physician the information is in fact able to be relied upon in a clinical setting.
Furthermore, forty-four percent of companies specify that their services are provided on an ‘as is’ basis, meaning that for the most part these contracts are setting rather low standards in relation to test quality. This is concerning, especially in the context of tests for serious conditions such as Alzheimer's disease, heart disease, various types of cancer, and drug response.52
3.3. Relying on medical device regulation
The area of law that most relevant to regulation of the industry in both the USA and the European Union (EU) is that of existing regulation for medical devices (the law on this in the EU is currently under review).53 The key element of the product that DTC companies are selling is a genotyping or, in some cases, genetic sequencing service. As the test kit is a sample collection device rather than a central part of the actual sequencing service, relying on classifying the kit as a medical device can allow companies quite a lot of leeway. For instance, 23andMe has been permitted to market health tests in the UK because its test kit has a Conformité Européene (CE) mark, which means that the kit has been approved as safe for the purposes of collecting saliva.54 However, this certification does not provide for any additional assessment of the reliability or safety of the sequencing service itself.
In the EU, if the new In Vitro Diagnostics Regulation is enacted this may mean that DTC services for health purposes are significantly restricted in the EU and make more tests subject to premarket review. That said, many tests that are not for health purposes will not come under the Regulation's remit.55
3.4. Privacy, data protection, and information security
DTC testing, as an internet-based industry, poses daunting challenges for regulation, especially if the focus of regulation is solely on national regulatory systems. Given the international nature of the industry, any curtailment of these tests will require international collaboration. The majority of DTC companies that provide health-related testing are based in the USA and a high proportion of companies offering non-health-related tests are also American. Consumers purchasing tests often send their biological samples overseas. Consequently, their genetic information and other types of personal information are often processed, stored and shared in other countries. This data flow is borderless and it may be naïve to focus too much on regulating at a national level, even though such regulation is desirable.
The ideal regulatory response is an international one, perhaps with the creation of a regulatory body with an international mandate. For instance, part of the success of the EU's Data Protection Directive (which affords protection for the rights of individuals regarding the processing of personal data), has been due to its extra-jurisdictional reach.56 DTC companies offering services to consumers based in the EU ought to be complying with EU Data Protection law. (This is currently undergoing reform; it will be interesting to see what impact the Data Protection Regulation will have when it is finally passed).
The issues of privacy protection and information security are central to all types of DTC. When a person orders a genetic test online she is giving up both a physical sample of herself and personally identifiable and potentially sensitive information. Once the physical sample is processed by the DTC company, the genetic data can serve as a unique identifier for the individual tested and can also be used to identify related individuals. This has implications in cases where a company might sell or share the information with third parties including law enforcement agencies. Upon its 2015 relaunch, 23andMe revealed that it had received multiple requests for customer data from law enforcement.57
While previously it was thought that complete anonymisation of personal data was possible, there is growing recognition that it is often possible to re-identify individuals in large anonymised datasets. Even the best encryption of data is vulnerable to attack. There have been several recent efforts by researchers that have demonstrated that it is possible to reidentify research participants in large genetic studies, with the most compelling examples found in Gymrek et al.58 and Erlich et al.59 It has also been demonstrated that identification is possible through reliance on research statistics.60
As Ayday and De Cristofaro et al. note, due to the shared nature of genetic data, potential data leakage is not a matter that will only affect the individual concerned, but their family. Indeed, if genetic data stored in DTC databases were leaked, it could actually affect a large family group.61 As biometrics are increasingly used in banking security and home security systems there may be an increased incentive for criminal organizations to attempt to gain access to both DTC databases and biobanks in order to access stored genetic data or other types of personal data.
The startup Guardiome, which promises enhanced consumer privacy, is an interesting example of an alternative approach to privacy protection in this context. Guardiome provides its whole genome sequencing service to consumers on a personal device that is not connected to the internet, which may allow for stronger protection for consumers' privacy and security.62
4. Conclusions
The DTC genetic industry currently offers a diverse range of services, which vary widely in quality. Some of these services can be beneficial, but the usefulness of many of these services to consumers is questionable. Many tests for susceptibility to complex diseases are not yet standardized, and this has led to both scholarly and regulatory scrutiny. What has received less attention is that many tests for non-health related purposes cannot perform in the way that their purveyors' websites claim.
