Governor Gavin Newsom of California vetoed a bill that would have created new limitations on data sharing for direct-to-consumer genetic testing companies.

The Genetic Information Privacy Act (GIPA) asked testing companies to get informed consent from customers before disclosing their data to third parties. GIPA was aimed as a stop-gap to cover data sharing that is not already regulated by the California Consumer Privacy Act (CCPA) and the federal Health Insurance Portability and Accountability Act (HIPAA).

The final bill gained significant traction in the legislature. It passed both houses without a single vote against it.

In his veto message, the Governor expressed concern about the “unintended consequences” of the bill. Governor Newsom fears the bill would constrain mandatory reporting of COVID-19 test results to local public health departments and the California Department of Public Health.

California has been exceedingly active in the past few years putting forward innovative regulation of personal information. This veto is an example of the state taking a measured approach to the regulation of health data in the midst of the COVID-19 pandemic.

The Governor signaled that he supports the overall goals of the bill. He directed California state agencies to work with the Legislature on a revised version that takes into account the need to share COVID-19 testing data with authorities.

Putting it Into Practice. This version of the GIPA is put to rest. However, California has signaled it plans to pass a law regulating data sharing for genetic testing companies in the near future. Companies innovating in this area can begin reviewing their existing disclosures and consents with an eye toward getting opt-in consent in the future.