Home | Databases | WorldLII | Search | Feedback Public Interest Law Journal of New Zealand

Prabhakar, Gauri --- "To gene or not to gene: genetic privacy implications in the age of big data" [2021] NZPubIntLawJl 6; (2021) 8 PILJNZ 60

Last Updated: 18 February 2023

60 Public Interest Law Journal of New Zealand (2021)

60¹

Public Interest Law Journal of New Zealand

(2021) 8 PILJNZ 60

ARTICLE

To Gene or Not to Gene:

Genetic Privacy Implications in the Age of Big Data

GAURI PRABHAKAR*

The past 20 years has seen a number of developments in next-generation deoxyribonucleic acid (DNA) sequencing. One such development is the proliferation of direct-to-consumer DNA testing kits. While the companies who administer these kits allow individuals to explore their heritage and potentially create healthier lifestyles, their products are underscored by significant informational privacy concerns. This article discusses two concerns: first, the lack of informed consent present when an individual purchases a direct-to-consumer DNA testing kit online; and secondly, the potential for genetic discrimination by insurance companies should they gain access to this information. To overcome such privacy concerns, this article argues for a conception of privacy based on trust. ^“Privacy-as-trust^” offers a more robust framework to overcome privacy issues because it holds direct-to-consumer DNA testing companies as ^“information fiduciaries^”. It also totally bars insurance companies from requesting and accessing genetic information through these DNA testing companies.

I Introduction

Picture the following scenario, created by patent attorney Sejin Ahn: Vincent, a man curious about his ancestry, undertakes a direct-to-consumer (DTC) genetic test after being advertised the product from 23andMe.¹ Apprehensive about sharing his genetic

* BA/LLB(Hons), University of Auckland. This article is based on a paper submitted in partial fulfilment of the requirements for the degree of Bachelor of Laws (Honours). I would like to thank my supervisor, Mr Stephen Penk, for the feedback, guidance and support he provided as I wrote this article.

1. Sejin Ahn ^“Whose Genome Is It Anyway?: Re-identification and Privacy Protection in Public and Participatory Genomics^” (2015) 52 San Diego L Rev 751 at 752–755. The names here have been changed from Ahn^’s article: ^“Vincent^” and ^“Anton^” are taken from the 1997 science fiction film,

information, Vincent briefly skims 23andMe^’s privacy policy, which states that his deoxyribonucleic acid (DNA) will be anonymised and will not be shared with third parties without his permission. He proceeds with the genetic test, delighted that he can contribute his genetic information to the scientific community, and learn about his ancestry and health.² However, once he receives his results, Vincent discovers that he has a rare mutation which could cause a neurological disorder.³ Although upset, Vincent shelves this information.

Some time later, Vincent and his brother, Anton, apply for life insurance as a safety net for their children.⁴ The application process requires them to submit any genetic tests done in the past. Vincent is understandably uncomfortable about yielding his DTC test results, but nevertheless complies with the insurance company^’s request. Meanwhile, Anton is unaware that Vincent^’s genetic test revealed a potentially life-threatening mutation. When the insurance company discovers this mutation, they deny coverage to both Vincent and Anton.⁵

This example paints a bleak but plausible picture. The past two decades have seen an explosion in next-generation DNA sequencing and cloud-based data sharing.⁶ However, such advancements are underscored by the informational privacy violations that occur when DTC testing companies fail to cater to the genetic privacy interests of individuals. The scenario above highlights the two key privacy issues this article will discuss: first, the lack of informed consent present when an individual purchases a DTC genetic test online; and secondly, the potential for genetic discrimination by insurance companies should they have access to such information.⁷

The debate can be summarised in one fundamental question: in the age of ^“big data^”, can the rights of individuals to keep genetic information private outweigh the right to access and use that information to improve public health and ensure profitability? Framing this debate as a trade-off is useful in highlighting the necessity of genetic privacy protections. This article argues that privacy is not a trade-off between the minority and the majority. Instead, with the correct conception of privacy, all parties can win. This conception will be called ^“privacy-as-trust^”.⁸

Part II canvasses the foundations which formulate this article^’s discussion. This includes an overview of ^“big data^” and how technological advancements impact genetic testing. Part III analyses the theoretical basis on which informational privacy is premised, discussing why current conceptions of privacy are inadequate in the context of

Gattaca, which was written and directed by Andrew Niccol. The film, a bleak depiction of a futuristic society dependent on genetic screening to produce the ^“best^” humans, served as a key inspiration for choosing this topic.

2. Ahn, above n 1, at 753. 3 At 753.

4 At 753.

5 At 755.

6 At 755.

7. These two issues are not the only privacy issues that arise with the proliferation of genetic testing. For example, there is also the Direct to Consumer [DTC] testing of minors in the case of paternity suits, employment discrimination, and the use of genetic information by police to solve crime. These issues, however, are outside the scope of this article and will not be examined.
8. Ari Ezra Waldman Privacy as Trust: Information Privacy for an Information Age (Cambridge University Press, New York, 2018) at 67; and Ari Ezra Waldman ^“Privacy as Trust: Sharing Personal Information in a Networked World^” (2015) 69 U Miami L Rev 559 at 564.

^“big data^” and DTC testing. This article then introduces privacy-as-trust as the superior conceptual framework to follow.

This sets the stage for Part IV, where the first of this article^’s two issues is discussed: the informational privacy violations that occur when a person purchases a DTC testing kit. Particular attention is drawn to the practice of DTC testing companies in emphasising informed consent while simultaneously misleading consumers with biased information as to the merits of DTC testing kits. Part IV then concludes that the privacy-as-trust framework is superior as it imposes the standard of an ^“information fiduciary^” between DTC consumers and companies.

Part V analyses the second issue: the potential privacy infringements that occur when insurance companies gain access to a person^’s genetic information. The worst infringement is genetic discrimination. Here, the various arguments insurance companies might make in pursuing unrestricted access to an individual^’s genetic information are considered. By dismantling these arguments, this Part argues the privacy-as-trust conception would impose tiered regulations upon insurance companies while simultaneously denying them the ability to access a person^’s genetic information from third-party platforms.

II “Big Data” and Genetic Testing: an Overview

A “Big data”

Today, there is a near-constant flow of data generation. Government departments, corporations, and academic and scientific institutions routinely create, collect and analyse significant quantities of data from which information can be extracted.⁹ An estimated 90 per cent of data in the world in 2018 was created in the previous two years, with

2.5 quintillion bytes of data still being generated each day.¹⁰

The constant flow of data has given rise to what Soshana Zuboff calls ^“surveillance capitalism^”.¹¹ In short, surveillance capitalism is the commodification of personal information and private experience.¹² Here, corporations accumulate and monitor personal data to predict and modify human behaviour and, in turn, produce revenue and market control.¹³

However, the use of personal data has had numerous unintended consequences. For example, the New York Times reported a story in 2012 where a father entered a local Target to voice his objection to it sending baby-related coupons to his teenage daughter, believing the store was encouraging pregnancy.¹⁴ In reality, the girl was pregnant,

9. Rob Kitchin The Data Revolution: Big Data, Open Data, Data Infrastructures & Their Consequences (SAGE Publications, London, 2014) at 67.
10. Government Chief Data Steward Data Strategy and Roadmap for New Zealand (Stats NZ, December 2018).
11. Shoshana Zuboff ^“Big other: surveillance capitalism and the prospects of an information civilization^” (2015) 30 Journal of Information Technology 75 at 75. See also Shoshanna Zuboff The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power (PublicAffairs, New York, 2019).
12. Shoshanna Zuboff ^“Surveillance Capitalism and the Challenge of Collective Action^” (2019) 28(1) New Labour Forum 10 at 10.
13. Zuboff ^“Big other^”, above n 11, at 75.
14. Charles Duhigg ^“How Companies Learn Your Secrets^” (16 February 2012) New York Times

<www.nytimes.com> as cited in Waldman Privacy as Trust, above n 8, at 63, n 6.

unbeknownst to her family.¹⁵ It was revealed that Target had created a pregnancy prediction model using search history, Facebook ^“likes^” and credit card transactions, among other things, to single out the girl.¹⁶ If Target could capture a pregnant consumer^’s preferences before announcements were made, it would experience less competition from rival baby-related advertisements.¹⁷

The issue that arises, then, is the opaque collection of data by governments and corporations through advertising techniques and third-party sharing, which creates the potential for ^“mistaken, misguided, or malevolent^” uses of personal information.¹⁸ As this article will demonstrate, this issue also arises through genetic testing.