The industry is growing and consolidating, meaning that data collected from consumers is increasingly being used for a wide variety of secondary purposes. We are living in the age of big data, but not all data are created equal and there is a need to consider the veracity and variability of DTC data used in ongoing research.63 In the short term it is desirable that companies improve their contracts and privacy policies, improve website transparency, develop an industry code of conduct, and improve security mechanisms. In the long term, if the industry is to continue to develop there should be an industry-specific regulator and/or appropriate legal regulation of the industry. There is also a continuing need for educational initiatives that will allow consumers to understand what test results will mean for them in order to make informed decisions about whether to use such services. There is a more general need in e-commerce to reform online contracting practices so that there is a fairer balance between the rights of companies and consumers.
Footnotes
Cussins, J., 15 January 2015. Direct-to-consumer genetic tests should come with a health warning. The Pharmaceutical Journal < pharmaceutical-journal.com/opinion/comment/direct-to-consumer-genetic-tests-should-come-with-a-health-warning/20067564.article > accessed 3 August 2015.
The Genetics and Public Policy Center, 11 August 2011. Table — tested listed by disease category <http://www.dnapolicy.org/news.release.php?action=detail&pressrelease_id=145> accessed 11 April 2012; Human Genetics Commission, 2003. Genes direct: Ensuring the effective oversight of genetic tests supplied directly to the public. Department of Health, UK; Human Genetics Commission, 2007. More Genes Direct. Department of Health, UK; Human Genetics Commission, 2010. A Common Framework of Principles for direct-to-consumer genetic testing services ,Department of Health, UK; Kutz, G., 2010. Direct-to-consumer genetic tests: Misleading test results are further complicated by deceptive marketing and other questionable practices: Congressional testimony. DIANE Publishing 2010.
Kim, N. S., 2014. Wrap Contracts: Foundations and Ramifications. OUP, New York, p. 2; and Hedley, S. 2006. The law of electronic commerce and the Internet in the UK and Ireland. 2nd edn, Cavendish Publishing Limited, p. 249.
Please note that this work is ongoing.
Please refer to my related articles on this and please note that tables of companies and all contracts are on file with the author. Please note that when analysis of health related testing contracts was completed the total number of health testing companies identified was 102. Phillips, A.M., 2015. Think before you click ordering a genetic test online. SciTech Lawyer. 11(2), 8; Phillips, A.M., 2015. Genomic Privacy and Direct-to-Consumer Genetics Big Consumer Genetic Data — What's in that Contract? IEEE CS Security and Privacy Workshops; I recently presented with Jan. Charbonneau at the American Federal Trade Commission's PrivacyCon conference in January 2016, the abstract is accessible at <ftc.gov/policy/public-comments/2015/10/09/comment-00057>.
Lewis, N. P., et al., 2011. DTC genetic testing companies fail transparency prescriptions. New genetics and society 30, 291–307.
For information on privacy by design, please see privacy by design < privacybydesign.ca/index.php/about-pbd/> accessed 30 November 2015.
23andMe UK. Common mutations. And some not so common ones. <23andme.com/en-gb/health/benefits/> accessed 16 October 2015; Bio Logis, PGS.Carrier <https://order.pgsbox.com/products/pgs/pgs-carrier> accessed 16 October 2015;
Borry, P., et al., 2011. Preconceptional genetic carrier testing and the commercial offer directly-to-consumers. Hum Reprod. 26(5), 972. http://dx.doi.org/10.1093/humrep/der042.
ibid. 972.
EASAC and FEAM, Direct-to-consumer genetic testing for health-related purposes in the European Union. EASAC policy report 18 <http://www.easac.eu/home/reports-and-statements/detail-view/article/direct-to-co.html> accessed 10 December 201,210; Human Genetics Commission, 2010. A common framework of principles for direct-to-consumer genetic testing services. Department of Health.
