By Dave Simpson

Law360 (September 29, 2020, 6:33 PM EDT) -- California Gov. Gavin Newsom vetoed a proposed state law that would establish privacy protections over the data collected by genetic testing companies like Ancestry.com and 23andMe, saying that it could interfere with laboratories' mandate to report COVID-19 test results.

Senate Bill 980, which was introduced by Sen. Tom Umberg, D-Orange County, would have created the Genetic Information Privacy Act, requiring companies to provide clear notice that a consumer's de-identified genetic or phenotypic information may be shared with third parties for research purposes and to clearly disclose all other ways their genetic data might be shared.

The bill also would have allowed consumers to revoke their consent to certain disclosure procedures and required the companies to destroy the consumer's biological samples within 30 days of this revocation.

But Newsom said in a letter to the state Senate on Friday that while he shares "the perspective that the sensitive nature of human genetic data warrants strong rights and protections" the bill could "unintentionally impede" the critical COVID-19 reporting requirements.

"The broad language in this bill risks unintended consequences, as the 'opt-in' provisions of the bill could interfere with the laboratories' mandatory requirement to report COVID-19 test outcomes to local public health departments, who report that information to the California Department of Health," Newsom told the legislators in the letter.

The bill would have required that the testing companies comply with all applicable laws for disclosing genetic data to law enforcement without express consent. It also would have required companies to implement certain data security procedures.

The bill cleared the state Assembly in a 54-10 vote and passed the state Senate in a 39-0 vote. The bill would have imposed civil penalties for violations of the provisions.

"We're disappointed that Governor Newsom rejected this common-sense legislation. Privacy and security protections over this extremely sensitive data are sorely needed, especially in light of data breaches at several direct-to-consumer genetic testing companies in recent years," Maureen Mahoney, policy analyst for Consumer Reports, said in a release. "Without these protections, by default, California consumers' most personal information can be bought and sold to third parties without their knowledge."

Newsom noted in his letter Friday that because he agrees with the "primary goal" of the bill, he is directing the California Health and Human Services Agency and Department of Public Health to "work with the legislature on a solution that achieves the privacy aims of the bill while preventing inadvertent impacts on COVID-19 testing measures."

Genetic testing companies have already faced accusations of improper data sharing.

Ancestry.com was accused of releasing the private health information of thousands of clients who bought DNA products to unnamed third parties, according to a proposed class action filed in California state court in April 2019 and removed to federal court in June 2019.

Lori Collett was seeking to represent all Californians who had their personal information compromised after they bought genealogy services from Ancestry.com Inc. and Ancestry.com DNA LLC.

The complaint accused Ancestry of false advertising for representing to the public that users' private health information would be secure. Collett also claimed that Ancestry was negligent for failing to keep the information safe, and that it was violating a state unfair competition law when it breached its fiduciary duty of confidentiality.

That suit is pending.

In May 2019, a Missouri appellate panel reversed a trial judge's denial of arbitration in a proposed class action alleging Ancestry.com released customers' private health information to third parties without permission, saying an arbitrator must determine whether the case should be arbitrated.

--Editing by Emily Kokoll.

For a reprint of this article, please contact reprints@law360.com.