See the forest
for the trees
Understand the risks of genetic testing
Understand the risks of sharing your DNA with 23andMe or Ancestry
Consumer genetic tests by 23andMe and Ancestry (also known as ‘AncestryDNA’) offer unprecedented access to the biological secrets and family stories that only your personal genetic blueprint can reveal – and at an almost unbelievably low price. With millions of happy customers already, these providers are pressing to make their services even more interesting and useful by adding additional genetic insights to their menus. In the coming years consumer genetic tests like these will not only become routine, they will also routinely be used to help individuals navigate their own health and medical decisions.
But for now, most consumers view these tests as either a fun gift idea or an interesting and entertaining way to learn a bit about their personal biology or family history. Most appear unaware that their DNA could be used to reveal considerably more about them and their family than just what these companies report, including information that many would agree poses significant – and novel – privacy risks. As we’ll see below, neither companies nor policy makers appear well-equipped to safeguard your genetic privacy.
Your DNA could reveal more than you (or anybody else) realizes
Consumer genetic testing companies are pretty good at informing their customers that their services might unintentionally reveal information that they might not want to know, such as an increased risk of a certain degenerative disease, or an unexpected family relation. But there are also many other things that your DNA might reveal about you, information that providers don’t generally discuss and don’t include in their reports.
A growing body of research suggests that your DNA can offer a rich tapestry of information about who you are. This includes at least some insight into: your risk of suffering from a very broad range of health issues and diseases; your physical characteristics (such as race; age; weight; height; eye, hair and skin color); your personality (such as your tendency to participate in risky behavior such as speeding or suffer from depression); your sexual orientation; your predicted longevity (lifespan); and perhaps even your IQ or spirituality. Your DNA can also tell you who is (and isn’t) related to you, and since you share DNA with your relatives, learning about your DNA can reveal personal information about theirs as well.
It’s easy to imagine some of the many ways your genetic information could be used by insurance providers, employers, family members, law enforcement agencies, and criminals to further their interests, but predicting the full breadth of these risks is difficult.
There also exists a growing patchwork of laws to help prevent some types of insurance and employment discrimination based on genetic information. In the USA, the bedrock of this is the narrowly focused Genetic Information Nondiscrimination Act (GINA) which applies to health insurers and employers (with over 15 employees), but doesn’t apply to other types of insurance (life, disability, long-term care) or other situations (education, lending, housing, etc.). Nor is it clear how these laws will evolve as genetic testing becomes mainstream; a recent Republican-backed bill in the House seeks to exclude workplace wellness programs from GINA rules. And in other jurisdictions, genetic discrimination laws either don’t exist, or as is the case in Canada, remain on uncertain legal footing.
We are beginning to see some early examples of the unexpected ways personal genetic information could be used against the owner’s interests. In 2012 a school board in Palo Alto California pulled a child out of school after being notified that the child had received a positive test result for genetic markers of cystic fibrosis. Cystic fibrosis predisposes children to dangerous lung infections, so steps should be taken to help prevent the spread of infection between children with the condition. Since two children at the school already had cystic fibrosis, the third child was told that they were no longer allowed to attend. In addition to being a misguided attempt at ensuring child safety, a genetic discrimination lawsuit filed by the parents claimed that their child only had genetic markers of cystic fibrosis and did not actually have the disease.
Consumer genetic testing is also being used to help uncover the identities of ‘anonymous’ sperm donors against their original stated wishes – for better or worse. This grass-roots invasion of genetic privacy even has a popular and public face, the DNADetectives Facebook group.
I’ve got nothing to hide
Don’t you? We don’t yet fully understand what’s at stake when it comes to genetic privacy, and until significant privacy breaches occur it remains difficult to estimate the scope, scale and impact of the predicted risks. As a result, it can be tempting to be apathetic and reassure ourselves that we’ve ‘got nothing to hide anyway’. After all, you and your family may never experience any downside from your decision to freely share your genetic information – but we can confidently say that that some people will.
We also know that once your genetic privacy is lost, you and your family will not be able to recover it or limit your exposure to current and future risks. This includes the risk that a future test might reveal something in your DNA that you are currently unaware of. Safeguarding your genetic privacy is therefore a lot like insuring your home, it could protect you and your family against an uncertain but potentially significant loss.
