Use your DNA while
protecting your privacy
We’re big fans of direct-to-consumer genetic testing. But we’re also concerned about the novel privacy risks created by these services and how they are currently offered. Like a squirrel safely storing its food, our goal is to help you safeguard your genetic information while still benefiting from it. In a nutshell, we advocate for ANONYMOUS direct-to-consumer genetic testing ONLY. This means getting your genetic test results without giving up other personal information about who you are.
Already convinced and ready to protect your genetic privacy?
What is genetic privacy and why should you care?
Genetic privacy refers to treating your genetic information (the information stored within your DNA) as private and confidential. There’s good reason to do so. Your DNA contains uniquely sensitive information about you and your family. This includes insights and predictions about your physical characteristics (how you look), your behavior, your physical and mental health, your risk of disease, and your family tree. It also includes information about you that is yet to be discovered.
Although we don’t understand the full breadth of information that can be extracted from your DNA, nor how it might be exploited by others, we are beginning to get a better understanding. For more information on the genetic privacy risks introduced by direct-to-consumer genetic testing please see: ‘Understand the risks of sharing your DNA with 23andMe or Ancestry‘.
What makes genetic privacy so difficult to protect?
Protecting your genetic privacy is a lot like protecting your other personal information online: you should limit what you share, use good password practices, and choose trustworthy companies to share your information with.
But it doesn’t stop there. Your genetic information also introduces novel privacy risks and challenges that require special consideration. To illustrate this, let’s compare your genetic information to your online banking password.
Unlike your banking password:
- A breach of your genetic privacy is irreversible. You cannot change your DNA.
- A breach of your genetic privacy could have unforeseen consequences now and in the future. The risks are largely unknown but could include use of your information to further the interests of law enforcement, insurance providers, employers, known and unknown family members, and criminals. Thankfully, a patchwork of new genetic privacy laws are being enacted to help protect consumers, particularly laws against genetic discrimination in the hands of employers and health insurance providers. You can learn more about these laws in the United States here. Unfortunately, these laws are new, narrow in scope, and are facing legal hurdles and challenges.
- Since you share DNA with your relatives, a breach of your genetic privacy is also a breach of theirs.
- Your genetic information itself contains personally identifying information. The surge in interest by law-enforcement to use consumer genetic databases to solve cold (and warm) cases is a testament to this. While your DNA obviously does not contain your name and address, it can frequently be used to find your relatives, predict your surname, determine your gender, and estimate your physical characteristics and age. It’s not yet fully clear how much personally identifying information your DNA might contain, nor how it might be used along with other publicly available information to find you. What is clear is that by sharing your genetic information you offer up significant hints about your identity, and this increases the need to more closely safeguard all other pieces of personal information about you if you wish to remain anonymous. Like clues left at a crime, each piece of additional information significantly reduces the ‘search space’ and increases the likelihood that a person (or more likely a search algorithm) could irreversibly link your genetic information to your personal identity.
- Your genetic information has little value to others until it is connected with your identity. This makes it possible to relatively safely share your DNA – if you do so anonymously.
The rapid rise of direct-to-consumer genetic testing services has left policy makers and scientists scrambling to understand the unique privacy risks and challenges inherent in sharing and storing genetic information. Learn more about the risks of direct-to-consumer testing and why we feel current consumer protection is inadequate.
Genetic privacy 'rule of thumb'
Follow this simple ‘rule of thumb’ to help protect your genetic privacy:
Always keep your genetic information separate from your personal information.
- Don’t share your genetic information with any person/entity that has your personal information.
- Don’t share your personal information with any person/entity that has your genetic information.
This rule of thumb applies to large datasets of genetic information only, such as the datasets captured by 23andMe and Ancestry. Direct-to-consumer genetic testing services such as these capture roughly 700,000 bits of genetic information about you. This information can be used to learn a lot about who you are, including things that have yet to be discovered. In contrast, sharing a single genetic test result such as your BRCA1/2 result (which can tell you about your risk of developing certain types of breast cancer) only confers the most obvious risk: that the person you share it with will know that you (and your family members) may or may not have an enhanced risk of developing breast cancer.
Can I protect my genetic privacy and still participate in 23andMe or Ancestry?
Clearly the best way to protect your genetic privacy is to not have your DNA tested in the first place. But this is probably impractical advice for many if not most people, and as the applications and benefits of consumer genetic testing continues to grow, you (and your family members) will likely feel the temptation.
At DNASquirrel we are very excited about what direct-to-consumer genetic testing can offer, especially its potential to empower individuals to make more informed health decisions. But since we are also nutty about genetic privacy, we advocate for ANONYMOUS genetic testing ONLY.
Simply put, this means submitting your DNA to reputable direct-to-consumer testing companies with as little additional personally identifying information as possible (and ideally using an alias). If your genetic information is not connected to your personal identity, it cannot easily be used against your interests.
Ready to protect your genetic privacy?
Can I protect my genetic privacy and still participate in 23andMe or Ancestry?
Technically no, but practically speaking, yes.
Your genetic information itself contains information about you that could be used to help determine your identity. For example, companies such as 23andMe and Ancestry will use your genetic information to identify any of your family members in their databases (which is likely), your gender, and at least some of your physical characteristics. If you live in the United States, it is possible that this information could be used to help narrow down your identity to as little as a few hundred Americans (you can find a rationale for this rough estimation along with its limitations here). This would certainly be revealing information, but hardly actionable.
While it might be feasible for a sufficiently motivated law enforcement agency to take the necessary next steps to find you, it is exceedingly unlikely that anyone else would have the interest or resources to do so. By submitting your genetic information under an alias your identity is even less likely to be revealed since the interested party would first have to become aware that your information is fake, and second, would need to decide to put in the effort to try to find someone who clearly does not wish to be found.
What if I have already signed up for 23andMe or Ancestry? Can I reduce my genetic privacy risk?
You can still take steps to protect your genetic privacy. For example, you could opt out of sharing your DNA for research (although you can’t remove your consent from already completed research), remove any optional information you provided during your account set up, and ask that your DNA sample not be stored.
You could also consider closing your account. Closing your account will result in the deletion of the most revealing pieces of your personal identity (such as your name and address), but sadly some of your information has become property of the corporation indefinitely. This includes information that could be used to help find you, such as your genetic profile, your email address, your gender, your family tree, and your date of birth.
Please keep in mind that closing your account will also mean that you will not benefit from any new analysis that the company might offer in the future to their existing customers. If you do decide to close your account, make sure to download any reports that were generated as well as your raw data, because you will lose access to this. You may wish to use your raw data in the future for further analysis.