A group of DNA testing companies, including 23AndMe, Ancestry, Habit, Helix, and MyHeritage, released on Tuesday a set of privacy “best practices” developed with the Future of Privacy Forum, Gizmodo reports.
The companies say they’ll get consent before sharing genetic information with third parties, gather informed consent for research projects, and not market to people based on their relatives’ genetic information. The companies also say they won’t disclose information to insurers or employers without consent and will provide annual reports on requests received from law enforcement.
Privacy concerns arose around DNA testing services after police reportedly used genetic data from a site called GEDMatch to identify a suspect in the Golden State Killer test. At the time, major DNA testing sites said such requests are rare.
More recently, 23AndMe signed a deal to share customer genetic data with pharmaceutical company GlaxoSmithKline for research purposes. The company emphasized that only information about customers who had opted in to research use of their data would be included.
“Our top priority is our customer, and empowering each individual with the options to participate in research,” CEO Anne Wojcicki said in a statement. “As always, customers choose whether or not to participate in research. Customers can choose to opt-in or opt-out at any time.”
Fast Company reported in June that 23AndMe and Ancestry are being probed by the Federal Trade Commission over their data-handling practices.