We believe that consumers should be better educated about their DNA and genetic privacy so that they can make more informed decisions about how and with whom they share it. This also requires understanding a bit more about the businesses of 23andMe, Ancestry, and the other companies asking for your DNA.
Your personal genetic blueprint is the real (corporate) prize
Not surprisingly, the business models of many consumer genetic test providers are focused not only on the continued sale of heavily discounted $99 tests, but on the large-scale commercialization of their growing databases of customer genomes. The most obvious way these companies wish to capitalize on this asset is through the development and commercialization of new medical tests. But other applications will invariably arise, including novel uses not yet imagined. For example, a collaboration between Ancestry and the Google subsidiary Calico Life Sciences to explore life extending therapeutics. Or a research project with 23andMe to identify genetic variants associated with risky behavior including speeding, drinking, smoking, consuming cannabis, high-risk financial investment decisions and having multiple sexual partners.
We love that these companies are trying to use their incredible customer databases to help drive genetic discovery, especially the discovery of novel diagnostic tests that could help propel personalized and preventative medicine. The commercialization of customer genetic databases is not inherently wrong, nor does it necessarily create a conflict of interest with their customers. After all, if they wish to continue growing these corporate assets they will need to keep their existing customers happy and encourage more to sign-up.
However, serving two masters in this way can create a conflict of interest, and in this case the conflict arises not from the fact that these companies are trying to commercialize their customer genetic databases, but in how they are going about creating these databases – in a way that maximizes the value of these assets at the expense of their customers’ privacy and safety.
You take the risk, they take the benefit
Simply put, consumer genetic test providers ask for and store too much information about their customers, and this exposes their customers to considerable unknown risk.
23andMe, Ancestry and other providers require detailed personal information in order to sign up, are persistent in encouraging users to fill out ‘optional’ surveys, and permanently store your genetic profile along with personally identifying information (not to mention also your DNA sample if you don’t elect to opt-out). Even if you close your account they will retain your genetic profile and some personal information (which includes at least your gender, birthdate, and email address) that could foreseeably be used along with information extracted from your genetic profile to re-identify you. Here’s an example of how the “re-identification” of an individual’s identity based on their genetic profile and basic demographic information could be accomplished.
These companies ask you to trust that they will – and are able to – guard your personal identity and genetic information indefinitely. And as outlined clearly in their terms of service, if they fail to do so then you risk irreversibly losing your genetic privacy and will have no recourse, financial or otherwise.
From 23andMe’s Privacy Statement:
“In the event of a data breach it is possible that your data could be associated with your identity, which could be used against your interests.”
Unlike your banking information, your genetic blueprint can never be changed, and your genetic privacy never recovered short of changing your identity. In other words, you take the risk and they take the benefit.
How big is the privacy risk?
23andMe, Ancestry and other consumer genetic tests pose a significant risk to your genetic privacy. This is a direct result of two unique characteristics of these businesses:
They are a single source of comprehensive information about you, including information that you and they don’t realize they have access to.
23andMe, Ancestry and their competitors collect as much information as possible about their customers. This helps them maximize the current and future value of their databases, and in turn, the value of their corporations. The information they collect not only includes your full identity, your genetic profile, and your physical DNA sample, but all sorts of additional information about you collected through their ‘optional’ surveys. They then use this information along with their enormous databases to identify your relatives and fit you into a family tree.
Other than perhaps your family doctor’s electronic medical record, these databases likely represent the most comprehensive collection of personal and private information about you anywhere. But unlike your family doctor’s electronic medical record, these databases also include your raw genetic profile (and physical DNA sample), and as we saw above, your genetic profile can be used to learn a lot more about you than you may be currently aware, including information that will only be unlocked by future advances in genetic analysis.
They have invented a new business model that operates at the cutting edge of genetic research, at a time when genetic privacy is poorly understood and inadequately regulated.
There are other important differences between your family doctor’s medical record database and the private databases of 23andMe, Ancestry, and the like. Unlike your family doctor, these are private corporations that are accountable to shareholders; they are not required to follow the more stringent health privacy regulations of the Health Insurance Portability and Accountability Act (HIPAA) (which applies to health providers and insurance providers in the USA and by extension many other jurisdictions); they manage truly enormous online databases and are focused on finding new ways to profit from these databases; and short of an unlawful act, corporate directors are not personally liable for any harm caused to you.
