No CrossRef data available.
We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.
We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.
Published online by Cambridge University Press: 01 January 2025
Genetic information is widely recognised as being particularly sensitive personal information about an individual and his or her family. This article presents an analysis of the privacy policies of Australian companies that were offering direct-to-consumer genetic testing services in 2012–13. The results of this analysis indicate that many of these companies do not comply with the Privacy Act 1988 (Cth), and will need to significantly reassess their privacy policies now that significant new amendments to the Act have come into force. Whilst the Privacy Commissioner has increased powers under the new amendments, the extent to which these will mitigate the deficiencies of the current regime in relation to privacy practices of direct–to-consumer genetic testing companies remains unclear. Accordingly, it may be argued that a privacy code for the direct-to-consumer genetic testing industry would provide clearer standards. Alternatively it may be time to rethink whether a sui generis approach to protecting genetic information is warranted.
This project was funded by an Australian Research Council discovery grant DP11010069. We thank Professors Don Chalmers and Margaret Otlowski for their comments on an early draft of this paper and thank an anonymous reviewer for detailed feedback.
1 Privacy Act 1988 (Cth) ('Privacy Act’) sch 1, as amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) ('Enhancing Privacy Protection Act’) sch 1 cl 104.
2 It is interesting to note that the opposite approach has been taken in the United States in respect of discrimination: see Genetic Information Nondiscrimination Act of 2008, Pub L No 110–233, 122 Stat 881 (2008). See also Amy McGuire and Mary Anderlik Majumder, ‘Two Cheers for GINA?’ (2009) 1(6) Genome Medicine 61; Jessica L Roberts, ‘Preempting Discrimination: Lessons from the Genetic Information Nondiscrimination Act’ (2010) 63 Vanderbilt Law Review 439; Mark Rothstein, ‘GINA, the ADA, and Genetic Discrimination in Employment’ (2008) 36 Journal of Law, Medicine & Ethics 837.
3 See particularly Senate Legal and Constitutional Legislation Committee, Provisions of the Genetic Privacy and Non-Discrimination Bill 1998 (as introduced in the 38th Parliament) (1999); Australian Law Reform Commission and Australian Health Ethics Committee, Essentially Yours: The Protection of Human Genetic Information in Australia, Report No 96 (2003) ('Essentially Yours’) vol 1, ch 3 [7.63]–[7.65].
4 Essentially Yours, above n 3, vol 1, ch 7.
5 Ibid vol 1, recommendations 7–1 to 7–7.
6 Privacy Act s 6.
7 Ibid.
8 Letter from United States Food and Drug Administration to Ann Wojcicki, CEO 23andMe Inc, 22 November 2013 <http://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2013/ucm376296.htm>. This action on the part of the FDA attracted a great deal of popular media commentary. See, eg, Larry Downes and Paul Nunes, Regulating 23andMe Won't Stop the New Age of Genetic Testing (1 January 2014) Wired <http://www.wired.com/opinion/2014/01/the-fda-may-win-the-battle-this-holiday-season-but-23andme-will-win-the-war>; Rahul Rekhi, ‘A Government Ban on 23andMe's Genetic Testing Ignores Reality', The Guardian (online), 5 December 2013 <http://www.theguardian.com/commentisfree/2013/dec/04/23andme-consumer-genomics-fda-ban-regulation>; Frida Polli, ‘Why 23andme Deserves A Second Chance', Forbes (online), 14 January 2014 <http://www.forbes.com/sites/fridapolli/2014/01/14/why-23andme-deserves-a-second-chance/>; Ruth Macklin, ‘The FDA and 23andMe: Regulating Direct-to-Consumer Genetic Tests', The Huffington Post (online), 17 December 2013 <http://www.huffingtonpost.com/ruth-macklin/23andme_b_4447497.html>.
9 This limitation on the services offered by 23andme is readily apparent from a visit to the home page of the company's website: <https://www.23andme.com/>.
10 See, eg, Cheryl Berg and Kelly Fryer-Edwards, ‘The Ethical Challenges of Direct-To-Consumer Genetic Testing’ (2008) 77 Journal of Business Ethics 17; Stuart Hogarth, Gail Javitt and David Melzer, ‘The Current Landscape for Direct-To-Consumer Genetic Testing: Legal, Ethical, and Policy Issues’ (2008) 9 Annual Review of Genomics and Human Genetics 161; Tim Caulfield et al ‘Direct-To-Consumer Genetic Testing: Good, Bad or Benign? (2009) 77(2) Clinical Genetics 101; David Magnus, Mildred K Cho and Robert Cook-Deegan, ‘Direct-To-Consumer Genetic Tests: Beyond Medical Regulation?’ (2009) 1 Genome Medicine 17.