B Genetic testing

The human body is made up of roughly 37 trillion cells.¹⁹ Cells are the body^’s underlying structural and functional units, each harbouring 23 pairs of chromosomes consisting of DNA.²⁰ Chromosomes, in turn, organise themselves into short strands of DNA called genes.²¹ Genes are unique to each individual, and genetic markers can be found in hair, blood, saliva and other parts of the body.²² Importantly, genes provide the key to inherited characteristics, such as physical traits, cognitive ability and disease profile.²³

Over the past two decades, there have been several breakthroughs in genetic testing technologies. These advances are spurred by the belief that a better understanding of how genes affect health allows for a fuller picture of a person^’s physical future.²⁴ With DTC testing kits, for example, more than 26 million consumers have added their DNA to the four leading commercial ancestry databases.²⁵ This number is expected to surpass 100 million people in total if the consumption of DTC testing kits continues at its current pace.²⁶ Various types of genetic testing retail in the mainstream marketplace. These include ancestry testing; fitness and lifestyle testing, which provides consumers with genetically-tailored workout and diet advice; and health risk testing, which can reveal a consumer^’s risk of developing certain genetic diseases such as Alzheimer^’s and

15. Waldman Privacy as Trust, above n 8, at 63.
16. Duhigg, above n 14.
17. Waldman Privacy as Trust, above n 8, at 63.
18. Katherine J Strandburg ^“Monitoring, Datafication, and Consent: Legal Approaches to Privacy in the Big Data Context^” in Julia Lane and others (eds) Privacy, Big Data, and the Public Good: Frameworks for Engagement (Cambridge University Press, New York, 2014) 5 at 5.
19. Beth Skwarecki Genetics 101: From Chromosomes and the Double Helix to Cloning and DNA Tests, Everything You Need to Know about Genes (Adams Media, New York, 2018) at 14.
20. Georgi Muskhelishvili DNA Information: Laws of Perception (Springer, Cham, 2015) at 2. This is with the exception of red blood cells and gametes.
21. Genetic Alliance and The New York-Mid-Atlantic Consortium for Genetic and Newborn Screening Services Understanding Genetics: A New York, Mid-Atlantic Guide for Patience and House Professionals (July 2009) at 6.
22. Ronald J Rychlak ^“DNA Fingerprinting, Genetic Information, and Privacy Interests^” (2015) 48 Tex Tech L Rev 245 at 245.
23. Godfrey B Tangwa ^“Genetic Information: Questions and Worries from an African Background^” in Alison K Thompson and Ruth F Chadwick (eds) Genetic Information: Acquisition, Access, and Control (Kluwer Academic, New York, 1999) 275 at 275; and Muskhelishvili, above n 20, at 2.
24. D Koepsell and V Gonzalez Covarrubias ^“The rise of big data and genetic privacy^” (2016) 2 Ethics, Medicine and Public Health 348 at 350.
25. Antonio Regalado ^“More than 26 million people have taken an at-home ancestry test^” MIT Technology Review (online ed, Cambridge (Mass), 11 February 2019).
26. Regalado, above n 25.

Parkinson^’s.²⁷ Once a consumer purchases a genetic test, the company typically sends the consumer a test kit, which the consumer uses to collect a DNA sample—usually saliva.²⁸ This is then sent back to the company for analysis before it provides the consumer with their test results.²⁹

Individuals may purchase genetic testing kits for various reasons. First, understanding one^’s genetic ancestry and risk of disease can be personally fulfilling. An individual who learns, through genetic testing, that they have a propensity for developing Type 2 diabetes can make conscious efforts to control their diet and exercise. Secondly, genetic information is useful in directing knowledge towards medical intervention and cures.³⁰ At a societal level, human genetic material can contribute towards public health protection, by tracking the incidence, patterns and trends of genetic diseases across populations.³¹ Thus, genomic technologies not only aid humans in understanding physiological and ancestral traits, but also provide guidance in treating genetic disorders and enhancing the wellbeing of societies.³²

C The problem

The proliferation of genetic testing is not occurring in a vacuum. If it were, arguments around ancestry testing allowing for people to connect with their heritage, or around disease testing allowing for individuals to make conscious health choices, would be more persuasive. In the age of ^“big data^”, genetic information poses a unique threat to privacy. Genetic information exposes the personal attributes of an individual and their family. More broadly, genetic information can be shared or sold to third parties, such as pharmaceutical corporations, or used to discriminate against individuals in the context of insurance.³³

This article focuses on two key issues facing the genetic data revolution: first, the relative lack of regulation in the DTC genetic testing industry; and secondly, the relationship between genetic information, genetic testing and insurance. Each issue is underpinned by the violation of informational privacy interests.

III Informational Privacy

Privacy is a nebulous concept. It encompasses a variety of values, interests, and situations. Privacy is relevant when considering freedom of thought, solitude in one^’s home, individual autonomy and, importantly for this article, control of personal information.³⁴

27. Sandra Gordon ^“Types of DTC genetic tests^” (2017) 94(14) Medical Economics 28 at 28.
28. Rachel Horton ^“Direct-to-consumer testing: a clinician^’s guide^” (17 January 2020) Genomics Education Programme <www.genomicseducation.hee.nhs.uk>.
29. Andelka M Phillips ^“Reading the fine print when buying your genetic self online: direct-to- consumer genetic testing terms and conditions^” (2017) 36 New Genetics and Society 273 at 274.
30. Koepsell and Covarrubias, above n 24, at 351.
31. Lawrence O Gostin and James G Hodge Jr ^“Genetic Privacy and the Law: an End to Genetics Exceptionalism^” (1999) 40 Jurimetrics J 21 at 22.
32. Koepsell and Covarrubias, above n 24, at 351.
33. Gostin and Hodge Jr, above n 31, at 22.
34. Richard T De George The Ethics of Information Technology and Business (Blackwell, Malden, 2003) at 43–44 as cited in Richard T De George ^“Privacy, Public Space, and Personal Information^” in Ann E Cudd and Mark C Navin (eds) Core Concepts and Contemporary Issues in Privacy (Springer, Cham, 2018) 107 at 108.

Informational privacy differs from conventional conceptions of privacy. Privacy is typically thought of as a negative right: as freedom from the prying eyes of government and society.³⁵ This conception thus sees solitude, separation and seclusion as the central defining characteristics of privacy. This is intuitively appealing because it has empirical value: people know, instinctively, that diaries and bathrooms are ^“private^”.³⁶ As Ari Ezra Waldman notes, even etymologically, the Latin ancestors of the modern word—privatus and privare—refer to the withdrawal from public life and to privation and deprivation, respectively.³⁷ Privacy, then, is distinctly spatial: it is envisioned as a physical or a metaphorical property line drawn around what is and is not to be excluded from the public eye.

However, privacy-as-freedom-from falls short when considering informational privacy in the age of ^“big data^”. Under this negative framework, once information is shared, it is no longer considered private. Consequently, it is no longer protected.³⁸ To be online today means to be constantly watched. Is it correct to say privacy rights will no longer be afforded once someone has consented to erasing the property line around personal information by clicking an ^“I consent^” box in an online contract? In this sense, privacy-as-freedom-from fails to adequately consider the pervasiveness with which information and communication technologies govern people^’s lives, and therefore treats the act of sharing information as giving up one^’s privacy interests altogether.

