Your DNA, Your Data: Preventing Genetic Discrimination in the Growing Bioeconomy
The U.S. bioeconomy is a growing economic sector driving technological innovation and global competitiveness. A significant portion of this innovation, especially in biotechnologies that improve health, like drug therapeutics and precision medicines, relies on the collection of genetic and non-genetic biological information through varied methods, including academic studies, direct-to-consumer testing services, and pharmaceutical companies. While this can lead to improvements in U.S. public health and biotechnology, there has been a growing fear among scientists and legal experts that this information is insufficiently protected against exploitation by foreign actors seeking to supplant U.S. leadership in biotechnology, as well as against domestic actors who might use this data to target or discriminate against certain subsets of the population
Legislation and policy outlining the storage and use of human-derived biological data by federally-funded research, such as the NIH Genomic Data Sharing Policy, lessen the risks surrounding this data but are insufficient due to advancements in biotechnology and the multifaceted collection, use, and selling of this information by private industry and law enforcement. Meeting the moment and protecting the American people will require: 1) expanded legislative protections for biological data; 2) biological data use protocols developed for federal agencies; and 3) standardized development, storage, and use of biological data. Pursuing these policy enhancements will safeguard fundamental rights and secure national infrastructure as we enter a new era of biological understanding and innovation.
Challenge and Opportunity
The U.S. bioeconomy is an increasingly important facet of the GDP due to the growing role of biotechnology in economic sectors, including defense, agriculture, energy, and manufacturing, with the total market size of biotechnology expected to reach $2-4 trillion in 2030-40. An important driver of this growth is the increased role of biotechnology in drug discovery, therapeutics development, and precision medicine.
This innovation, which includes novel treatments for cystic fibrosis, has necessitated the collection of massive datasets of biological data, including genetic, molecular, and biometric information. The federal government supports this through the direct creation and management or funding through grants of large-scale biobanks of individuals from varied geographic, demographic, and health backgrounds to be primarily used in biomedical research. Various pharmaceutical, technology, and biotechnology companies have additionally collected millions of primarily genetic samples from members of the public; for example, more than 26 million people have taken direct-to-consumer genetic tests through companies, such as 23andMe and Ancestry.
However, as more human-derived biological datasets grow, they become strategic targets. There is an increasing concern that this information is insufficiently protected against exploitation by foreign actors seeking to supplant U.S. biotechnological leadership, as well as against malicious domestic actors who may misuse biological data to perpetrate genetic discrimination and biological data discrimination. While this may initially seem like a concern limited to employment or insurance, genetic discrimination has potential negative ramifications for the unchecked surveillance and intrusion into the private lives of Americans. Cases of genetic discrimination have already been identified in education, such as the case of Colman Chadam, a middle-schooler forced to leave his school because of a genetic susceptibility to cystic fibrosis. Additional civil liberties concerns arise around the non-consensual misuse of biological data in law enforcement investigations. Even while measures have been taken to secure biological datasets to minimize the number of people who might misuse this information, both public and private data collections are under scrutiny from sectors of the public about the risk of anonymized biological data being reidentified and the ability of these collectors to prevent data leaks.
The preeminent federal law guiding the use of this data in non-research settings is the Genetic Information Nondiscrimination Act (GINA). GINA, in combination with the Health Insurance Portability and Accountability Act (HIPAA) and other legislation, outlines the general use of genetic and biological information within the U.S. However, these laws leave regulatory gaps that enable the previously mentioned civil rights violations to rise. HIPAA only provides protections to biological information in the context of “protected health information” for covered entities, such as healthcare providers and their business associates. And GINA only prohibits the use of genetic data to discriminate in employment and health insurance coverage, and only restricts organizations with greater than 15 employees. Moreover, there are no laws that protect against discrimination surrounding the use of non-genetic biological information, such as those collected by private companies and personal health trackers. Protections beyond GINA at the state level are inconsistent and lacking, especially given the highly personal and largely unchanging nature of this information. While guidance exists for the storage, sharing, and oversight of biological data for institutions that receive federal funding, there is a lack of this same technical standard for commercial and direct-to-consumer companies.
