What Are the Best and Worst DNA Databases in Terms of Privacy?

Posted on by

Your DNA says a lot about you, and it is likely that you or your relative are represented in one of the DNA databases currently used to track criminals. But mailing a bottle of saliva doesn’t automatically put you in a database that law enforcement has access to. Your privacy risk depends on which company you work with.

23andme and Ancestry are some of the least risky

So far, the police do not usually contact the DNA company and do not request genetic data with such and such a name. Rather, privacy concerns are most important for databases into which a person can upload DNA data and search for matches. This does not include the most popular companies, 23andme and Ancestry DNA.

Here’s what happens to your data at both companies:

  • The company keeps it
  • You can view results reports
  • You can download your raw data
  • You can view relatives that match your DNA if they also sent a sample to the same company.
  • If you also participate in a research program of any company, your “anonymized” genetic data (not tied to your name) may be transferred to companies and laboratories.

In theory, law enforcement agencies can request data from any company, but both publish transparency reports ( 23andme , Ancestry ), where they state that so far – as of the end of 2018 – they have not transferred anyone’s DNA.

Both companies also allow you to request the deletion of your data and / or the destruction of your sample. If you trust a company to follow its rules and not be hacked, these are safe places to send your data.

(The companies’ testing protocol is also a safety step in a sense: they both require DNA to be sent as two milliliters of saliva. If you’ve done one of these tests, you know it’s a lot of saliva. This step ensures that no one will not send a hidden smear of your discarded DNA.)

Genealogical databases that allow uploads are the ones that cause serious privacy concerns

Since the Golden State murder suspect was identified last year, law enforcement has been turning to public DNA databases to solve unsolved cases. Among the dozens that have been in the news, most use GEDmatch or sometimes FamilyTreeDNA.

Both are genealogical databases into which users can upload their own DNA data. You can sequence your skewer in Ancestry, for example, get raw data and then load it into GEDmatch. Usually people do this because they are trying to trace their family tree and identify people they don’t know, but who are associated with them.

Here’s what these databases do with your data:

  • You can send a saliva sample (FamilyTreeDNA) or download raw data (both companies)
  • The company stores your data
  • You can view reports of your data
  • You can load your raw data (not necessarily from GEDmatch, because you already had it initially)
  • You can find people whose DNA matches yours
  • Other people can upload their DNA and see if it matches yours.

This is the last part that deals with privacy. When law enforcement agencies were looking for the Golden State killer, GEDmatch administrators did not know . Anyone could upload a DNA file without special permission.

GEDmatch’s privacy policy now notes that law enforcement may be present on the site trying to solve crimes, and if you don’t like it, you should delete your data or not upload it in the first place. FamilyTreeDNA has gone a step further by actively working with the FBI to test forensic samples and correlate them with data held by the company. (If you are a FamilyTreeDNA user, you can opt out .)

This is a personal decision

I am hiding in several Facebook groups for people doing genetic genealogy. They share tearful stories of how they finally met their biological parents and other long-lost relatives. For these people, finding relatives is the whole thing. They want to find others, but if no one has shown up yet, they often leave their details publicly available and wait until they are found.

If you want to potentially help catch criminals or identify corpses idle, well, enjoy! But if you are intimidated by the fact that you are part of the watchdog state, you can avoid loading custom databases.

We are also learning more and more about people from their DNA. Currently, some companies “de-identify” data by separating it from the owner’s name and date of birth. But in many cases, this information is not difficult to recover. Your DNA also contains clues about your ethnicity and even traits such as the shape of your face. Someday we will be able to correctly guess the identity of the owner of the DNA.

And while more privacy-focused companies have done a good job of keeping data confidential, as DNA becomes more revealing, can it become more valuable? Can we expect high-profile DNA database hacks as we are used to for passwords and credit card details?

Ultimately, the choice to learn about your DNA is a personal matter. Until homemade DNA sequencers become commonplace (not soon), there is no way to access your own DNA data without first passing it on to someone else. Each of us must decide which privacy we can opt out of.

More…

0
Health

Leave a Reply