Privacy should therefore be reformulated as a positive right: as freedom for autonomy

or freedom to choose. This conception more accurately addresses the intangible invasiveness of surveillance and data tracking, thereby vindicating the inherent privacy rights of the individual.³⁹ This conception also assists in defining informational privacy by focusing on the individual^’s personal information when set against the omniscience of information and communication technologies. Thus, the strength of this approach is its ability to recognise, in the age of ^“big data^”, that the exploitation of personal information is not a privacy injury in the conventional sense.⁴⁰ Under this conception, informational privacy is wounded when personal data is collected without sufficient controls. Informational privacy, then, is no longer about separation or exclusion. It is about autonomy and choice.

This conception of privacy is profound and has had more of an impact on privacy law scholarship than any other theory.⁴¹ Most significantly, privacy-as-freedom-for has seen the birth of the notice-and-choice approach in situations where informational privacy may be infringed. Notice-and-choice requires data collectors to disclose what information is collected, how it is collected, for what purpose it is collected and with whom they share it.⁴² This is the ^“notice^”.⁴³ Once a person receives notice, they can make an informed

35. Samuel D Warren and Louis D Brandeis ^“The Right to Privacy^” (1890) 4 Harv L Rev 193 at 196.
36. Waldman Privacy as Trust, above n 8, at 13.
37. Raymond Williams Keywords: A Vocabulary of Culture and Society (revised ed, Fontana Paperbacks, London, 1983) at 243 as cited in Waldman Privacy as Trust, above n 8, at 25, n 87.
38. Waldman Privacy as Trust, above n 8, at 13. 39 At 27.

40 At 30.

41 At 30.

42. Daniel J Solove and Woodrow Hartzog ^“The FTC and the New Common Law of Privacy^” (2014) 114 Colum L Rev 583 at 592 as cited in Waldman Privacy as Trust, above n 8, at 30.
43. Solove and Hartzog, above n 42, at 592.

decision as to whether to continue or to choose a different product or platform. This is the ^“choice^”.⁴⁴

The notice-and-choice approach is seen prominently in New Zealand^’s Privacy Act 2020 and the information privacy principles (IPP) contained therein.⁴⁵ IPP 1, for example, states that an agency must not collect personal information about an individual unless it is collected for a lawful purpose and that collection of information is necessary for that purpose. Transparency mechanisms are ensured in IPP 3, which centres on the collection of information from the subject: agencies must take steps to ensure that the subject is aware their personal information is being collected, the purpose for which it is being collected and the intended recipients of the information, among other things.⁴⁶ If an individual feels an agency has improperly collected, stored or used their information, they can complain to the Privacy Commissioner under s 70, who can investigate the complaint and conduct an inquiry.⁴⁷

The notice-and-choice approach is a step in the right direction because it emphasises transparency and consent with regard to informational privacy. However, it too is problematic. First, the notice-and-choice approach is premised on the idea that humans exist in a vacuum and are rational, autonomous actors. The approach is rooted in the doctrine of informed consent, which argues that one can exercise control over information by making logical disclosure decisions.⁴⁸ If all relevant knowledge about a company^’s data-collecting practices is obtained, the idea is that a person would then be empowered to make better judgements about their personal privacy values. This, in turn, signals their willingness to participate in the market.⁴⁹

In reality, human activities do not exist in a vacuum. People have little control over the information they disclose online. Most websites are constantly tracking users, all the way down to the movement of people^’s cursors on-screen.⁵⁰ Unless someone lives a life free from the Internet—which is impossible if that person wants to meaningfully participate in modern society—there is no choice but to click the ^“I consent^” and ^“I accept^” buttons when faced with an online contract. It is therefore arguable whether the ^“choice^” under the notice-and-choice approach is truly informed, consensual and rational. If one^’s choice is not made freely and voluntarily, there is little point in propounding a conception of informational privacy based on control.⁵¹

The second flawed aspect of notice-and-choice is its assumption that humans are rational. Information online is frequently presented in a biased way. Something as seemingly benign as web design may be correlated with a higher willingness to disclose personal information.⁵² Further, users simply do not understand the long-term consequences of disclosing purportedly innocuous pieces of personal information.

44 At 592.

45. Privacy Act 2020, s 22.
46. See s 22, Information privacy principle [IPP] 3(1)(a)–3(1)(g) for the full list of factors.
47. For more information on the Privacy Act, see Paul Roth and Blair Stewart Roth^’s Companion to the Privacy Act 2020 (LexisNexis, Wellington, 2021).
48. Waldman Privacy as Trust, above n 8, at 31. 49 At 31.
    50. Christopher Mims ^“The Next Big Thing in Analytics: Tracking Your Cursor^’s Every Move^” MIT Technology Review (online ed, Cambridge (Mass), 20 May 2011).
    51. Waldman Privacy as Trust, above n 8, at 32.
    52. Han Li, Rathindra Sarathy and Heng Xu ^“The role of affect and cognition on online consumers^’ decisions to disclose personal information to unfamiliar online vendors^” (2011) 51 Decision Support Systems 434 at 435.

If someone wants the online product or service badly enough, they will overlook the long-term cost to informational privacy to satisfy immediate desires.

However, the most aggravating aspect of the notice-and-choice approach is that it discounts the significant power imbalance between online companies and individuals. Online contracts, whether they be terms and conditions or privacy policies, are standard form contracts that present a Hobson^’s choice: people must take the product or leave it. Arguably, there is no real choice in that. Either companies are so unique in their product offerings that there are no viable alternatives to choose from, or various companies in the same industry offer the same, negligible level of privacy protections. The genetic testing industry is paradigmatic of the latter. While there are many genetic testing companies, they are all at parity in terms of the privacy protections they offer.

These issues speak to the way the age of ^“big data^” is re-defining informational privacy. The issue no longer concerns withdrawal or control. It is about recognising that people are sharing personal information online—with each other and with businesses—at an unprecedented rate. This calls for a conception of privacy that adequately protects people^’s personal information while recognising the rigour with which information and communications technology rules people^’s lives. What is required is a conception of privacy that shifts away from placing the privacy burden on consumers and instead increases the stakes for businesses. Thus, what is required to adequately protect genetic privacy interests in the age of ^“big data^” is a conception of privacy that is flexible, contextual and cognisant of the fact that privacy has an inherent social value.

This flexible, contextual and social conception of privacy is known as privacy-as-trust. Trust as a concept is intertwined with informational privacy because it forms the crux of the relationship between individuals and DTC genetic testing companies. Thus, the only way to shift the power imbalance between genetic sharers and DTC testing companies is to leverage the law to enforce the trust norms of disclosure.⁵³ Put simply, a DTC testing company will be held liable for an invasion of privacy if they further disseminate information that was originally shared in a context that manifests trust.⁵⁴

IV Informational Privacy Breaches in Purchasing Genetic Tests

Sharing genetic material when purchasing a DTC testing kit is only one context in which informational privacy rights can be analysed. This part focuses on the act of purchasing genetic tests and the subsequent use of the genetic information by the DTC testing company. In doing so, three propositions are made. First, when Vincent peruses the websites of DTC genetic testing companies, he is presented with biased privacy policies that are unfairly skewed towards the companies^’ interests. Secondly, this automatically discounts Vincent from truly ^“opting in^” to privacy policies that allow DTC genetic testing companies to share or sell his genetic information to third parties for a profit. Finally, this is especially concerning as the nature of genetic information means it is not just Vincent^’s privacy interests that are infringed upon, but also the interests of his relatives. This article recommends, then, that the relationship between the DTC genetic testing industry and their consumers be recognised as a fiduciary relationship.

