At-home DNA testing kits are a petri dish of privacy problems

What’s this all about?

The popularity of genetic testing kits has soared in the last two years. According to Massachusetts Institute of Technology Review, more than 12 million people bought DTC (direct-to-consumer) genetic genealogy tests to have their DNA analyzed in 2017. People are taking the test to determine both ancestry origins and medical information that includes which diseases or medical complications they’re at risk of developing because of genetics. But once you swab your cheek or provide a saliva sample, do you know how the personal data you hand over is being used?

The concern

Companies like 23&Me and Ancestry are collecting this information and, in some cases, allowing law enforcement, drug makers and app developers to access the data. Few consumers consider this risk or understand the implications.

In some cases, the DNA testing companies are actively pitching themselves to law enforcement, sometimes without even informing their customers.

With laws constantly changing and few legal protections currently in place, the DNA data collected by testing companies can end up in the hands of third-parties without your explicit consent or knowledge. Most consumers using these services have little understanding of who has and wants access to this private information.

Who wants your DNA data?

Law enforcement and 23andMe say they don’t work with law enforcement unless they receive a court order. But companies aren’t required to hand this information over if they receive an order, and not all of the DNA testing companies have this policy.

FamilyTreeDNA was criticized for voluntarily giving the FBI routine access to its database of more than 1 million users’ data, allowing agents to test DNA samples from crime scenes against customers’ genetic information to look for family matches.

Drug makers

Several (direct-to-consumer) testing companies have signed data-sharing contracts with pharmaceutical firms. 23andMe has a $300 million deal with GlaxoSmithKline, and the biggest buyer of Ancestry’s data is Calico Life Sciences, a biotech company backed by Google. These same parties are the ones who have been lax with your personal data in the past given how Big Tech has contributed to many privacy issues.

Users do have to sign consent forms before companies can sell their DNA to third-parties, but the user agreements are so confusing that most people don’t understand what they’re approving.

App makers

23andMe had a program that allowed authorized developers external apps’ access to its anonymized genomic data through its application programming interface. The idea at the time was to “allow authorized developers to build a broad range of new applications and tools for the 23andMe community.” That program has since closed but many companies work with a firm called Helix that acts like an “app store” platform that gives third-party software developers access to parts of customers’ DNA data for apps and personalized services that consumers opt into separately. Helix has partnerships with around 25 companies.

Potential risks of using DNA testing services

Criminal access

Commercial DNA databases are vulnerable to hacks. Earlier this year, MyHeritage reported that hackers stole email addresses from 92 million users. The company claims genetic information wasn’t compromised. But as consumer genetic testing becomes more popular, criminals will continue to try to gain access to testing companies’ servers.

Financial and career penalties

Your genetic data can be used against you, and it can be costly. Insurance providers are within their legal rights to access genetic testing data and charge people more for coverage, or deny coverage completely, based on their findings. Federal genetic privacy laws do not apply to long-term care, life, or disability insurers. Ellen Wright Clayton, a lawyer and Vanderbilt professor, told that existing law “actually provides very little protection” against this sort of discrimination.

“We are still learning about what the genome will be able to tell us and the legal structures are not in place to circumscribe that information,” , professor at New York University School of Law, in an interview with Marketwatch. “If we are able to use genomes to predict behavioral traits, that could affect your ability to get a job or your ability to get insurance.”

What to do about it

Before handing over your DNA sample, consider: do you really need to?  For some with certain family histories of disease in their genetics, the testing could turn up valuable medical information. But a conversation with your doctor can help you determine if it is worthwhile, or if it is something you can simply have done privately, through your own local medical practice.

If you’re only considering DNA testing for bragging rights about family ancestry or for curiosity’s sake, then this is NOT a compelling reason to hand over your genetic material to a testing corporation. Your private DNA information is definitely not worth compromising if it is merely to decide which country’s flag to fly on your boat, or which language to study.

Our recommendation

Unless there is a valid medical reason to pursue DNA testing, skip it.

More on this topic 

More on the police access question of DNA

How China uses DNA to track its citizens

Show More
Back to top button