Association for Molecular Pathology, 2015. Association for Molecular Pathology Position statement: direct access genetic testing (direct to consumer genetic testing).
GAO, 2006. Nutrigenetic testing — tests purchased from four Web Sites mislead consumers. Testimony before the Special Committee on Aging, U.S. Senate. GAO-06-977T.
National Geographic's Genographic Project, <https://genographic.nationalgeographic.com> accessed 15 October 2015; 23andMe, <23andme.com/ancestry/> accessed 15 October 2015; Family Tree DNA, <http://www.familytreedna.com> accessed 17 October 2015; Nimble Diagnostics, <http://www.nimblediagnostics.com/home/anc.html> accessed 13 October 2015; easyDNA, <http://www.easydna.co.uk/dna-ancestry-test.html> accessed 13 October 2015; AfricanDNA, <http://www.africandna.com> accessed 13 October 2015; African Ancestry, <http://www.africanancestry.com/home/> accessed 13 October 2015; DNA Ancestry Project, <http://www.dnaancestryproject.com> accessed 13 October 2015.
Petrone, J., 28 April 2015. AncestryDNA aims to have 1.3M genotyped by year end. GenomeWeb <genomeweb.com/microarrays-multiplexing/ancestrydna-aims-have-13m-genotyped-year-end>.
Hernandez, D., 6 April 2015. Ancestry.com is quietly transforming itself into a medical research juggernaut. The world post. <http://www.huffingtonpost.com/2015/04/06/ancestrycom-medical-research-juggernaut_n_7008446.html> accessed 6 April 2015; Petrone, J., 17 July 2015. Ancestry sees ancestry health offering as first step in new health-focused strategy. GenomeWeb. <genomeweb.com/microarrays-multiplexing/ancestry-sees-ancestryhealth-offering-first-step-new-health-focused> accessed 20 July 2015.
ibid.
Sorenson Molecular Genealogy Foundation, <smgf.org> 22nd July 2015; International Society of Genetic Genealogy, Welcome to ISOGG! <isogg.org> 3rd August 2015; GenomeWeb staff reporter, 21 July 2015. AncestryDNA, Calico to collaborate on genetics of human longevity. GenomeWeb.
Family Tree DNA, surname & geographical projects <familytreedna.com/projects.aspx> accessed 3rd August 2015; National Geographic's The Genopraphic Project < genographic.nationalgeographic.com> accessed 7 January 2015.
Vorhaus, D., 29 November 2012. DNA DTC: the return of direct to consumer whole genome sequencing. Genomics law report. <genomicslawreport.com/index.php/2012/11/29/dna-dtc-the-return-of-direct-to-consumer-whole-genome-sequencing/> accessed 11 December 2012.
Gene by Gene, <genebygene.com/pages/company> accessed 21 July 2015.
Family Tree DNA, “DNA-Fingerprint joins forces with Family Tree DNA”<familytreedna.com/pdf/Pressrelease%20DNA_Fingerprint.pdf> accessed 3 February 2015.
DNA DTC, 29 November 2012. ‘Gene by Gene launches DNA DTC’ <dnadtc.com> accessed 3 February 2013.
Skirton, H., 2015. Direct to consumer testing in reproductive contexts — should health professionals be concerned? Life Sciences, Society and Policy. 11(4). http://dx.doi.org/10.1186/s40504-014-0018-3; Doe, G., 9 Sept. 2014. With genetic testing, I gave my parents the gift of divorce. Cox Genetics. <vox.com/2014/9/9/5975653/with-genetic-testing-i-gave-my-parents-the-gift-of-divorce-23andme> accessed 10 June 2015;Trevor Hughes, J., 2014. Consent and forgetting: what privacy pros can learn from one family's unexpected experience. <privacyassociation.org/news/a/consent-and-forgetting-what-privacy-pros-can-learn-from-one-familys-unexpected-experience/> accessed 14 September 2014.