53. Waldman Privacy as Trust, above n 8, at 50. 54 At 50.

A Why informed consent in DTC genetic testing websites fails

Various features of the DTC genetic testing market render the informed consent of consumers invalid. Typically, informing patients about the diseases and traits tested for, the test characteristics, and the associated risks and limitations involves distilling a large quantity of complex genetic information into something that is capable of being understood by the average person.⁵⁵ There is a distinct lack of an intermediary between the DTC genetic testing company and the consumer—an intermediary that would have been otherwise present if a person had undergone a genetic test in the presence of a doctor or genetic counsellor.⁵⁶

Secondly, the regulation of DTC genetic testing corporations is fragmented and incomplete, particularly in the United States where DTC testing companies like 23andMe and Ancestry are based.⁵⁷ The lack of professional supervision, the sheer quantity of biased information presented to the consumer and the light regulation of DTC genetic testing companies all give rise to violations of the doctrine of informed consent.

For example, DTC genetic testing kits are generally purchased by consumers online. As a result, every online DTC genetic testing company is subject to a contract, appearing either as terms of use, terms and conditions, or privacy policies.⁵⁸ These contracts govern the relationship between DTC testing companies and consumers. Most companies use standard-form ^“clickwrap^” and ^“browsewrap^” contracts to govern the transaction between consumers who wish to purchase online genetic tests and the company itself.⁵⁹ A ^“clickwrap^” agreement requires the consumers to view the contract. The contract is presented so that consumers must scroll to the bottom of the page and click an ^“I consent^” or ^“I agree^” button to signal their consent to the terms. A browsewrap agreement, while similar, places the terms on an external webpage. The consumer may not have been required to open such a webpage before signalling their acceptance.⁶⁰

However, something as unassuming as web design or cleverly worded information is all that is needed to convince an individual to click ^“I agree^” or ^“I consent^”. Thus, these contracts are problematic and cannot be an indicator of informed consent. DTC genetic testing companies may disagree, arguing they are filling a gap in the market by either fulfilling human sentiments in acquainting consumers with their ancestral backgrounds, or advising consumers to lead healthier lives. From an economic perspective, these companies would argue they are simply presenting themselves in an appealing way in order to maximise profit.

However, this logic is questionable. The information available on the websites of DTC genetic testing companies is heavily skewed in favour of genetic tests. For example, on the main pages of these websites, genetic testing companies expose consumers to an average

55 Eline M Bunnik, A Cecile JW Janssens and Maartje HN Schermer ^“Informed Consent in Direct-to- Consumer Personal Genome Testing: The Outline of a Model Between Specific and Generic Consent^” (2014) 28 Bioethics 343 at 344.

56 At 344.

57. Samual A Garner and Jiyeon Kim ^“The Privacy Risks of Direct-to-Consumer Genetic Testing: A Case Study of 23andMe and Ancestry^” (2019) 96 Wash UL Rev 1219 at 1224.
58. Phillips, above n 29, at 273.
59. Andelka M Phillips ^“Only a click away — DTC genetics for ancestry, health, love...and more: A view of the business and regulatory landscape^” (2016) 8 Applied & Translational Genomics 16 at 16.

60 At 16.

of six times as many benefits as risks and limitations to using genetic tests.⁶¹ If the two pillars of informed consent require the decision-maker to have relevant, high-quality information which presents various alternatives and outcomes, which is consistent with the decision-maker^’s values, then genetic testing websites must include a presentation of the risks, benefits and limitations of undergoing genetic testing in an unbiased way.⁶²

This is, however, not the case. DTC genetic testing companies blatantly disregard informed consent and transparency standards. For example, in 2007, the American Society of Human Genetics issued transparency recommendations for what DTC genetic testing companies should disclose to potential customers in their contracts.⁶³ When a public policy group evaluated 25 DTC genetic testing companies for compliance with those recommendations, they found that only six of the 25 companies met even 70 per cent of the standards.⁶⁴ Overall, the DTC genetic testing industry complied with disclosure standards only 44 per cent of the time.⁶⁵

The DTC genetic testing industry tends to de-emphasise the involvement of healthcare professionals as informers. This is both in terms of notifying patients of their personal risk and as ^“counsellors^” in ensuring that the mental and emotional wellbeing of patients are catered to in the event they receive distressing news from genetic tests.⁶⁶

The inaccessibility of these contracts and websites also means consumers cannot fully understand the implications of what they have agreed to. This is especially relevant when opt-in clauses allow the DTC genetic testing companies to share genetic data with third parties. If they do not understand, how can a consumer^’s consent be ^“informed^”?

The concept of informed consent is therefore a fallacy used by DTC genetic testing companies despite being aware that consumers do not read or understand privacy policies.⁶⁷ If privacy-as-freedom-for, notice-and-choice and informed consent fail, privacy policies risk being reduced to mere window-dressing by these companies. These concepts may become legal saviours that swoop in to save the day in the event of a lawsuit. However, in reality they do little to protect people^’s genetic privacy interests when they buy a genetic testing kit.

B DNA identifiability

The violations of informed consent as discussed above highlight a further, more concerning aspect of informational privacy interests and genetics. This is the fact that, in the process of sharing his DNA with the DTC genetic testing company, Vincent unknowingly impinged on the privacy interests of his brother. The dual nature of genetics means that

61 Amanda Singleton and others ^“Informed Choice in Direct-to-Consumer Genetic Testing (DTCGT) Websites: A Content Analysis of Benefits, Risks, and Limitations^” (2012) 21 J Genet Counsel 433 at 437.

62 At 434.

63 Norman P Lewis and others ^“DTC genetic testing companies fail transparency prescriptions^” (2011) 30 New Genetics and Society 291 at 291.

64 At 291.

65 At 291.

66. Singleton and others, above n 61, at 433.
67. Aleecia M McDonald and Lorrie Faith Cranor ^“The Cost of Reading Privacy Policies^” (2008) 4 ISJLP 543 at 563. This is evident from the unreasonable amount of time it would take consumers to read privacy statements word-for-word for all the websites users visit. See also Brooke Auxier and others ^“Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information^” (15 November 2019) Pew Research Center

<www.pewresearch.org>.

even though Vincent^’s genetic makeup is fundamentally unique to him, it is also capable of identifying his parents, siblings and extended relatives.⁶⁸

In their privacy policies, DTC genetic testing companies typically emphasise that the storage and usage of de-identified or aggregate genomic data poses minimal risk to consumers, and that the potential for ^“re-identification^” is unlikely.⁶⁹ This echoes the traditional approach to informational privacy protection, which focuses on data de- identification or aggregation.⁷⁰ A DTC genetic testing company may go so far as to argue that a researcher who receives a coded genetic set, but who does not have access to the personally identifiable characteristics attached to the set (such as family name or address) does not have access to ^“identifiable information^” at all.⁷¹

However, one of the key characteristics of the age of ^“big data^” is that data is accessible in more than one repository.⁷² For example, if after taking a genetic test, Vincent uploads his raw DNA files to an open-source demographic database like GEDMatch.com, it is possible that Vincent could be re-identified. Even if genomic data is de-identified by standard privacy practices—such as the removal of names and dates of birth—data can be re-identified by methods that combine genomic software with publicly available demographic databases.⁷³ Genetic data aggregation—a strategy which combines data for a given population—is also rendered ineffective because there is enough published information available to identify the individual.⁷⁴ Therefore, because the genes of two closely related individuals—Vincent and Anton, say—are incredibly similar, the disclosure of one person^’s genetic information also leaks genetic information about the other.

