new text begin Subdivision 1. new text end

new text begin Definitions. new text end

new text begin (a) For purposes of this section, the following terms have
the meanings given them.
new text end

new text begin (b) "Biological sample" means any material part of a human, discharge from a material
part of a human, or derivative from a material part of a human, including but not limited to
tissue, blood, urine, or saliva, that is known to contain deoxyribonucleic acid (DNA).
new text end

new text begin (c) "Consumer" means an individual who is a Minnesota resident.
new text end

new text begin (d) "Deidentified data" means data that cannot reasonably be used to infer information
about, or otherwise be linked to, an identifiable consumer and that is subject to:
new text end

new text begin (1) administrative and technical measures to ensure the data cannot be associated with
a particular consumer;
new text end

new text begin (2) public commitment by the company to (i) maintain and use data in deidentified form,
and (ii) not attempt to reidentify the data; and
new text end

new text begin (3) legally enforceable contractual obligations that prohibit any recipients of the data
from attempting to reidentify the data.
new text end

new text begin (e) "Direct-to-consumer genetic testing company" or "company" means an entity that:
(1) offers consumer genetic testing products or services directly to consumers; or (2) collects,
uses, or analyzes genetic data that was (i) collected via a direct-to-consumer genetic testing
product or service, and (ii) provided to the company by a consumer. Direct-to-consumer
genetic testing company does not include an entity that collects, uses, or analyzes genetic
data or biological samples only in the context of research, as defined in Code of Federal
Regulations, title 45, section 164.501, that is conducted in a manner that complies with the
federal policy for the protection of human research subjects under Code of Federal
Regulations, title 45, part 46; the Good Clinical Practice Guideline issued by the International
Council for Harmonisation; or the United States Food and Drug Administration Policy for
the Protection of Human Subjects under Code of Federal Regulations, title 21, parts 50 and
56.
new text end

new text begin (f) "Express consent" means a consumer's affirmative response to a clear, meaningful,
and prominent notice regarding the collection, use, or disclosure of genetic data for a specific
purpose.
new text end

new text begin (g) "Genetic data" means any data, regardless of the data's format, that concerns a
consumer's genetic characteristics. Genetic data includes but is not limited to:
new text end

new text begin (1) raw sequence data that results from sequencing a consumer's complete extracted
DNA or a portion of the extracted DNA;
new text end

new text begin (2) genotypic and phenotypic information that results from analyzing the raw sequence
data; and
new text end

new text begin (3) self-reported health information that a consumer submits to a company regarding
the consumer's health conditions and that is (i) used for scientific research or product
development, and (ii) analyzed in connection with the consumer's raw sequence data.
new text end

new text begin Genetic data does not include deidentified data.
new text end

new text begin (h) "Genetic testing" means any laboratory test of a consumer's complete DNA, regions
of a consumer's DNA, chromosomes, genes, or gene products to determine the presence of
genetic characteristics.
new text end

new text begin (i) "Person" means an individual, partnership, corporation, association, business, business
trust, or legal representative of an organization.
new text end

new text begin Subd. 2. new text end

new text begin Disclosure and consent requirements. new text end

new text begin (a) To safeguard the privacy,
confidentiality, security, and integrity of a consumer's genetic data, a direct-to-consumer
genetic testing company must:
new text end

new text begin (1) provide clear and complete information regarding the company's policies and
procedures governing the collection, use, maintenance, and disclosure of genetic data by
making available to a consumer:
new text end

new text begin (i) a high-level privacy policy overview that includes basic, essential information about
the company's collection, use, or disclosure of genetic data; and
new text end

new text begin (ii) a prominent, publicly available privacy notice that includes at a minimum information
about the company's data collection, consent, use, access, disclosure, maintenance, transfer,
security, retention, and deletion practices;
new text end

new text begin (2) obtain a consumer's consent to collect, use, and disclose the consumer's genetic data,
including at a minimum:
new text end

new text begin (i) initial express consent that clearly (A) describes the uses of the genetic data collected
through the genetic testing product service, and (B) specifies who has access to the test
results and how the genetic data may be shared;
new text end

new text begin (ii) separate express consent to (A) transfer or disclose the consumer's genetic data to
any person other than the company's vendors and service providers, or (B) use genetic data
beyond the primary purpose of the genetic testing product or service and inherent contextual
uses;
new text end

new text begin (iii) separate express consent to retain any biological sample provided by the consumer
following completion of the initial testing service requested by the consumer;
new text end

new text begin (iv) informed consent in compliance with federal policy for the protection of human
research subjects under Code of Federal Regulations, title 45, part 46, to transfer or disclose
the consumer's genetic data to a third-party person for research purposes or research
conducted under the control of the company for publication or generalizable knowledge
purposes; and
new text end

new text begin (v) express consent for marketing by (A) the direct-to-consumer genetic testing company
to a consumer based on the consumer's genetic data, or (B) a third party to a consumer based
on the consumer having ordered or purchased a genetic testing product or service. For
purposes of this clause, "marketing" does not include customized content or offers provided
on the websites or through the applications or services provided by the direct-to-consumer
genetic testing company with the first-party relationship to the customer;
new text end

new text begin (3) require valid legal process to disclose genetic data to law enforcement or any other
governmental agency without a consumer's express written consent;
new text end

new text begin (4) develop, implement, and maintain a comprehensive security program to protect a
consumer's genetic data against unauthorized access, use, or disclosure; and
new text end

new text begin (5) provide a process for a consumer to:
new text end

new text begin (i) access the consumer's genetic data;
new text end

new text begin (ii) delete the consumer's account and genetic data; and
new text end

new text begin (iii) request and obtain the destruction of the consumer's biological sample.
new text end

new text begin (b) Notwithstanding any other provisions in this section, a direct-to-consumer genetic
testing company is prohibited from disclosing a consumer's genetic data without the
consumer's written consent to: (1) any entity offering health insurance, life insurance, or
long-term care insurance; or (2) any employer of the consumer.
new text end

new text begin Subd. 3. new text end

new text begin Enforcement. new text end

new text begin The commissioner of commerce may enforce this section under
section 45.027.
new text end

new text begin Subd. 4. new text end

new text begin Limitations. new text end

new text begin This section does not apply to:
new text end

new text begin (1) protected health information that is collected by a covered entity or business associate,
as those terms are defined in Code of Federal Regulations, title 45, parts 160 and 164;
new text end

new text begin (2) a public or private institution of higher education; or
new text end

new text begin (3) an entity owned or operated by a public or private institution of higher education.
new text end