Eveleth, R., 2015. Genetic Testing and Tribal Identity. The Atlantic. <theatlantic.com/technology/archive/2015/01/the-cultural-limitations-of-genetic-testing/384740/> accessed 10 September 2015.
Mello, M. M., Wolf, L. E., 2010. The Havasupai Indian tribe case — lessons for research involving stored biologic samples. N Engl J Med. 363(3), 204. http://dx.doi.org/10.1056/NEJMp1005203.
Eveleth (n 47).
Popovsky, M., 2010. Exaggerated benefits and underestimated harms: the direct-to-market consumer genetic test market and how to manage it going forward. 8 Dartmouth LJ 65; TallBear, K., 2014. The emergence, politics, and marketplace of Native American DNA article in: Kleinman, D. L., Moore, K. (Eds.), Routledge Handbook of Science, Technology and Science. Routledge, Abingdon, pp. 21–37.
Who'z the daddy?, <whozthedaddy.com> accessed 13 October 2015; Test Country, <testcountry.com> accessed 13 October 2015; Gensys, <paternity-answers.com> accessed 13 October 2015; International Biosciences, <http://www.ibdna.com> accessed 13 October 2015; Genetic Profiles, <http://www.geneticprofiles.com> accessed 13 October 2015.
BBC News. 24 Sept. 2004. Jail term for fake DNA tests boss. < news.bbc.co.uk/1/hi/england/dorset/3686864.stm > accessed 1 December 2015.
DNAFit. Fitness. <dnafit.com/fitness/> accessed 20 July 2015.
Patenaude, A. F., 2011. Commentary: Save the Children: direct-to-consumer testing of children is premature, even for research. J Pediatr Psychol. 36(10), 1122. http://dx.doi.org/10.1093/jpepsy/jsr068; Howard, H., Avard, D., Borry, P., 2011. Are the kids really all right? Direct-to-consumer genetic testing in children: are company policies clashing with professional norms? EJHG. 19, 1122–7; Holly K Tabor, H. K., Kelley, M., 2009. Challenges in the use of direct-to-consumer personal genome testing in children. The American Journal of Bioethics. 9(6–7), 32. http://dx.doi.org/10.1080/15265160902893916; Fletcher, A. L., 2004. Field of genes: the politics of science and identity in the Estonian genome project. New Genet Soc. 23(1) 3–14.
Map my Gene. Inborn Talent Genetic Test. mapmygene.com/inborn-talent-genetic-test.html> accessed 20 July 2015 — price as of 20 July 2015.
Caulfield, T., et al., 2015. Marginally scientific? Genetic testing of children and adolescents for lifestyle and health promotion. Journal of Law and the Biosciences. 1–18. http://dx.doi.org/10.1093/jlb/lsv038.
All About Truth DNA Services, <allabouttruthdna.com> accessed 13 October 2015; She Cheated, <shecheated.net> accessed 13 October 2015; Test Infidelity, <testinfidelity.com> accessed 13 October 2015; Any Lab Test Now®, <mylabsa.com/index.html> accessed 13 October 2015; Infidelity Testing, <infidelitydnatesting.com> accessed 13 October 2015.
Advanced Healthcare Inc., < advanceddna.in > accessed 28 August 2013, checked again 20 August 2015 — price is current as of 20 August 2015.
Scherr, A. E., 2012. Genetic Privacy & the Fourth Amendment: Unregulated Surreptitious DNA Harvesting. Ga L Rev. 47, 445; Eriq Gardner, E., 2011. Gene swipe: with more DNA labs, few know whether those chromosomes are yours-or you stole them from someone else. ABAJ. 97, 50.
All About Truth DNA Services. <allabouttruthdna.com> accessed 28 April 2014.