C The way forward: privacy-as-trust and DTC genetic testing companies as fiduciaries

Privacy must be compatible with information sharing. The world today requires significant disclosures to fully participate within society. Vincent cannot be expected to read a 50-page privacy policy on a DTC genetic testing website or to fully understand the implications of sharing his genetic information.⁷⁵ If the law continues to consider privacy- as-freedom-for, notice-and-choice and informed consent as the cornerstones of informational privacy, these principles will be breached on a daily basis by the number of people who consent to and accept privacy policies that they neither read nor understand.⁷⁶ As a possible solution, this article now turns to privacy-as-trust. This concept illustrates

a symbiotic relationship, wherein privacy protections build trust and trust in turn allows disclosures to occur.⁷⁷ This conception allows a re-orientation of privacy law towards

68. Bruce R Korf ^“Genomic Privacy in the Information Age^” (2013) 59 Clinical Chemistry 1148 at 1148.
69. Katherine Drabiak ^“Caveat Emptor: How the Intersection of Big Data and Consumer Genomics Exponentially Increases Informational Privacy Risks^” (2017) 27 Health Matrix 143 at 145.
70. Erman Ayday and others ^“Whole Genome Sequencing: Revolutionary Medicine or Privacy Nightmare?^” (2015) 48(2) Computer 58 at 62.
71. Bartha Maria Knoppers ^“Consent to ^‘personal^’ genomics and privacy^” (2010) 11 EMBO Reports 416 at 418.

72 At 418.

73. Abraham P Schwab and others ^“Genomic Privacy^” (2018) 64 Clinical Chemistry 1696 at 1696.
74. Ayday and others, above n 70, at 62.
75. McDonald and Cranor, above n 67, at 563. See generally Auxier and others, above n 67.
76. Deloitte 2017 Global Mobile Consumer Survey: US Edition – The Dawn of the Next Era in Mobile

(2017) at 12; and Auxier and others, above n 67.

77. Waldman Privacy as Trust, above n 8, at 61.

protecting disclosures that emanate from relationships of trust.⁷⁸ One such relationship is between that of an individual and a DTC genetic testing company. Thus, this article argues that when Vincent buys a DTC genetic test, he is doing so under a disclosure context characterised by trust, and that the DTC genetic testing company should be held to the standard of an ^“information fiduciary^”.⁷⁹ Privacy-as-trust, as a method of protecting privacy, functions as a mechanism for preventing shame, embarrassment, bias or discrimination arising from the disclosure of personal information.⁸⁰ In turn, holding DTC genetic testing companies to the standard of a fiduciary equalises the power asymmetries present between consumer and company.

But what if privacy-as-trust actually erodes Vincent^’s privacy? Perhaps the concept is simply an excuse to justify empirical reality: the fact that privacy policies are seldom read and that consumers will click ^“I consent^” if they have a high interest in the product. Perhaps this indicates that consumers do not actually care about privacy. Following this line of thought produces the conclusion that privacy-as-trust gives too much leeway to consumers.

Those against the privacy-as-trust conception, like DTC genetic testing companies, may argue that efforts should be refocused into educating individuals about the risks of DTC genetic tests, making privacy policies more digestible and continuing the vindication of individual autonomy. These arguments are in accodance with the conceptions of privacy as privacy-as-freedom-for and notice-and-choice.

Privacy-as-trust seems like a hazy and indeterminate conception. Trust, like privacy, is nebulous and highly contextual. Vincent may share his genetic status and propensity to developing a life-threatening neurological disorder with his partner, but he would not trust a stranger enough to disclose such information. However, if that stranger was a genetic counsellor who is equipped and trained to speak with Vincent about his condition, Vincent arguably still implicitly trusts them even though there is no prior relationship. It must follow then, from a legal standpoint, that privacy-as-trust runs into the same issue as privacy itself: the expansive scope of what ^“trust^” means and what it covers renders it ineffective from a floodgates perspective.

However, these arguments are unfounded. Privacy-as-trust is an objectively better framework than privacy-as-freedom-for because it calls for DTC genetic testing companies to be held to the standard of ^“information fiduciaries^”. A fiduciary relationship is one that is characterised by trust and confidence.⁸¹ In such a relationship, the fiduciary undertakes or agrees to act for or in the interests of another person in the exercise of a power or discretion which will affect the other person^’s interests in a legal or practical sense.⁸² Examples of fiduciaries include doctors, lawyers and investment advisers who all handle their clients^’ monies and livelihoods under duties of loyalty and care.⁸³

A DTC genetic testing company, acting in their capacity as an information fiduciary, will have three main duties placed upon it. First, they will have the duty to look out for the interests of the people whose data they are harvesting and profiting from. Secondly, they

78 At 61.

79 At 79.

80. Drabiak, above n 69, at 170.
81. Hospital Products Ltd v United States Surgical Corporation [1984] HCA 64; (1984) 156 CLR 41 at [69] per Mason J as cited in JD Heydon, MJ Leeming and PG Turner Meagher, Gummow and Lehane^’s Equity Doctrines and Remedies (5th ed, LexisNexis Butterworths, Chatswood, 2015) at 142.
82. JD Heydon, MJ Leeming and PG Turner Meagher, Gummow and Lehane^’s Equity Doctrines and Remedies (5th ed, LexisNexis Butterworths, Chatswood, 2015) at 142.
83. Waldman Privacy as Trust, above n 8, at 85.

will be obliged to never induce trust from consumers and then actively work against consumers^’ interests. Finally, and most importantly, they will have a duty not to sell or distribute consumer information except to those who have agreed to similar rules.⁸⁴ This final aspect means DTC genetic testing companies will only be able to share information with third parties who have also assented to the privacy-as-trust framework and therefore to being information fiduciaries. Waldman cites an apt example to summarise these duties: if Google Maps induces trust in its users by holding itself out as providing the ^“best^” and ^“fastest^” routes from A to B, then they should be barred from delivering a longer route that passes by a McDonald^’s simply because McDonald^’s paid Google $20.⁸⁵ Allowing Google to do this would break the trust it induced in its users because it demonstrates the company^’s prioritisation of its financial considerations over its users^’ interests. In that sense, information fiduciaries should never act as ^“con men^”, inducing trust and then actively working against the interests of their users.⁸⁶

Privacy-as-trust and the information fiduciary principle would ensure that consumers have better recourse to legal action if the DTC genetic testing company shares the consumer^’s genetic information to a third party who is not also an information fiduciary. This is necessary because the relationship between the consumer and the DTC genetic testing company is characterised by ^“credence goods^”.⁸⁷ Credence goods ^“are goods whose utility is difficult or impossible for the consumer to ascertain, due to the levels of expertise required in the assessment of its utility^”.⁸⁸ The online transaction between the two parties, in that sense, is filled not only with uncertainty but also dependency. These factors put the consumer—Vincent—in a position of vulnerability, which highlights the need for the establishment of a trust relationship between the consumer and the DTC genetic testing company.⁸⁹

This article is not blind to the deficiencies of privacy-as-trust and information fiduciaries. Even from an equitable perspective, the imposition of fiduciary obligations in a non-established category should be approached cautiously on a case-by-case basis.⁹⁰ This conception would also likely see pushback from corporations, who may argue that they are being unfairly burdened with even more legal obligations.

However, New Zealand^’s human rights framework is premised on the vindication of the rights and freedoms of individuals and communities. At the very least, this is a normative ideal towards which we should strive. As with any change, there will be resistance—but this is necessary in an age where information is no longer held in silos, but rather in centralised databases which multiple entities can access.⁹¹ With this increased access comes an increased risk of information abuse. The notice-and-choice approach on which current privacy laws are premised do nothing to protect against privacy breaches when a company shares information with a third party.

84 At 87.

85 At 87.

86 At 87.

87 Edna F Einsiedel and Rose Geransar ^“Framing genetic risk: trust and credibility markers in online direct-to-consumer advertising for genetic testing^” (2009) 28 New Genetics and Society 339 at 344.

88 At 344.

89 At 344.

90. Hospital Products Ltd, above n 81, at [68] per Mason J.
91. Knoppers ^“Consent to ^‘personal^’ genomics and privacy^”, above n 71, at 418.

