The proposed "Genetic Information Privacy Act" aims to regulate direct-to-consumer genetic testing services in Rhode Island by establishing clear guidelines for the collection, use, maintenance, and disclosure of genetic data. The bill requires direct-to-consumer genetic testing companies to provide consumers with comprehensive information regarding their data practices, including a summary of privacy practices and a prominent privacy notice. It mandates that companies obtain express consent from consumers for the collection, use, and disclosure of their genetic data, with specific requirements for separate consent for various uses.

Key definitions are established in the bill, including "consumer," "genetic data," "express consent," and "dark pattern," ensuring clarity in the terms used. The act includes provisions to safeguard consumer data, requiring companies to implement reasonable security measures and allowing consumers to access, delete their data, and revoke consent. It prohibits discrimination against consumers who exercise their rights under the act, ensuring they are not denied goods, services, or benefits based on their decisions regarding genetic data.

The legislation introduces civil penalties for violations, with fines ranging from $1,000 for negligent breaches to $10,000 for willful violations, and specifies that actions for relief must be prosecuted by the attorney general. It clarifies that the provisions of this chapter do not reduce existing privacy protections under state and federal laws and establishes that in the event of a conflict, the law providing the greatest protection for consumer privacy will prevail. The act is set to take effect upon passage.