Katsanis, S., and Javitt, G., 2009. Surreptitious DNA testing. Genetics & Public Policy Center. <dnapolicy.org/images/issuebriefspdfs/Surreptitious_ testing_issue_brief.pdf > accessed 10 November 2015; Vorhaus, D., 2010. Surreptitious Genetic Testing: WikiLeaks Highlights Gap in Genetic Privacy Law. Genomics Law Report. <genomicslawreport.com/index.php/2010/12/09/surreptitious-genetic-testing-wikileaks-highlights-gap-in-genetic-privacy-law/> accessed 1 December 2015; Shah, A., 2014. Do you know where your DNA is? Genetic Privacy and Non-Forensic Biobanks. Council for Responsible Genetics. <councilforresponsiblegenetics.org/pageDocuments/L0Z6I8MLM3.pdf> accessed 7 December 2015.
Instant Chemistry, <instantchemistry.com> accessed 10 January 2016.
Instant Chemistry. How it works <instantchemistry.com/#how-it-works> accessed 20 July 2015
European Society of Human Genetics, (ESHG) 2010. Statement of the ESHG on direct-to-consumer genetic testing for health-related purposes. 18 Eur J Hum Genet 1271; ESHG, 2011. Direct-to-consumer genetic tests neither accurate in their predictions nor beneficial to individuals, study suggests.<http://www.sciencedaily.com/releases/2011/05/110530190344.htm> accessed 3 November 2011; European Academies Science Advisory Council (EASAC) and the Federation of European Academies of Medicine (FEAM), October 2012. Direct-to-Consumer Genetic Testing — Summary Document (EASAC-FEAM Project on Direct-to-Consumer Genetic Testing); Association for Molecular Pathology, (AMP) 2007. Association for Molecular Pathology Position Statement: on Direct Access Genetic Testing (Direct to Consumer Genetic Testing); AMP, 2015. Association for Molecular Pathology Position Statement: Direct Access Genetic Testing (Direct to Consumer Genetic Testing) (Association for Molecular Pathology); Hudson K et al., 2007. ASHG Statement* on direct-to-consumer genetic testing in the United States. 81 Am. J. Hum. Genet. 635; National Health and Medical Research Council, 2014. DNA Genetic Testing in the Australian Context: A Statement from the National Health and Medical Research Council (NHMRC). <nhmrc.gov.au/guidelines-publications/g9> accessed 30 November 2015.
Human Genetics Commission, 2003. Genes direct: ensuring the effective oversight of genetic tests supplied directly to the public. Department of Health, UK; Human Genetics Commission, 2007. More Genes Direct. Department of Health, UK; Human Genetics Commission, 2010. A Common Framework of Principles for direct-to-consumer genetic testing services. Department of Health, UK; Office of the Privacy Commissioner, 2014. Statement on the use of genetic test results by life and health insurance companies; Canadian College of Medical Geneticists, 2012. CCMG Statement on Direct-to-Consumer Genetic Testing. 81 Clin Genet 1; European Academies Science Advisory Council (EASAC) and the Federation of European Academies of Medicine, (FEAM), 2012. Direct-to-Consumer Genetic Testing — Summary Document. (EASAC-FEAM Project on Direct-to-Consumer Genetic Testing, October); ter Meulen, V., et al., 2012. Direct-to-consumer genetic testing for health-related purposes in the European Union (EASAC Policy Report).
The Makings of Me. 2011. Terms of Use. Saved 3 October 2014. <themakingsofme.com>
AncestryDNA, 2013. US Terms and Conditions. Saved 28 August 2013. < dna.ancestry.com/legal/termsAndConditions> accessed 28 August 2013. The text of the current version of this document is substantially the same, see clause 7, Terms and Conditions: AncestryDNA has the right, at its sole discretion, to modify this Agreement, as well as the Website, Content, and the Service, at any time. Changes to this Agreement will be posted on the AncestryDNA Website and/or sent via email, and by changing the date of last revision on this Agreement. If any portion of this Agreement or any change to the AncestryDNA Website, Content, or the Service is unacceptable to you or will cause you to no longer be in compliance with the Agreement, you may cancel your account by following the instructions in this Agreement. Continued use of the AncestryDNA Website or the Service following posted changes in this Agreement means that you accept and are bound by the changes. Accessed 7 January 2016.