11 Essentially Yours, above n 3, vol 1, 347.
12 Nola Ries et al, Analysis of Policies and Practices of Direct-to-Consumer Genetic Testing Companies: Private Sector Databanks and Privacy Protection Norms (Health Law Institute, University of Alberta, 2010). Report funded by the Office of the Privacy Commissioner of Canada.
13 Essentially Yours, above n 3, vol 1, 132 [11.52].
14 Douglas H, Ginsburg, ‘Genetics and Privacy’ (2000) 4 Texas Review of Law and Politics 17, 17Google Scholar.
15 Lyria Bennett Moses, ‘Sui Generis Rules’ in Gary E Marchant, Braden R Allenby and Joseph R Herkert (eds), The Growing Gap Between Emerging Technologies and Legal-Ethical Oversight: The Pacing Problem (Springer, 2011) 81.
16 Radhika, Rao, ‘A Veil of Genetic Ignorance? Protecting Genetic Privacy to Ensure Equality’ (2006) 51 Villanova Law Review 827, 831Google Scholar.
17 George J, Annas, Leonard H, Glantz and Patricia A, Roche, ‘Drafting the Genetic Privacy Act: Science, Policy and Practical Considerations’ (1995) 23 Journal of Law, Medicine and Ethics 360, 360Google Scholar.
18 Ibid.
19 Ginsburg, above n 14, 20; Lawrence O Gostin and James G Hodge Jr, ‘Genetic Privacy and the Law: An End to Genetic Exceptionalism’ (1999–2000) 40 Jurimetrics 21, 23; Mark A Rothstein, ‘Why Treating Genetic Information Separately is a Bad Idea’ (2000) 4 Texas Review of Law and Politics 33, 34.
20 Essentially Yours, above n 3, vol 1, 129 [3.2].
21 Ibid, vol 1, 129–30.
22 Ginsburg, above n 14.
23 Ibid 20.
24 Gostin and Hodge, above n 19, 23.
25 Rothstein, above n 19, 34.
26 Ibid.
27 Ibid.
28 See the articles referred to above n 2.
29 Annas, Glantz and Roche, above n 17. Note that the Bill proposed by Annas, Glantz and Roche did not proceed. Although the Genetic Information Nondiscrimination Act is now in force, it focuses solely on genetic discrimination, not privacy.
30 Senate Legal and Constitutional Legislation Committee, above n 3, [5.32].
31 Attorney–General and Minister for Health and Aged Care, Terms of Reference: Protection of Human Genetic Information (5 February 2001, published online 6 July 2010) Australian Law Reform Commission <http://www.alrc.gov.au/inquiries/protection-human-genetic-information/terms-reference>.
32 Essentially Yours, above n 3, vol 1, 132.
33 Ibid vol 1, 140–1 [3.57].
34 Ibid vol 1, 141 [3.58].
35 United Nations Educational, Scientific and Cultural Organization, International Declaration on Human Genetic Data, General Conference Res 22, 32nd sess, 20th mtg (16 October 2003) preamble, art 4.
36 Hogarth, Javitt and Melzer, above n 10, 162.
37 Anita Hamilton, ‘Invention of the Year: The Retail DNA Test’ Time (online), 29 October 2008 <http://content.time.com/time/specials/packages/article/0,28804,1852747_1854493_1854113,00.html> cited in Ries et al, above n 12, 4.
38 Editorial, ‘Putting DNA To the Test’ (2009) 461 Nature 697, 697 cited in Ries et al, above n 12, 4.
39 These health-related reports are no longer provided to consumers, following the warning letter received by 2andme from the FDA: 23andMe, Status of our health-related genetic reports <https://www.23andme.com/health/>. A series of short articles in Nature Education provide useful overviews of these developments for the non-scientist. See, eg, Johanna Craig, ‘Complex Diseases: Research and Applications’ (2008) 1(1) Nature Education, 184.
40 Gene Partner, Love is No Coincidence, <http://www.genepartner.com>; Test Infidelity, Your infidelity questions. Answered. <http://www.testinfidelity.com>.