The paradigmatic example is Facebook^’s Cambridge Analytica scandal.⁹² In March 2018, a personality quiz app was used to collect the private data of 300,000 users who chose to use the quiz app.⁹³ The app also collected the Facebook data of an estimated 87 million users connected to those who used the app.⁹⁴ The developer then sold the mined data to Cambridge Analytica, who used that data to deliver targeted political advertisements on Facebook.⁹⁵ Though people^’s trust in Facebook was compromised, the company continued to operate. In fact, a survey conducted by The Atlantic found that Facebook was ironically the most used but least trusted social media network, with

57.9 per cent of the platform^’s users saying they ^“mostly distrusted^” Facebook or had ^“no trust^” in it to keep their personal information private and secure.⁹⁶ If a competitor arose which provided greater privacy protections premised on privacy-as-trust and somehow compensated for the social switching costs of moving to that platform, this article hypothesises that people would move there. In that scenario, Facebook faces a real chance of its profitability plummeting.

By implication, privacy-as-trust is profitable because of the inherent trust placed in the DTC genetic testing company. If a DTC genetic testing company had stringent privacy protections and did not sell genetic information to third parties for a profit, then society would trust that company more than another DTC genetic testing company that makes clear its interest in selling genetic information. Privacy-as-trust and the information fiduciary principle therefore act as bulwarks against the misuse of information while fostering an environment in which such information can be shared.

Trust is an attribute of successful communities and nations, both of which derive benefit from cooperation, cultural exchange and other forms of interaction.⁹⁷ Trust is necessary in the context of genetic information because as a society, people have a vested interest in upholding public health and improving the economy. At the same time, people also want—and need—to have their privacy protected. Privacy-as-trust, and the imposition of information fiduciary duties, is an intermediary between these goals. Privacy is not a zero-sum game. In the context of genetic information, privacy is not a binary between the minority and the majority. Instead, privacy is a spectrum within which everyone can benefit.

In that sense, there is some value in encouraging participation in genomics projects. Vincent should, through his trusted DTC genetic testing company intermediary, be allowed to contribute his genetics to the scientific community. Indeed, it may even be a noble feat to share one^’s cells in the pursuit of improving public health and contribute to higher standards of living. But Vincent also needs to be reassured that his information will be used in his best interests. Privacy-as-trust lessens the power asymmetries between a DTC

92. For a brief overview of the Cambridge Analytica scandal, see Brian Tarran ^“What can we learn from the Facebook–Cambridge Analytica scandal?^” (2018) 15 Significance 4.
93. Allison J Brown ^“‘Should I Stay or Should I Leave?^’: Exploring (Dis)continued Facebook Use After the Cambridge Analytica Scandal^” (2020) 6 Social Media + Society 1 at 1.
94. At 1.
95. At 1.
96. Julie Beck ^“People Are Changing the Way They Use Social Media^” The Atlantic (online ed, Washington DC, 7 July 2018).
97. See Robert D Putnam Bowling Alone: The Collapse and Revival of American Community (Simon & Schuster, New York, 2000); and Francis Fukuyama Trust: The Social Virtues and the Creation of Prosperity (Free Press, New York, 1996) as cited in Waldman Privacy as Trust, above n 8, at 51.

genetic testing company and consumers; it not only strengthens Vincent^’s genetic privacy but could also be used to advance public health initiatives as new discoveries are made.

V Informational Privacy, Genetic Discrimination and Insurance

Insurance and genetic testing have a long and complicated relationship. The proliferation of genetic testing has no doubt exacerbated the tension between the two, with its advent being characterised as the death knell for fair insurance premiums and a harbinger for an age of genetic discrimination.⁹⁸ Framed this way, it is also unsurprising that the relationship has received so much academic attention.⁹⁹ It seems inherently unfair that people must pay higher premiums, accept less comprehensive policies or be denied coverage because of genetic compositions outside of their control.¹⁰⁰

However, the reality is more nuanced. This part focuses on the second aspect of Vincent^’s dilemma: should an insurance company be allowed to use Vincent^’s genetic information to discriminate against him and his family? If so, how much information should that company be able to access? While privacy-as-trust provided a theoretical answer in Part IV, its solution to the insurance quandary is more concrete. Three suggestions are made. First, insurance companies should only have tiered access to genetic information (meaning, above a certain premium threshold). Secondly, an independent advisory body should be set up to navigate issues of genetics and insurance. Finally, insurance companies should be totally barred from accessing genetic information from third-party platforms.

A Overview of the insurance industry

Broadly speaking, there are two types of insurance: one is based on solidarity and the other on mutuality.¹⁰¹ The former takes no account of the various levels of risk that different individuals bring to the pool, with premiums and claim entitlements being set at a uniform level across the population.¹⁰² New Zealand^’s Accident Compensation Corporation (ACC) is an example of a solidarity-based insurance scheme.¹⁰³ Since solidarity-based insurance schemes require universal—or at least, very wide— participation, there is a level of compulsion imposed on the public to achieve this.¹⁰⁴

98. Michelle Andrews ^“Genetic Tests Can Hurt Your Chances of Getting Some Types of Insurance^” (7 August 2018) NPR <www.npr.org>.
99. See, for example, Alison K Thompson and Ruth F Chadwick (eds) Genetic Information: Acquisition, Access, and Control (Kluwar, New York, 1999); Marcus Radetzki, Marian Radetzki and Niklas Juth Genes and Insurance: Ethical, Legal and Economic Issues (Cambridge University Press, Cambridge, 2003); and Thomas Lemke Perspectives on Genetic Discrimination (Routledge, New York, 2013).
100. Radetzki, Radetzki and Juth, above n 99, at 3.
101. Onora O^’Neill ^“Insurance and Genetics: The Current State of Play^” (1998) 61 MLR 716 at 716. 102 At 716.
     103. Jeremy Holmes ^“Mutuality and Solidarity – is it possible to solve the crisis in private health insurance in New Zealand?^” (paper presented to New Zealand Society for Actuaries Conference, Tauranga, November 2016).
     104. O^’Neill, above n 101, at 716.

For example, if Vincent earned a salary in New Zealand, a certain portion of his taxable income would be levied to the ACC.¹⁰⁵

Conversely, mutuality-based insurance differentiates premiums on the basis of each individual^’s level of risk.¹⁰⁶ Mutuality-based insurance sounds intuitively reasonable when applied. For example, in the context of motor vehicles, each person^’s premium depends on how good a driver they are. However, more difficult ethical questions are raised in the context of health and life insurance based on mutuality. While motor vehicle insurance is optional (not everyone has to drive), health and life insurance are generally not.¹⁰⁷ This means there will be some people who miss out on mutuality-based health and life insurance coverage, either because the premiums are too expensive or because they are denied outright. For this reason, most countries have rejected mutuality-based health insurance (though life insurance remains problematic), with the notable exception of the United States.¹⁰⁸

This article emphasises health and life insurance because they are the most pertinent to genetic testing.¹⁰⁹ Genetic information, provided by genetic testing, clearly has financial value to insurers in terms of assessing risk and calculating premiums.¹¹⁰ However, the question of regulating insurers^’ access to this information is complex. It is to this point that this article now turns.

B The insurer’s interests

There are several arguments the insurer could make to have unrestricted access to genetic information.¹¹¹ Insurance companies can propound the overriding principle of insurance contracts, which requires utmost good faith (uberrima fides).¹¹² Under this principle, the individual must disclose all known and relevant information about themselves when applying for health or life insurance.¹¹³ The main reason for the uberrima fides principle is the asymmetric nature of information between insurer and candidate.¹¹⁴ If Vincent knows he is at risk of developing a neurological disorder but is allowed to withhold this information from an insurer, it would be inherently unfair to have him pay a lower premium compared to people who are already known to possess the same risk.¹¹⁵

Another reason for the uberrima fides principle is adverse selection.¹¹⁶ Adverse

selection occurs when those who possess a higher-than-average risk of disease buy the

105. ACC ^“Understanding levies if you work or own a business^” (25 November 2021)

<www.acc.co.nz>.

