What You Need to Know Before Giving Someone a DNA Test
Companies cannot keep even simple data secure, such as our passwords and credit card numbers, so should we trust them with our most personal data: our DNA? When you send a tube of your saliva to your personal genomics company, you are doing exactly that, and it turns out that the data is not as confidential as you might think.
23andme admitted a few years ago that its real goal is not to make money selling DNA tests, but to collect huge amounts of personal data. Their privacy policy states that they will use your information without any additional consent, “as we reasonably believe it is permitted by laws and regulations, including for marketing and advertising purposes,” and that they will pass it on to law enforcement. if required.
By using the service, you also agree that you will allow them to use your most confidential information to send you surveys and to develop and improve their own products. They also say they will pass on your sensitive information without any additional consent if “the information has been anonymized or aggregated so that you cannot be reasonably identified as a person.” But this is your DNA . This is your personal information, which is unique to you, even if your name is not listed.
Ancestry.com’s policy is similar, granting itself permission to use your information to sell items to you, find your relatives, and conduct internal research. They also note that they will be happy to disclose your information to third parties for purposes including “as necessary or appropriate to protect the rights, property, security, privacy or reputation of Ancestry, its group companies or other users (including outside of your country). residence) ”, which sounds completely scary.
Helix’s privacy policy mentions that it will share your data with its partners. Affiliates are the ones who actually provide DNA-based wine subscriptions or weight loss coaching, or whatever else you actually subscribe to. Helix keeps your information on file and shares the appropriate results with each partner you have authorized. This is convenient because you only need to pay for sequencing once, but it also means you need to worry about what each company does with your data.
For example, Vinome will take your details and your $ 30 to recommend wines they think you should buy. Their privacy policy states: “By submitting DNA to Vinome, you grant Vinome a perpetual, free worldwide transferable license to use your anonymized DNA and to use, post, sublicense and distribute anonymous resultant analysis in the amount and in the form or context that we believe suitable, on any medium or medium, or using any technology or device currently known or developed or discovered in the future. “
DNAFit , which sells weight loss and strength training plans, says it “may disclose aggregated genetic information and information about itself to third parties. If we use your information, we will take steps to protect your privacy by making that information non-identifiable. To do this, we will delete any data that makes it easy to identify you, such as your name and email address. “
These companies also track other information about you, typically including your web browsing habits, your answers to questions about your health, and your mailing address. This plus the most secret contents of the nucleus of your cells does not seem “unidentifiable” to me.
Your DNA belongs to other people too
You share half of your DNA with each of your parents, and probably a quarter with each of your grandparents. Siblings also have, on average, half of your DNA, and everyone in your family tree has something to do with you. This means that if you buy your mom a DNA test to find wines she might like, information giant Helix will now have half of your genome.
It’s a privacy concern, but it also opens up a huge jar of family history worms. Many personal genomics services are positioning themselves as a way to find distant relatives. But you may also discover, as George Doe did, that your father had another son that no one knew about, and oh look, now your parents are getting divorced . Doe writes that finding relatives is “essentially a really advanced paternity test,” and that few people really think about it when they check the box that says they want to find relatives.
Now what?
Yesterday Senator Chuck Schumer urged the FTC to “take a serious look” at these companies’ privacy policies and offer consumers some way to get the privacy they think they already have.
Meanwhile, if you don’t want these companies to have unimpeded access to your most personal data, your best bet is not to click on these great Cyber Monday offers, which admittedly look pretty good right now. (The $ 199 23andme test is half the price if you buy two; Helix waives the $ 80 one-time sequencing fee; Ancestry cuts the $ 49 deal.)
If you do buy one, or have bought in the past, you can ask to delete your data. Both Ancestry and 23andme allow you to upload your own raw data, so you can keep it while you delete the copy that’s officially in the file. There are third party companies that will analyze this file for you, but then you should be concerned about their privacy policy.
Update 12/01/2017: A previous version of this post stated that 23andme would “happily” pass your information on to law enforcement “if asked.” We’ve updated the piece to say they’ll flip it over if necessary. A 23andme spokesperson writes: “We use all legal measures to resist any requests from law enforcement agencies to protect customer privacy. To date, we have successfully challenged these requests and have not provided any information to law enforcement agencies. “