41 Ries et al, above n 12, 4.
42 Kevin, Davies, The $1,000 Genome: The Revolution in DNA Sequencing and the new Era of Personalized Medicine (Free Press, 2010)Google Scholar; Laura, DeFrancesco, ‘Life Technologies Promises $1,000 Genome’ (2012) 30 Nature Biotechnology 126Google Scholar.
43 The gamut of legal, ethical and social implications was most fully canvassed in Australia in Essentially Yours, above n 3.
44 See Bryn, William-Jones, ‘“Be Ready Against Cancer, Now“: Direct-to-Consumer Advertising for Genetic Testing’ (2006) 25(1) New Genetics and Society 89Google Scholar; Adam J, Wolfberg ‘Genes on the Web – Direct-to-Consumer Marketing of Genetic Testing’ (2006) 355 New England Journal of Medicine 543Google Scholar.
45 Hogarth, Javitt and Melzer, above n 10, 162.
46 Ries et al, above n 12, 5,
47 See, eg, Hogarth, Javitt and Melzer, above n 10; Magnus, Cho and Cook-Deegan, above n 10.
48 Timothy Caulfield and Amy L McGuire, ‘Direct-to-Consumer Genetic Testing: Perceptions, Problems, and Policy Responses’ (2012) 63 Annual Review of Medicine 23, 26, 28.
49 Ibid 26.
50 United States Government Accountability Office, ‘Testimony Before the Subcommittee on Oversight and Investigations, Committee on Energy and Commerce, House of Representatives: Misleading Test Results Are Further Complicated by Deceptive Marketing and Other Questionable Practices. Statement of Gregory Kutz, Managing Director, Forensic Audits and Special Investigations’ (22 July 2010) ('US GAO Testimony to the US House of Representatives’) 1.
51 Ibid 15.
52 Patricia A, Roche and George J, Annas, ‘DNA Testing, Banking and Genetic Privacy’ (2006) 355(6) New England Journal of Medicine 545, 545Google Scholar.
53 Ries et al, above n 12, 5.
54 Ibid 5.
55 Caulfield and McGuire, above n 48, 28.
56 Ries et al, above n 12, 7.
57 Roche and Annas, above n 52, 545.
58 Ibid.
59 Kathy, Hudson et al, ‘ASHG Statement on Direct-to-Consumer Genetic Testing in the United States’ (2007) 81(3) American Journal of Human Genetics 635, 635Google Scholar.
60 Margaret Otlowski and Dianne Nicol, ‘The Regulatory Framework for the Protection of Genetic Privacy in Australia’ in Terry S-H Kaan and Calvin W-L Ho (eds) Genetic Privacy: An Evaluation of the Ethical and Legal Landscape (Imperial College Press, 2013) 283.
61 D, Gurqitz and Y, Bregman-Eschet, ‘Personal Genomics Services: Whose Genomes?’ (2009) 17(1) European Journal of Human Genetics 883, 885Google Scholar.
62 Essentially Yours, above n 3, vol 1, 132.
63 US GAO Testimony to the US House of Representatives, above n 50, 2, 16.
64 Ries et al, above n 12.
65 Other analyses echo the view that some direct-to-consumer genetic testing companies fail to provide adequate information to consumers about the companies’ practices and policies. See, eg, Norman P Lewis et al, ‘DTC Genetic Testing Companies Fail Transparency Prescriptions’ (2011) 30 New Genetics and Society 291; Yuping Liu and Yvette E Pearson, ‘Direct-to-Consumer Marketing of Predictive Medical Genetic Tests: Assessment of Current Practices and Policy Recommendations’ (2008) 27 Journal of Public Policy & Marketing 131.
66 OECD Working Party on Information Security and Privacy, ‘The Evolving Privacy Landscape: 30 Years after the OECD Privacy Guidelines’ (Document DSTI/ICCP/REG(2010) 6, Organisation for Economic Co-operation and Development, 2 May 2011) 7–9. For a comprehensive discussion of these developments, see David Banisar and Simon Davies, ‘Global Trends in Privacy Protection: An International Survey of Privacy, Data Protection, and Surveillance Laws and Developments’ (1999) 18 John Marshall Journal of Computer and Information Law 1.
67 OECD guidelines are not binding legal instruments but reflect the political commitment of member countries to comply with their spirit and content.
