We are all tired of seeing the “accept all cookies” or “do not share or sell my personal data” options when we visit websites. Sometimes we might go through and “deny” every option, and other times out of laziness or indifference, we just select “accept all” to save ourselves the effort. But why does this matter? And why are websites so invested in collecting and selling our personal data and preferences?
In a world of data as a commodity, our personal information is incredibly valuable. Whether used to direct market trends or tailor product development, every aspect of our personal information is highly sought after by large corporations to monetize.[1] The human genome is extremely personal in nature and can encompass almost everything that these corporations pay exorbitant fees to mine.[2]From the most macular to the microscopic, our genetic information can reveal our relatives, our risks for various diseases, our ancestry, and much more. Access to genomic information has limitless implications; it can reduce the COA (cost of acquisition) per customer by showing our overarching physiological preferences or even enable biotechnology companies to build devices that anticipate future health needs through genetic predispositions.[3]
Due to the value of this information, our genetic data has been subjected to data breaches and exploitation for over hundreds of years. To this day, the cells most commonly used to research cancer were originally harvested without the consent of their owner, Henrietta Lacks.[4] Our personal data is being exchanged en masse. 23andMe, a well-known pioneer in the genetic D2C space, has been able to maintain low costs for consumers looking to reconnect with relatives or determine their ancestral origins by selling their customer’s genetic data on the back end to large corporations.[5] The most devastating aspect is that all of this is perfectly legal. Courts have ruled that our own genetic/cellular matter is not “owned” by us once it leaves our body.[6] This poses serious risks as we continue to push into this age of big data. While companies have made substantial medical progress through the large-scale analysis of our population’s genome in advancement towards effective Alzheimer’s and ADHD treatments, privacy exploitation is a huge cost to pay by a population that is entitled constitutionally to their individual freedoms.[7]
The court system historically sides against individuals seeking legislative justice for cellular exploitation, and the government has yet to pass firm legislation in the protection and ownership over our bodies.[8] From an intellectual property standpoint, all naturally occurring biological data is unpatentable.[9] While this prevents the buyers of the genetic data from declaring explicit ownership over the genomic information it collects, it does not prevent the wide-scale commercialization and utilization of that data. Henrietta Lacks’s cells, for example, while not patented by the individual who harvested and propagated them without her informed consent, are the baseline cell used in nearly all cellular research to this day, including HIV, the COVID-19 vaccine, and the polio vaccine (note: neither Henrietta nor her descendants have ever been compensated for her invaluable contributions to science).[10]
Our genetic information, once captured, is not private. A large concern for individuals who have opted-in to collection of their genomic sequencing information is that any discovered predisposition for disease might be shared with their health insurance company who in turn might either alter or decline coverage options for customers.[11] Direct sharing of this information is protected by the Genetic Information Non-Discrimination Act of 2008, but it might be legal if a relative learns of it through a space such as 23andMe and sells or shares it in some way.[12] Even law enforcement has tapped into this space and actively requests data from genetic companies, in one instance leading to the capture of the Golden State Killer.[13] Further, these companies are often not covered under the Health Insurance Portability and Protection Act (HIPAA), which only protects health information shared in a doctor’s office or official health system portal like an online hospital patient profile.[14] This means that large tech companies that might possess healthcare data are not always HIPAA bound and are not subject to the strict privacy rules within that statute.
Some states, such as California, have taken matters into their own hands. The California Consumer Privacy Act of 2018 is hailed as one of the most comprehensive acts in the US to protect consumers against unlawful harvesting and sale of personal information.[15]It provides users with both the right to know what personal information is being collected and shared, the right to delete their personal information collected, the right to opt-out of the sale of their information, and lastly the right to not be discriminated against for exercising their rights.[16]
Digital privacy is a relatively new phenomenon with the internet being just over 50 years old,[17] but the government’s hesitation to legislatively regulate this arena poses dangerous implications for internet users. The internet is becoming a necessity to pay bills, access bank accounts, advance education, and perform essential job functions.[18] This hesitation is likely a reflection of the age of high-level legislatures with the average age of US Senators landing at 64 years old and highlights the discrepancies between the lawmakers and the generations they are impacting.[19] To make laws to protect the integrity and safety of online users, especially in the management of their private healthcare data, lawmakers need to actively assert legislative authority over the inner workings of the internet to protect against hackers and exploitation of US citizens.
