In a recent “warning letter” to 23andMe, the FDA informed the genetic testing company that they are marketing their Saliva Collection Kit and Personal Genome Service (PGS) to the public without the proper marketing clearance or approval from the FDA. The FDA then went on to say that 23andMe needs to discontinue marketing the PSG kit until the company has received FDA approval to do so. The Genomics Law Report outlines some background and details of the cease and desist letter in two posts, here and here. If you’re interested in more of the legalities and potential implications of the FDA v. 23andMe battle, the posts are a great read.
However, what really resonated with PPR was this Scientific American article by Charles Seife, also prompted by the recent FDA/23andMe kerfuffle: 23andMe is Terrifying, But Not for the Reasons the FDA Thinks. Seife also touches on the regulatory issue with the FDA, but really captures what we see to be the bigger problem with 23andMe with this:
But as the FDA frets about the accuracy of 23andMe’s tests, it is missing their true function, and consequently the agency has no clue about the real dangers they pose. The Personal Genome Service isn’t primarily intended to be a medical device. It is a mechanism meant to be a front end for a massive information-gathering operation against an unwitting public.
As Seife also reports, the company wants to become the “Google of personalized health care.” Well, yikes.
For now, 23andMe says they won’t sell your information without your explicit consent, but we’ve seen enough policies and rules change over time (e.g., Google’s constantly changing policies, HIPAA and the elimination of consent, etc.) to know that “guarantee” isn’t written in stone. Sure, it’s possible that the company wants to use the data it collects for research that proves beneficial to the public, but…it doesn’t seem like a huge leap to say that 23andMe isn’t gathering all that data for altruistic purposes.
Ultimately, as Seife says, the real issue here is what 23andMe (and any other company or organization that collects personal health information) should be allowed to do with the data it collects. There are a number of privacy problems that must be considered when answering that question, which Seife also outlines quite well in the article. Of course, the debate over how we can best manage privacy concerns vs. public benefit and other interests is complex and varied. But at the very least, PPR believes you should be in charge of how your personal information is used. And, you should be able to see who all has access to it, when someone has accessed it, and why.
Side Note: As always, we want to point out that we’re not trying to stand in the way of the very cool things happening with research and technology. In fact, we are very excited about the possibilities offered by advancements in these fields. We like you, research and technology, we really like you. But we like research and technology that does what the public expects and truly protects your privacy; that doesn’t allow your personal information to be used or shared in hidden ways; that allows you to be in charge and aware of what’s happening with your personal information at all times; that you can trust to honor your wishes regarding how your sensitive health information is used.