68 Organisation for Economic Co-operation and Development, OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (OECD, 1980).
69 See OECD Working Party on Information Security and Privacy, above n 66, 39. See also Banisar and Davies, above n
70 Through the Australian Information Commissioner Act 2010 (Cth).
71 Office of the Privacy Commissioner, Getting in on the Act: The Review of the Private Sector Provisions of the Privacy Act 1988 (2005) ('Privacy Commissioner's Review’) 27.
72 Ibid 28.
73 See Office of the Privacy Commissioner Australia, ‘National Principles for Fair Handling of Personal Information’ (1998) 4(9) Privacy Law & Policy Reporter 163.
74 Privacy Amendment (Private Sector) Act 2000 (Cth) sch1 cl 1.
75 It should be noted, however, that NPP10.1 also includes other options justifying collection, and NPP10.2 and 10.3 provide a list of justifications for collection outside of the limits set by NPP10.1.
76 ‘Organisation’ is defined in s 6C of the Privacy Act, and includes individuals, bodies corporate and other legal entities.
77 Privacy Act s 6D.
78 Ibid s 6D(9).
79 Ibid s 6D(4)(b).
80 Ibid s 6D(4)(c), s 6D(7).
81 Essentially Yours, above n 3, vol 1, 253.
82 Privacy Act s 6D(4)(c).
83 Privacy Act s 5B(3), as amended by the Enhancing Privacy Protection Act sch 4 item 4.
84 Dianne, Nicol and Meredith, Hagger, ‘Direct-To-Consumer Genetic Testing – A Regulatory Nightmare?’ (2013) 198 Medical Journal of Australia 501, 502Google Scholar.
85 See Malcolm Crompton, ‘“Light Touch” or “Soft Touch” – Reflections of a Regulator Implementing a New Privacy Regime’ (Paper presented at the National Institute of Governance (Canberra) and Committee for Economic Development of Australia (Melbourne), 2004), Office of the Privacy Commissioner, <http://opc.joomla-prime.icemedia.com.au/index.php?option=com_icedoc&view=types&element=speeches&sortby=60&Itemid=1021>.
86 Privacy Act s 18BB.
87 Office of the Australian Information Commissioner, ‘Privacy Codes, <http://www.oaic.gov.au/privacy/applying-privacy-law/privacy-registers/privacy-codes/>.
88 This is the Internet Industry Association draft code, which was first drafted in 2001 and appears to have been in a state of limbo since that time. See Internet Industry Association,
'IIA Launches Australia's First Draft Privacy Code for the Net’ (16 August 2001) <http://iia.net.au/content/iia-launches-australias-first-draft-privacy-code-net>.
89 Privacy Act (as at 11 March 2014) sch 3 principle 5.1. On 12 March 2014, the NPPs were replaced by the APPs. In this article, all references to ‘Privacy Act (as at 11 March 2014)’ are references to the Privacy Act as it stood immediately prior to the commencement of the APPs.
90 See Steven A Hetcher, ‘The Emergence of Website Privacy Norms’ (2001) 7 Michigan Telecommunication and Technology Law Review 97.
91 Privacy Commissioner's Review, above n 71.
92 Privacy and Personal Information Protection Act 1998 (NSW); Information Privacy Act 2000 (Vic); Information Act 2002 (NT); Personal Information Protection Act 2004 (Tas); Information Privacy Act 2009 (Qld).
93 Privacy Commissioner's Review, above n 71, 166.
94 Ibid recommendation 1.
95 Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, Report 108 (2008) ('For Your Information’).
96 Australian Government, Enhancing National Privacy Protection: Australian Government First Stage Response to the Australian Law Reform Commission Report 108, For Your Information: Australian Privacy Law and Practice (Commonwealth of Australia, 2009).
97 Commonwealth, Parliamentary Debates, House of Representatives, 23 May 2012, 5210 (Nicola Roxon, Attorney-General).
98 Privacy Act ss 40, 52.
99 Ibid s 52(1)–(1A).
100 Ibid s 41(1)(dd).
101 Ibid s 55A.
102 Seven Network (Operations) Ltd v Media Entertainment and Arts Alliance (2004) 148 FCR 145, 159–160 [40].
103 Privacy Act s 33C, as amended by the Enhancing Privacy Protection Act sch 4 item 64.
104 Ibid s 33E, as amended by the Enhancing Privacy Protection Act sch 4 item 64.
105 Privacy Act s 33F(1)–(2), as amended by the Enhancing Privacy Protection Act sch 4 item 64.
106 Moorgate Tobacco Co Ltd v Philip Morris Ltd [No 2] (1984) 156 CLR 414, 437–438; Coco v AN Clark (Engineers) Ltd (1968) 1A IPR 587, 590.