As our valuable genetic information becomes digitized, we need better infrastructure in place that is wholly dedicated to genetic privacy. Specifically, there needs to be set guidelines for tech companies to take additional measures against hacking attempts and to prevent uninformed selling of our digital information. Presently, once we relinquish our blood, cells, or genetic information to an organization, we often do not have the right to reclaim it. This exploitation has taken place at the largest scales prior to this new digital age, and lawmakers should learn from what transpired with Henrietta Lacks and prevent another assault on our genetic personal privacy and freedom.
[1] Why is personal data valuable?, Accountable, https://www.accountablehq.com/page/why-is-personal-data-valuable (last visited Apr. 21, 2024).
[2] Id.
[3] Id.
[4] Chloe Kent, Immortal cells and informed consent: The legacy of Henrietta Lacks, Pharmaceutical Technology (Jan. 11, 2023), https://www.pharmaceutical-technology.com/features/hela-consent-henrietta-lacks/?cf-view.
[5] Julian Segert, Understanding Ownership and Privacy of Genetic Data, Science in the News (Nov. 28, 2018), https://sitn.hms.harvard.edu/flash/2018/understanding-ownership-privacy-genetic-data/.
[6] Ownership of Genetic Information, Genetics Generation, https://knowgenetics.org/ownership-of-genetic-information/ (last visited Apr. 21, 2024).
[7] Segert, supra note 5.
[8] Supra note 6.
[9] 2106 Patent Subject Matter Eligibility [R-10.2019], MPEP (9th ed. Rev. 07.2022), https://www.uspto.gov/web/offices/pac/mpep/s2106.html (last visited Apr. 21, 2024).
[10] Kent, supra note 4.
[11] Segert, supra note 5.
[12] Id.
[13] Id.
[14] Erin Brodwin & Tina Reed, Privacy is at risk as HIPAA fails to keep pace with digital health, Axios (Apr. 6, 2023), https://www.axios.com/2023/04/06/privacy-risk-hipaa-digital-health.
[15] Michael Fertik, CCPA Is A Win For Consumers, But Businesses Must Now Step Up On CX, Forbes (Jan. 27, 2020), https://www.forbes.com/sites/michaelfertik/2020/01/27/ccpa-is-a-win-for-consumers-but-businesses-must-now-step-up-on-cx/?sh=2ea2e6e96557.
[16] State of Cal. – Dep’t of Just. – Office of the Att’y Gen., Cal. Consumer Privacy Act (CCPA), https://oag.ca.gov/privacy/ccpa (last updated Mar. 13, 2024).
[17] A Brief History of the Internet, Online Library Learning Center, https://www.usg.edu/galileo/skills/unit07/internet07_02.phtml (last visited Apr 21, 2024).
[18] Why Internet Matters, Internet for All, https://www.internetforall.gov/why#:~:text=It%20powers%20education%20and%20economy,on%20many%20of%20these%20benefits (last visited Apr. 21, 2024); Digital Banking vs. online banking: What’s the difference?, Chase, https://www.chase.com/personal/banking/education/basics/digital-banking-vs-online-banking-whats-the-difference#:~:text=Online%20banking%20relies%20on%20an,digital%20banking%20functions%20and%20services (last visited Apr. 21, 2024).
[19] Lydia Stowe, How Old is the 118th Congress, FiscalNote (Feb. 6, 2023), https://fiscalnote.com/blog/how-old-118th-congress.