Loos, M., and Luzak J., 8 Jan. 2015. Wanted: A Bigger Stick. On Unfair Terms in Consumer Contracts with Online Service Providers. On Unfair Terms in Consumer Contracts with Online Service Providers. Centre for the Study of European Contract Law Working Paper Series. 2015–01. Amsterdam Law School Research Paper No. 2015–01.
Kim, N. S., 2014. Wrap Contracts: Foundations and Ramifications. OUP, New York, pp. 71–6.
ibid. pp. 192–200.
ibid. p. 187.
ibid. pp. 192-99.
McGuire, A., et al., 2009. Social networkers' attitudes toward direct-to-consumer personal genome testing. Am J Bioeth. 9(6–7) 3–10. http://dx.doi.org/10.1080/15265160902928209; Howard, H. C., Borry, P., 2009. Personal genome testing: do you know what you are buying? Am J Bioeth. 9(6–7), 11. http://dx.doi.org/10.1080/15265160902894005.
Phillips, A. M., 2015 Protecting the rights of consumers — clickwrap contracts and Direct–To–Consumer Genetic Testing (DPhil thesis, University of Oxford).
Kalokairinou, L., Howard, H. C., and Borry, P. 2015. Current developments in the regulation of direct-to-consumer genetic testing in Europe. Medical Law International. http://dx.doi.org/10.1177/0968533215618441.
Ray, T. 2014. 23andMe Gets CE Mark, Launches PGS Offering in UK for £125′ GenomeWeb <genomeweb.com/microarrays-multiplexing/23andme-gets-ce-mark-launches-pgs-offering-uk-125> accessed 20 August 2015; Gibbs, S., 2014. DNA-screening test 23andMe launches in UK after US ban. The Guardian. <theguardian.com/technology/2014/dec/02/google-genetic-testing-23andme-uk-launch> accessed 30 August 2015.
Kalokairinou, L., Howard, H. C., Borry, P., 2014. Changes on the horizon for consumer genomics in the EU. Science. 346, 296; Proposal for a Regulation 9770/15 of the European Parliament and of the Council on in vitro diagnostic medical devices of 12 June 2015. Interinstitutional File: 2012/0267 (COD).
Cunningham, M., 2015. Next Generation Privacy: The Internet of Things, Data Exhaust, and Reforming Regulation by Risk of Harm. Groningen Journal of International Law. 2, 122.
Maldarelli, C., 2015. 23andme Discloses Police Requests For Customers' DNA. <popsci.com/23andme-publishes-transparency-report-that-reveals-authority-dna-requests> accessed 10 December 2015.
Gymrek, M., et al., 2013. Identifying personal genomes by surname inference. Science. 339(6117), 321. http://dx.doi.org/10.1126/science.1229566.
Erlich, Y., Narayanan, A., 2014. Routes for breaching and protecting genetic privacy. Nature Reviews Genetics. 15(6), 409–21. http://dx.doi.org/10.1038/nrg3723.
Wang, R., et al., 2009. Learning your identity and disease from research papers: information leaks in genome wide association study, article in: Proceedings of the 16th ACM conference on Computer and communications security. ACM, pp. 534–544.
Ayday, E., et al., 2015. Whole genome sequencing: revolutionary medicine or privacy nightmare? Computer. 2, 58–66, 62.
Ray, T., and Thomas, U., 29 December 2015. Startup Guardiome Emphasizes Privacy in New WGS Consumer Offering. Genomeweb <genomeweb.com/sequencing-technology/startup-guardiome-emphasizes-privacy-new-wgs-consumer-offering> accessed 30 December 2015.
van Rijmenam, Mark, August 2013. Why The 3V's are not sufficient to describe big data <https://datafloq.com/read/3vs-sufficient-describe-big-data/166> accessed 13 October 2015; ISO/IES JTC 1. 2014. Big Data. Preliminary Report. <iso.org/iso/big_data_report-jtc1.pdf> accessed 13 October 2015.