These laws, Wired notes, aim to bridge the gap between the medical data that is protected under the Health Insurance Portability and Accountability Act — such as results from tests that are ordered by physicians — and genetic data that someone might receive from a direct-to-consumer genetic test that still may include sensitive information. The California law, for instance, limits what data DTC genetic testing companies can collect, it says, adding that it also requires that consumers provide consent to be part of any related research efforts or have their data shared and that there must be a way to opt out.
States like Utah and Arizona have also passed genetic privacy laws this year, Wired adds. Florida, meanwhile, passed a genetic privacy law in 2020 and this year passed a law to make unauthorized DNA analysis a felony. Meanwhile, Maryland and Montana have passed laws limiting the use of genetic genealogy by law enforcement officials.