First Action Against Marketers of Purported Personalized Genomics Settled by FTC

In the first Federal Trade Commission (FTC) enforcement action brought against makers of purportedly personalized genomics, the FTC has approved final consent orders settling charges that GeneLink, Inc. (GeneLink)  and its former subsidiary, foru™ International Corp. (foru™ International), “deceptively advertised that their personalized nutritional supplements treat diabetes, heart disease, arthritis, insomnia, and other ailments.”

Allegations

The FTC complaint alleged that through a network of individual affiliates, GeneLink and foru™ International marketed nutritional supplements and skincare products that were purportedly customized to each consumer’s unique genetic profile, based on an assessment of the DNA obtained from a cheek swab provided by the consumer.  The nutritional supplements and skin repair serum each cost more than $100 per month.

The company-approved marketing materials included claims that the customized nutritional supplements could compensate for an individual’s genetic disadvantages, and that the customized skin repair serum’s effectiveness was scientifically proven.  The companies also claimed through testimonials that the customized nutritional supplements could treat serious conditions such as diabetes, heart disease, and insomnia.

Prohibition on Health/Disease Claims

Acccording to the FTC, the final consent orders prohibit GeneLink and foru™ International, from: (1) claiming that any drug, food, or cosmetic will treat, prevent, mitigate, or reduce the risk of any disease, by varying the effect of genes or based on a customized genetic assessment of the purchaser, unless the claim is true and supported by at least two adequate and well-controlled studies; (2) misrepresenting scientific research regarding any drug, food, cosmetic, genetic test or assessment; and (3) providing their affiliates with the means to make any of these prohibited health claims. The consent orders also require that any claims that a product effectively treats or prevents a disease in persons with a particular genetic variation must be supported by randomized controlled trials on subjects with the same genetic variation.

Lax Security Measures

According to the FTC, the companies also deceptively claimed that they had taken reasonable security measures to safeguard personal information collected from nearly 30,000 consumers.  According to the FTC complaint, the companies (1) failed to protect the security of personal information, including genetic information, Social Security numbers, bank account information, and credit card numbers; (2) did not require service providers to have appropriate safeguards for consumers’ personal information; and (3) failed to use readily available security measures to limit wireless access to their network.

Security Requirements

The consent orders also settle charges that the companies’ data security practices were lax. As such, according to the FTC, the companies: (1) are prohibited from misrepresenting their privacy and security practices; (2) are required to establish and maintain comprehensive data security programs; and (3) must submit to security audits by independent auditors every other year for 20 years.

Commission Approval

When the proposed consent orders were initially published on January 7, 2014,  Chairwoman Ramirez and Commissioner Brill issued a joint statement,  Commissioner Ohlhausen issued a statement, and Commissioner Wright issued a statement.  The FTC also published an analysis of the proposed consent agreement package in the Federal Register on January 15, 2014 (79 FR 2662). The agreements were subject to public comment for 30 days, through February 6, 2014, after which the FTC decided to make the proposed consent orders final.

The FTC vote to approve the final orders in this case was 3-1-1, with Commissioner Ohlhausen dissenting and Commissioner McSweeny not participating.

(FTC File No. 112 3095).