This regulatory vacuum allows deeply personal information about an individual’s disease history, familial relationships, and potential traits to be used to cause harm. This opens the door to dangerous infringements on personal safety and human rights, threatening the stability of the growing bioeconomy.
Plan of Action
To secure the U.S. bio-infrastructure, maintain global leadership in biotechnology, and safeguard American citizens from emerging threats to their privacy, the federal government must modernize its approach to human genetic and biological data. The current regulatory patchwork leaves the bioeconomy vulnerable to foreign exploitation and American citizens open to unchecked surveillance. The following recommendations establish a necessary framework to build trust in U.S. innovation while protecting individual liberty.
Recommendation 1. Modernize Genetic Privacy Laws to Close Security Gaps
Congress should advance legislation that comprehensively expands GINA to include all forms of biological data, including but not limited to: genetic, protein, microbiome, and biometric data, in order to close the loopholes present in the original law.
To ensure that an American’s biological information remains their private property and not a tool of overreach, this legislation should expand nondiscrimination protections beyond health insurance and employment. This legislation could be modeled on CalGINA, a 2011 California law that adds “genetic information” to existing protected classes, such as race, sex, and age. New federal legislation would expand on this model by codifying “biological information” as a protected class with “genetic information” within existing civil rights law. Additionally, this legislation should include direct language from CalGINA that prevents business establishments, health facilities, housing providers, and state-funded programs from demanding genetic tests, and penalizing Americans for their biological makeup. This legislation can also use language from the EU’s General Data Protection Regulation (GDPR) that classifies genetic and biometric data under a special “sensitive data” category. GDPR language would assist in classifying the scope of genetic and biological data as well as the protections individuals possess in regards to this information.
By setting this new federal baseline, Congress will harmonize the current fragmented regulatory landscape, clarifying compliance for businesses that may seek this information, and will assure the American public that their biological information cannot be weaponized against them.
Recommendation 2. Establish Guidelines For The Federal Use Of Biological Data
To prevent unwarranted surveillance and privacy erosion, the president should issue a memorandum tasking the National Institute of Standards and Technology (NIST) and the Office of Science and Technology Policy (OSTP) with developing a “Federal Human-Derived Biological Data Use Standard”.
To ensure the standard accounts for the full spectrum of federal use cases, NIST and OSTP, in coordination with the Office of Management and Budget (OMB) and the National Security Council, must conduct an interagency review of all current and potential federal uses of biological data. The Standard should specifically adopt a privacy-centric model, similar to that established by the 2019 Interim Department of Justice policy on genetic genealogy. Once developed, federal agencies must make the Standard available to state and local partners to serve as a model for non-federal policy. Additionally, OSTP should publish a public-facing framework that clarifies federal use cases. This framework must include clear definitions of biological data types, transparent access standards, a list of actions explicitly prohibited by the new protocol, and clear accountability mechanisms.
This standard will define strict policies for permissible federal use of biological data to streamline disparate protocols and prevent the over-exposure of citizen data by the federal government. It will additionally serve as a model to ensure consistent protection for Americans across all levels of government.
Recommendation 3. Implement Technical Standards For Biological Data Security And Innovation
The president should direct OMB to issue a Biological Data Protection Directive. This directive must mandate that federal agencies standardize the technical infrastructure regarding how human-derived biological data is collected, stored, and shared.
Specifically, the Directive should:
- Develop National Security Standards. Task the National Science and Technology Council (NSTC) to form a subcommittee that works with NIST to develop national technical standards for data storage, sharing, and selling. NIST should leverage recommendations from the National Security Commission on Emerging Biotechnology to ensure these standards promote AI-readiness and interoperability.