106. O^’Neill, above n 101, at 716. 107 At 717.

108 At 717.

109. I include disability insurance within the ambit of life insurance.
110. Graeme Laurie Genetic Privacy: A Challenge to Medico-Legal Norms (Cambridge University Press, Cambridge, 2002) at 131.
111. This author confines the scope of this Part of the discussion to pre-existing genetic information. There is also a question of whether insurance companies can coerce potential candidates into taking genetic tests as part of the vetting process. However, because this practice is virtually banned in all countries—whether by statute or voluntarily by the insurance companies themselves—this article will not consider it.
112. Laurie, above n 110, at 131. 113 At 131.

114 Radetzki, Radetzki and Juth, above n 99, at 39.

115 At 39. 116 At 39–41.

insurer^’s products on a large scale without informing the insurance company.¹¹⁷ In the same vein, individuals who know they represent a smaller-than-average risk will take out insurance on a limited scale.¹¹⁸ The insurance company^’s loss compensation will then exceed their income from premiums which, in turn, signals a price increase for those premiums. This causes the demand for insurance from ^“good risks^” to decrease even further, which leads to further premium increases as the proportion of ^“bad risks^” grow.¹¹⁹ This vicious cycle continues until the premiums become so high that not even the ^“bad risks^” will obtain insurance, thereby signalling the collapse of the insurance market itself.¹²⁰

The adverse selection argument is rooted in the third reason why insurance companies would want unrestricted access to genetic information: actuarial fairness. If private, mutuality-based insurance is premised on the idea that individuals will pay premiums in proportion to their risk, then it is only fair that Vincent should contribute according to his own risk.¹²¹ To put it negatively, no one should have to pay a higher premium than is justified by the risk they actually represent.¹²² Given that the entirety of insurance rests on the evaluation of risk, the more information there is available to insurers, the more ^“precise^” the premiums can be, thereby contributing to the actuarial fairness of the system.¹²³ Further, the use of the term ^“discrimination^” is not an overstatement. The entire purpose of insurance is to use rational, scientifically sound and empirically supported evidence to discriminate between individuals to ensure premiums are precise.¹²⁴ In fact, it is arguably the only sort of ^“discrimination^” that is morally permissible in the insurance context.

In accordance with this principle, requesting genetic information is merely an extension of existing insurance practices. Just as health and life insurers have long required candidates to provide medical records, lifestyle details and family histories, this principle suggests that insurance companies should so too require candidates to provide information from genetic testing.¹²⁵ Indeed, banning access to genetic information arguably propounds an essentialist view whereby humans are reduced to nothing more than their genes. This is despite the fact that diseases are multi-factorial, with social, behavioural and environmental characteristics being just as—if not more—important in contributing to a person^’s potential disease risk.¹²⁶

Finally, in the majority of liberal democracies (with the exception of the United States), mutuality-based health and life insurance are ^“basic social goods^”.¹²⁷ New Zealand enjoys

117 At 39.

118 At 39.

119 At 40.

120 Marcus Radetzki ^“Premiedifferentiering: effektivitet kontra solidaritet^” in B Dufwa and others (eds) Esseys in Honour of Erland Strömbäck (Svenska Försäkringsföreningen, Stockholm, 1996) at 243 as cited in Radetzki, Radetzki and Juth, above n 99, at 40.

121 At 128.

122 At 128.

123 MR Anderlik and MA Rothstein ^“Privacy and Confidentiality of Genetic Information: What Rules for the New Science^” (2001) 2 Annu Rev Genomics Hum Genet 401 as cited in Bartha Maria Knoppers, Béatrice Godard and Yann Joly ^“A Comparative International Overview^” in Mark A Rothstein (ed) Genetics and Life Insurance: Medical Underwriting and Social Policy (MIT Press, Cambridge (Mass), 2004) 173 at 173–174.

124 At 173.

125. O^’Neill, above n 101, at 717.
126. Gostin and Hodge Jr, above n 31, at 32.
127. Knoppers, Godard and Joly, above n 123, at 173.

a healthcare system with either free or subsidised health care, or benefits from schemes such as disability allowances and carer support. Insurance companies, as for-profit entities with a vested interest in maximising returns to shareholders, should therefore not be treated as quasi-health service providers.¹²⁸

C The way forward: privacy-as-trust and the tiered restriction of genetic information

Recall that one of the central purposes of privacy-as-trust is to facilitate sharing. By advocating for the tiered restriction of genetic information, this article not only emphasises the importance of protecting Vincent^’s informational privacy, but also his desire to share his genetic information for the purposes of health and wider scientific progress. Tiered restriction will also balance the insurer^’s interests by setting a ceiling limit on disclosure, depending on the price of the insurance policy. Before expanding on this suggestion, this article will now deconstruct each of the arguments noted above.

First, it is an exaggeration to suggest that the entirety of the uberrima fides principle

will fall if access to genetic information is banned. This article is not throwing the proverbial baby (uberrima fides) out with the bath water (access to genetic information). Instead, it advocates for the restriction of genetic information. Insurers may still request an individual^’s medical records, which is a well-accepted, standard practice. On this point, an analogy to the Netherlands, a country which has prohibited insurance access to genetic information since the late 1990s, is helpful.¹²⁹ The Medical Examination Act 1997 (Netherlands) restricts private insurers from using genetic test results from individuals who want to obtain life or disability insurance.¹³⁰ The Act states that for life insurance below a predefined ceiling of €160,000, no questions will be asked concerning the results of genetic tests from an applicant and their relatives.¹³¹

Secondly, there is no clear evidence that adverse selection is a real phenomenon.¹³² This is because the concerns of the insurance industry—especially the health insurance industry—do not necessarily reflect the concerns of individuals and their families. Insurers fear a large number of claims will be made by ^“bad risks^”, thereby reducing their profitability. But the fear for individuals and their families is with obtaining insurance for basic life and health cover.¹³³ Again, using the Netherlands as an example, it is evident that the Dutch insurance market is still alive and well, despite the fear of adverse selection.

Thirdly, the appeal of actuarial fairness is farcical when one realises that insurers^’ calculations of risk do not reflect objective risk or probability.¹³⁴ Insurance companies do not use all known factors relevant to an individual^’s disease profile when they differentiate premiums.¹³⁵ The calculation of risk and differentiation is instead based on a limited

128. Shaheen Borna and Stephen Avila ^“Genetic Information: Consumers’ Right to Privacy Versus Insurance Companies^’ Right to Know: a Public Opinion Survey^” (1999) 19 Journal of Business Ethics 355 at 357.
129. Els Geelen and others ^“Unravelling fears of genetic discrimination: an exploratory study of Dutch HCM families in an era of genetic non-discrimination acts^” (2012) 20 Eur J Hum Genet 1018 at 1019.

130 At 1019.

131 At 1019.

132. Laurie, above n 110, at 135.
133. Peter S Harper ^“Insurance and genetic testing^” (1993) 341 Lancet 224 at 226 as cited in Laurie, above n 110, at 135, n 167.
134. Radetzki, Radetzki and Juth, above n 99, at 128. 135 At 129.

number of factors which the insurer deems relevant.¹³⁶ In fact, using all factors relevant to an individual is unreasonable, because it would make vetting each candidate too expensive for insurers. In that case, if every factor is more or less arbitrary, it is problematic for the insurance company to hide behind the veil of ^“actuarial fairness^” and appeal to an ideal that they do not even try to attain.¹³⁷

Moreover, it is irrational to insist on genetic test results when genetic tests are unreliable. For example, a doctor who had a known family history of age-related macular degeneration tried four different DTC genetic testing kits.¹³⁸ One test suggested she had a lower-than-average risk of developing the condition while the other three showed she had a higher-than-average risk.¹³⁹ Even if insurance companies had unrestricted access to genetic information, it is unlikely they would receive relevant information from four contradictory tests. Another example saw a DTC genetic testing company send a seven- page report to an individual, complimenting them on their muscle tone and physique.¹⁴⁰ It was later revealed the ^“individual^” was a dog.