107 Australian Football League v Age Co Ltd [No 2] (2006) 15 VR 419, 445.
108 Harris v Digital Pulse Pty Ltd (2003) 56 NSWLR 298, 342; Giller v Procopets (2008) 24 VR 1, 33.
109 Fraser v Evans [1969] 1 All ER 8, 11.
110 Giller v Procopets (2008) 24 VR 1, 101.
111 Ibid 102; Doe v Australian Broadcasting Corporation [2007] VCC 281 (3 April 2008) [144]–[145].
112 Giller v Procopets [2004] VSC 113 (7 April 2004) [163]–[170].
113 Moorgate Tobacco Co Ltd v Philip Morris Ltd [No 2] (1984) 156 CLR 414, 437–438.
114 See, eg, Campbell v MGN Ltd [2004] 2 AC 457, 496–7.
115 Ibid.
116 Human Rights Act 1998 (UK).
117 Ibid s 6; European Convention for the Protection of Human Rights and Fundamental Freedoms, opened for signature 4 November 1950, 213 UNTS 221 (entered into force 3 September 1953) art 8(1)–(2).
118 Charter of Human Rights and Responsibilities Act 2006 (Vic) s 13.
119 Human Rights Act 2004 (ACT) s 12.
120 For Your Information, above n 95, vol 3, 2584 recommendation 74–1; Victorian Law Reform Commission, Surveillance in Public Places: Final Report, Report No 18 (2010) 17–18; New South Wales Law Reform Commission, Invasion of Privacy, Report No 120 (2009) 3.
121 Senator Stephen Conroy, Minister for Broadband, Communications and the Digital Economy, ‘Government Response to Convergence Review and Finkelstein Inquiry’ (Media Release, 12 March 2013) <http://pandora.nla.gov.au/pan/80090/20130918-1430/www.minister.dbcde.gov.au/conroy/media/media_releases/2013/036.html>.
122 Grosse v Purvis (2003) Aust Torts Reports 81 706 [442].
123 Doe v Australian Broadcasting Corporation [2007] VCC 281 (3 April 2008) [157].
124 A large body of commentary exists on the development of a tort of privacy in the Australian context. See, eg, Megan, Richardson, ‘Whither Breach of Confidence: A Right of Privacy for Australia?’ (2002) 26 Melbourne University Law Review 381Google Scholar; David, Lindsay, ‘An Exploration of the Conceptual Basis of Privacy and the Implications for the Future of Australian Privacy Law’ (2005) 29 Melbourne University Law Review 131Google Scholar; Des, Butler, ‘A Tort of Invasion of Privacy in Australia?’ (2005) 29 Melbourne University Law Review 339Google Scholar.
125 The companies examined were easyDNA, The Genetic Testing Laboratory Pty Ltd, Secure DNA Technologies, Lumigenix Pty Ltd, Genetrack Biolabs Inc, DNA Bioservices, homeDNAdirect, DNA Solutions, DNA Labs, Genetic Technologies, MyGene, Fitgenes, GeneCare, and smartDNA Pty Ltd.
126 Ries et al, above n 12, 12.
127 See R Dvoskin and D Kaufman, ‘Tables of Direct-to-Consumer Genetic Testing Companies and Conditions Tested – August 2011’ (2011), Genetics and Public Policy Center <http://www.dnapolicy.org/pub.reports.php?action=detail&report_id=28>.
128 Essentially Yours, above n 3, vol 1, 347.
129 For example, on 29 April 2014, Lumigenix no longer had a functioning website (previously http://www.lumigenix.com); SecureDNA Technologies also no longer had a functional website (previously <http://www.securedna.com.au>; not to be confused with <http://www.securedna.com>, the website for an IT security company; MyGene's website (previously <http://www.mygene.com.au/>) was described as suspended; GeneCare's website was described as currently offline (previously <http://www.genecare.com.au/>).
130 These were: EasyDNA Australia, The Genetic Testing Laboratory Australia Pty Ltd, Secure DNA Technologies, and Lumigenix Pty Ltd.