- Leverage Federal Buying Power. Direct the National Institutes of Health (NIH) to condition federal grant funding on compliance with these updated NIST data security and interoperability standards.
- Support Private Sector Adoption. Direct the Federal Trade Commission (FTC) to engage industry stakeholders to identify technical obstacles preventing the private sector from adopting NIST standards. The FTC should collaborate with stakeholders to build technical roadmaps for adoption and create a public database of companies that fail to update their protocols or adhere to these security standards.
To implement these activities, the president should request Congress to appropriate $50-80 million over three years for staffing, training, and technical infrastructure. Standardizing this infrastructure will close security gaps that currently allow foreign adversaries to target American biological data while driving market-wide adoption of secure protocols and reducing friction for U.S. businesses.
Conclusion
Biological data is becoming as central to modern society as a traditional digital footprint and carries similar far-reaching risks if misused. Without proactive federal action, the expanding role of biological data will continue to enable new forms of discrimination, privacy violations, and civil-rights harms, while leaving critical national assets vulnerable to exploitation by foreign competitors and unchecked domestic surveillance.
If successfully and fully implemented, these new policies would protect individual rights and secure the bioeconomy, establishing the United States as a leader in responsible biotechnology innovation. The first recommendation would provide clear and enforceable civil protections for all Americans, ensuring that individuals, businesses, and institutions cannot misuse biological information regardless of how it was obtained. This would prevent cases like that of Colman Chadam from recurring. The second recommendation would support more effective and accountable law enforcement by establishing rigorous, updated guidelines that limit federal overreach, and ultimately reduce privacy risks while improving public trust. Finally, the third recommendation would strengthen federally funded and private biomedical research by developing standards that make biological data interoperable, AI-ready, and secure.
The combination of all the recommendations will provide clarity to both state and private actors on appropriate development, storage, and use of biological information. This approach ensures that U.S. values define the global bioeconomy, creating lasting protections for the use of this information in critical facets of society.
The proposed legislation will define “biological information” broadly to encompass all data derived from biological samples or measurements that can reveal health, behavioral, or ancestry-related traits. This includes molecular, biometric, and physiological data that can infer or predict personal or familial traits and diseases.
The proposal complements, rather than replaces, existing civil rights frameworks. By adding “biological information” to the list of protected classes, the law provides a clear and enforceable basis for addressing discrimination that current statutes do not explicitly cover.
Enforcement will rely on existing federal civil rights and consumer protection infrastructure. The Equal Employment Opportunity Commission will be empowered to investigate biological-data–based discrimination in employment, while the Department of Justice’s Civil Rights Division can address systemic violations across public institutions. The Federal Trade Commission will continue to regulate unfair or deceptive data practices by private companies.
Many small businesses and startups are already taking scattered approaches to protecting their data. This policy would remove burdens and accelerate biotechnological innovation by providing clear standards for the use of biological data for those entering the field and lowering the delays necessary to understand a scattered regulatory landscape.
Due to advancements in biotechnology, malicious domestic actors may use biological data to target, blackmail, or exploit different segments of the American public who have voluntarily provided this information. This policy would minimize those risks by securing personal information and provide clear ramifications for misuses.
By implementing this policy, the U.S. will be the first country to make comprehensive policy on the security and use of personal biological datasets by federal and private actors. This policy will thus serve as a model for other nations realizing the dangers and necessity of protecting this type of information.
To secure the U.S. bio-infrastructure, maintain global leadership in biotechnology, and safeguard American citizens from emerging threats to their privacy, the federal government must modernize its approach to human genetic and biological data.
From use to testing to deployment, the scaffolding for responsible integration of AI into high-risk use cases is just not there.
The Federation of American Scientists supports Congress’ ongoing bipartisan efforts to strengthen U.S. leadership with respect to outer space activities.
By preparing credible, bipartisan options now, before the bill becomes law, we can give the Administration a plan that is ready to implement rather than another study that gathers dust.