It has also been found that health reports from DTC genetic tests that use a limited variant screening approach often yield clinical false-negative results.¹⁴¹ For example, most patients who had been referred by healthcare providers for colorectal and breast cancer would have received clinical false-negative results if they had only used DTC genetic tests.¹⁴² The calculation methods of insurance companies can hardly be said to be rational, scientifically sound and empirically supported when the very source on which they are basing their calculations is unreliable.

On that point, it is also difficult to conflate genetic information with medical information. While there is certainly a debate as to whether genetic information itself is ^“special^” and while there is overlap between what is considered ^“medical information^” and what is considered ^“genetic information^”, the latter should instead be treated contextually.¹⁴³ This should be the case especially where the genetic information was derived from a DTC genetic testing kit. The reason for this is the lack of a medical intermediary and a genetic counsellor—both of which would have been offered to Vincent had he taken a genetic test via a medical professional. It would be too burdensome to further impinge upon Vincent^’s genetic privacy by giving an insurance company unfettered access to his genetic information, especially since Vincent was not properly advised of the consequences of taking the test in the first place.

Finally, while insurance companies are certainly not charitable organisations, it is worth pointing out that the countries with the most comprehensive genetic privacy protections tend to be welfare states like Sweden and the Netherlands.¹⁴⁴ As far back as 1998,

136 At 129.

137 At 129.

138. Michela Cimberle and Patricia Nale ^“Direct-to-consumer genetic tests for AMD risk assessment unreliable^” Ocular Surgery News (online ed, Thorofare (NJ), 25 October 2014).
139. Cimberle and Nale, above n 138.
140. Claudia Geib ^“Some Genetic Tests Apparently Can^’t Tell If You^’re Dog or Human^” Neoscope

(online ed, New York City, 25 October 2019).

141. American Society of Human Genetics ^“Researchers Quantify Limitations of Health Reports from Direct-to-Consumer Genetic Tests^” (17 October 2019) ASHG <www.ashg.org>
142. Neelam Vijay Desai and others ^“Limitations of direct-to-consumer genetic screening for hereditary breast, ovarian, and colorectal cancer risk^” (2021) 39 Journal of Clinical Oncology 10515.
143. Nanibaa^’ A Garrison and others ^“Genomic Contextualism: Shifting the Rhetoric of Genetic Exceptionalism^” (2019) 19(1) American Journal of Bioethics 51 at 51.
144. Laurie, above n 110, at 149.

for example, the Association of Swedish Insurers released a statement wherein insurers were barred from inquiring about results from genetic testing, or from taking into consideration such results when assessing risks below SEK 250,000.¹⁴⁵ In the Netherlands, an insurer cannot question the health status of an individual^’s relatives with respect to hereditary conditions, even if those relatives already suffer from those conditions, and nor can they request that the individual or their relatives disclose pre-existing genetic test results.¹⁴⁶

Two further points support the proposition that an insurer^’s access to genetic information should be restricted on a tiered basis to protect an individual^’s genetic privacy interests. First, one of the primary concerns regarding unfettered access to genetic information is that it will deter individuals from getting tested for genetic conditions.¹⁴⁷ This could lead to a series of negative consequences. For example, if a cure for a disease is available, then not getting tested deprives the individual of accessing this benefit.¹⁴⁸ Conversely, deterrence may cause the individual to miss out on the psychological relief of finding out that they are actually at a low risk of developing a genetic disease.¹⁴⁹

On a broader level, deterrence may also injure scientific progress.¹⁵⁰ As Graeme Laurie notes, statistical and epidemiological data are of fundamental importance in the fight against disease.¹⁵¹ It is therefore imperative that the scientific research community continues to receive genetic data from individuals and families.¹⁵² In this context, privacy- as-trust would ensure that the sharing of genetic information—between individuals and researchers, for example—takes place within a secure environment. Privacy-as-trust would also bar insurance companies from requesting genetic information if it were available on a third-party platform, such as a DTC genetic testing biobank. This would bolster Vincent^’s trust in the legal system to uphold his genetic interests.

Privacy-as-trust would also protect the privacy interests of Vincent^’s brother. It would not only prevent the insurance company from denying Anton^’s application on the basis of Vincent^’s genetic test, but also uphold Anton^’s right to not know about his genetic makeup. This aspect highlights the second point this part raises—namely, that a cure does not always exist at the time an individual discovers their predisposition to a genetic condition.¹⁵³ Privacy-as-trust recognises that an individual^’s interest in knowing information could change depending on whether anything can be done to remedy their condition.¹⁵⁴ If Anton strongly suspects he may have a degenerative disorder, but does not conduct a genetic test because no cure exists, then privacy-as-trust would respect Anton^’s decision to not know.

In this regard, a tiered disclosure system would be well suited. For ceiling limits below

$500,000, for example, insurance companies in New Zealand would be banned from requesting an individual^’s genetic test results. This rule can be imposed either by a voluntary moratorium crafted by insurers themselves, or through legislation. Where an individual^’s premium is calculated above this ceiling and where their disease risk is notified

145. Lena Jonsson ^“Regulatory Developments in Genetic Testing in Sweden^” OECD <www.oecd.org>.
146. Laurie, above n 110, at 149. 147 At 134.

148 At 139.

149 At 139.

150 At 140.

151 At 140.

152 At 140.

153 At 148.

154 At 148.

through one of the tests approved by an independent oversight body, the individual^’s genetic test results can be taken into account by the insurer. This article again recommends that either an independent oversight body be established, such as the United Kingdom^’s Genetics and Insurance Committee, or that the role of the Privacy Commissioner or Insurance Ombudsman be expanded to accommodate these tasks.¹⁵⁵

A criticism against this analysis may be that privacy-as-trust applies superficially where insurance is the concern. It is true that privacy-as-trust may not fit as neatly into the insurance quandary as informed consent (as discussed in Part IV). However, this article emphasises that the tiered system should be favoured because of the ease with which it balances the interests of those involved. The ceiling limit is high enough that individuals will not be deterred from undergoing genetic tests and will feel like their informational privacy is being respected. The ceiling also appeases insurers with regard to their economic interests. Finally, this approach ensures the scientific community has access to individuals^’ genetic information for the purposes of improving scientific research and the search for cures.

6. Conclusion

This article has contended that the age of ^“big data^” means the disclosure of personal information is necessary in the pursuit of the good life. However, the advent of such an age has not coincided with a reformulation of privacy, which is still rooted in conceptions like notice-and-choice and informed consent. If the law continues to emphasise these conceptions, the dichotomy between the ^“empowered individual^” who is encouraged to make informed health choices, and the genetic illiteracy of the general population, will only be exacerbated.¹⁵⁶ This will place the individual in an even more vulnerable position if insurance companies are able to access genetic information on third-party platforms.

Instead, New Zealand^’s conception of privacy must evolve and be based on the fundamental principle of trust. New Zealand must trust DTC genetic testing companies to act as information fiduciaries towards people^’s genetic information, and it must also trust the legal system to ensure that insurance companies do not arbitrarily increase premiums above a specified ceiling. By centring notions of privacy on trust, New Zealand could balance the interests of individuals, DTC genetic testing companies, insurers and the general public, while vindicating the contextual, flexible and social nature of privacy itself.

155 At 137.

156 Sivan Tamir ^“Direct-To-Consumer Genetic Testing: Ethical-Legal Perspectives and Practical Considerations^” (2010) 18 Med L Rev 213 at 219.