131 Lumigenix, Media Releases on file with authors.
132 SecureDNA Technologies Pty Ltd, Predisposition on file with authors. It should be noted that the statement that tests ‘will be made available to the market in the coming months’ remained unchanged for more than a year.
133 The authors identified five Australian companies that offer GP-mediated genetic testing but advertise directly to the public: Genetic Technologies, MyGene Pty Ltd, Fitgenes Pty Ltd, GeneCare and SmartDNA Pty Ltd.
134 MyGene <http://www.mygene.com.au> (website suspended as at 29 April 2014). Materials on file with authors.
135 MyGene <http://www.mygene.com.au> (website suspended as at 29 April 2014). Materials on file with authors.
136 These were: Genetrack Biolabs Inc, DNA Bioservices, homeDNAdirect, DNA Solutions, DNA Labs, Silbase Genetics and DNA Qld.
137 Essentially Yours, above n 3, vol 2, 861.
138 The Secure DNA Technologies website was accessed in August 2012 and again in September 2013, but was no longer accessible as at 29 April 2014. No privacy policy was available on the website at any stage of the analysis.
139 The Lumigenix website was accessed in August 2012. As of September 2013, the Lumigenix website simply stated that a new website was ‘coming soon'. As at 29 April 2014, the website was no longer accessible. Nevertheless, this paper has included an analysis of Lumigenix's previous privacy policy as it was the most comprehensive policy amongst the companies analysed.
140 This privacy policy was accessed in August 2012. In September 2013 the website contained a notice that the privacy policy was being updated, and stated that a privacy policy could be obtained directly from Mygene. However, on 29 April 2014 the entire website was suspended. Nevertheless, this paper has included an analysis of Mygene's previous privacy policy as it provides an example of one of the briefest policies analysed.
141 This privacy policy was accessed in August 2012 and again in September 2013. However, on 29 April 2014 the entire website was offline. Nevertheless, this paper has included an analysis of GeneCare's previous privacy policy as it provides another example of a brief policy.
142 Although there is a link to a privacy policy, it only shows up as a blank page.
143 Privacy Act (as at 11 March 2014) sch 3 principle 5.
144 Privacy Act sch 1 cl 1.5, as amended by the Enhancing Privacy Protection Act sch 1 cl 104.
145 The policies of Fitgenes, DNA Labs and Silbase Genetics contained similar statements.
146 Privacy Act s 26C(2), as amended by the Enhancing Privacy Protection Act sch 3 cl 29.
147 Privacy Act (as at 11 March 2014) sch 3.
148 Privacy Act sch 1, as amended by the Enhancing Privacy Protection Act sch 1 cl 104.
149 ‘Personal information’ is defined in s 6 of the Privacy Act as information about an individual whose identity is apparent, or is reasonably identifiable, and is recorded in material form or not. Whether a biological sample, for example a cheek swab, contains personal information in non-material form is a contentious question that is beyond the scope of this article.
150 NPP10, Privacy Act (as at 11 March 2014) sch 3 principle 10; APP3, Privacy Act sch 1 cl 3, as amended by the Enhancing Privacy Protection Act sch 1 cl 104.
151 Essentially Yours, above n 3, vol 1, 58 recommendation 12–1.
152 Australian Law Reform Commission, Protection of Human Genetic Information (21 January 2011) <http://www.alrc.gov.au/inquiries/protection-human-genetic-information>.
153 Office of the Federal Privacy Commissioner, Guidelines on Privacy in the Private Health Sector (October 2001) xi–xii.
154 Ibid xii.
155 Ibid.
156 Privacy Act (as at 11 March 2014) sch 3 principle 2.1.
157 Privacy Act sch 1 cl 6, as amended by the Enhancing Privacy Protection Act sch 1 cl 104.
158 Privacy Act (as at 11 March 2014) sch 3 principle 2; Privacy Act sch 1 cl 6, as amended by the Enhancing Privacy Protection Act sch 1 cl 104.
