I'd feel a lot better with customer-centric privacy protections around the collector and storer, a la HIPAA.
Instead of regulating only some of the uses.
HHS already had to administratively extend to cover gaps (we'll see how that goes, post-Chevron) and Congress attempted to repeal it for workplace purposes in 2017.
And there's still the gray market question about 23andme -> Equifax-alike packaging it into a blended proprietary risk score -> insurance companies using that (of course 'without knowing that genetic information was included').
Instead of regulating only some of the uses.
HHS already had to administratively extend to cover gaps (we'll see how that goes, post-Chevron) and Congress attempted to repeal it for workplace purposes in 2017.
And there's still the gray market question about 23andme -> Equifax-alike packaging it into a blended proprietary risk score -> insurance companies using that (of course 'without knowing that genetic information was included').