By Adithi Iyer
In my last piece, I discussed the hypothetical successor of 23andme — a tissue-based direct-to-consumer testing service I’ve called yourtissueandyou — and the promise and perils that it might bring in consumer health information and privacy. Now, as promised, a closer look at the “who” and “how” of protecting the consumer at the heart of direct-to-consumer precision medicine. While several potential consumer interests are at stake with these services, at top of mind is data privacy — especially when the data is medically relevant and incredibly difficult to truly de-anonymize.
As we’ve established, the data collected by a tissue-based service will be vaster and more varied than we’ve seen before, magnifying existing issues with traditional data privacy. Consumer protections for this type of information are, in a word, complicated. A singular “authority” for data privacy does not exist in the United States, instead being spread among individual state data privacy statutes and regulatory backstops (with overlapping sections of some federal statutes in the background). In the context of health, let alone highly sophisticated cell signaling and microenvironment data, the web gets even more tangled.