159 These issues were originally identified in Ries et al, above n 12, 20.
160 Otlowski and Nicol, above n 60.
161 Hogarth, Iavitt and Melzer above n 10, 165.
162 Privacy Act (as at 11 March 2014) sch 3 principle 2.
163 Privacy Act (as at 11 March 2014) sch 3 principle 2.1.
164 Privacy Act sch 1 cl 1(4)(c), as amended by the Enhancing Privacy Protection Act sch 1 cl 104.
165 Caulfield and McGuire, above n 48, 24.
166 Privacy Act (as at 11 March 2014) sch 3 principle 9.
167 Privacy Act sch 1 cl 8, as amended by the Enhancing Privacy Protection Act sch 1 cl 104.
168 Privacy Act (as at 11 March 2014) sch 3 principle 4.1.
169 Privacy Act sch 1 cl 11.1, as amended by the Enhancing Privacy Protection Act sch 1 cl 104.
170 Easy DNA Australia and homeDNAdirect.
171 Ries et al, above n 12, 26.
172 The Genetic Testing Laboratory Australia Pty Ltd, MyGene, Fitgenes and GeneCare.
173 GeneCare, MyGene and Lumigenix.
174 See also Lumigenix and homeDNAdirect.
175 Genetic Technologies. See also MyGene, GeneCare and Lumigenix.
176 GeneCare, Lumigenix and MyGene.
177 Ries et al, above n 12, 23.
178 Debra K, Forrester, Essentials of Law for Medical Practitioners (Churchill Livingston, 2011) 59–60Google Scholar.
179 Ries et al, above n 12, 23.
180 Ibid 6.
181 Privacy Act (as at 11 March 2014) sch 3 principle 6; Privacy Act sch 1 cl 12 and cl 13, as amended by the Enhancing Privacy Protection Act sch 1 cl 104.
182 See Lumigenix, DNA Labs, and Fitgenes.
183 Privacy Act sch 1 cl 12.3 and 12.9, as amended by the Enhancing Privacy Protection Act sch 1 cl 104.
184 Essentially Yours, above n 3, vol 1, 368.
185 In August 2012 Genetrack Biolabs Inc's privacy policy stated ‘if you are under 16, you should ask your parents or a guardian before you: Email the Site, or ask us to e-mail anything to you; Send in any information; or buy anything online.’ As of September 2013, however, its privacy policy contained no reference to age.
186 Essentially Yours, above n 3, vol 2, 694.
187 Ibid, vol 2, 694. See also World Health Organisation, Proposed International Guidelines on Ethical Issues in Medical Genetics and Genetic Services (WHO, 1997); American Society of Human Genetics and American College of Medical Genetics, Points to Consider: Ethical, Legal, and Psychosocial Implications of Genetic Testing in Children and Adolescents (1995) 57 American Journal of Human Genetics 1233; Human Genetics Society of Australasia, Predictive Testing in Children and Adolescents (2003).
188 Essentially Yours, above n 3, vol 2, 696.
189 Borry et al, ‘Health-related Direct-to-Consumer Genetic Testing: A Review of Companies’ Policies with regard to Genetic Testing in Minors’ (2010) 9 Familial Cancer 51, 51.
190 Officer of the Federal Privacy Commissioner, above n 153, 24.
191 Clearly, an enforcement issue remains regarding age requirements or consent. However, as APP1 states, organisations ‘must take such steps as are reasonable in the circumstances to implement practices, procedures and systems relating to the entity's functions or activities that … ensure that the entity complies with the Australian Privacy Principles': Privacy Act sch 1 cl
192 Privacy Act (as at 11 March 2014) sch 3 principle 5.
193 Privacy Act sch 1 cl 1.4, as amended by the Enhancing Privacy Protection Act sch 1 cl 104.
194 Privacy Act (as at 11 March 2014) sch 3 principle 5; Privacy Act sch 1 cl 1, as amended by the Enhancing Privacy Protection Act sch 1 cl 104.
195 Privacy Act sch 1 cl 1.5, as amended by the Enhancing Privacy Protection Act sch 1 cl 104.
196 Ries et al, above n 12, 33.
197 Privacy Act sch 1 cl 1.4, as amended by the Enhancing Privacy Protection Act sch 1 cl 104.
198 Privacy Act s 33C, as amended by the Enhancing Privacy Protection Act sch 4 cl 64.
199 Office of the Privacy Commissioner, ‘Information Sheet (Private Sector 11 – 2001: Privacy Codes’ <http://opc.joomla-prime.icemedia.com.au/index.php?option=com_icedoc&view=types&element=infosheets&fullsummary=6543&Itemid=1021>.
200 Ries et al, above n 12; Borry et al, above n 189.
201 Nicol and Hagger, above n 84.
202 See Caulfield and McGuire, above n 48.