One can assume that these companies have the best intentions to operate with impeccable integrity and to employ state-of-the-art data security practices. But even if they do and are successful, this may still not be enough to protect your genetic privacy. There remains a large and poorly understood risk buried beneath company assurances and privacy policies: protecting consumer genetic privacy is truly uncharted territory – they simply don’t know what they don’t know.
Current consumer privacy best-practices are inadequate when it comes to protecting genetic privacy
Despite a seemingly relentless stream of news headlines to the contrary, steady strides are being made to encourage and enforce better business practices when it comes to safeguarding online consumer privacy. But genetic privacy is an entirely different animal.
Here’s why genetic privacy is currently inadequately protected:
The more sensitive the information, the more stringent the security measures required to protect it. For example, patient medical information and consumer credit card information are two more closely monitored and secured types of information. Since the consequences of losing genetic privacy are poorly understood, best-practices for securing genetic privacy have not yet been established. This leaves private corporations the legal and moral latitude to utilize existing (and outdated) consumer privacy practices to secure their customers’ genetic information.
Your genetic profile contains an unknown amount of personally identifying information (including your gender, approximate age, physical characteristics and family relatives) that could be used to help uncover your identity. This is a paradigm shift when it comes to information security. The more, and the more varied the information is, the easier it is to find them. Since genetic information itself already contains a lot of personally identifying information, the security of all other bits of customer information that is stored alongside it should be increased – because a seemingly harmless amount of additional information might be all that is needed to figure out who you are. While we don’t yet fully understand the many ways your genetic profile might be used to discover your identity, we’re starting to catch a glimpse of how this might be accomplished. A recent high-profile scientific publication demonstrated that with the help of public databases and knowledge of the target’s approximate age (which might be gleaned from your genetic profile), gender (which can be gleaned from your genetic profile), and approximate location (within 100-mile radius) it’s likely currently possible to narrow down the identity of an American of European descent to 1 or 2 people. As databases continue to grow at a torrid pace, this will one day apply to people of all genetic backgrounds. You can learn more about this study here.
23andMe, Ancestry, and the like are not required to follow the Health Insurance Portability and Accountability Act (HIPAA) which establishes rules for protecting patient identifiable health information. But even if they were, HIPAA rules don’t yet consider demographic information such as age or state of residence to be “identifiable” information – an outdated view in the age of genetic privacy. While there are a growing collection of laws to prevent genetic discrimination by employers and health insurance, laws to prevent corporations or other entities from using your genetic information to uncover your identity are lacking. It appears that genetic information is not yet widely considered to represent a privacy threat, seemingly even by members of the scientific community. Two public examples illustrate this: the 1000 Genomes Project recently had to remove information from their public database after it was determined in a 2013 study that they had inadvertently exposed enough personal information about their donors that their identities could be revealed; and in 2013 when the European Molecular Biology Laboratory (EMBL) released genetic information on a particularly famous experimental human cancer cell line they inadvertently exposed personal genetic information of the donor and their family. After initially denying that the genetic release constituted a privacy breach, EMBL corrected their position and removed the genetic information from public access.
Since genetic privacy best-practices are currently under-informed and likely inadequate, trusting your genetic privacy to commercial test providers may inadvertently expose you to significant privacy risks.
- If you consent to it, they will share your genetic information with third parties whose data security practices are not under their control.
- Genetic privacy best-practices are not yet established, nor genetic privacy risks widely appreciated. As a result, current data security practices may be insufficient to ensure the safe storage, data-access and sharing practices. For example, despite storing medically relevant information, these companies are not required to follow HIPAA medical privacy rules (nor does HIPAA adequately address genetic privacy). Genetic privacy laws also do not exist to prevent the re-identification of individuals based on their genetic information, and laws to prevent genetic discrimination are not yet comprehensive.
Companies make mistakes, and sometimes egregious ones. On July 9th 2019 it was revealed that direct-to-consumer genetic testing company Vitagene failed to live up to their own best intentions and best interests in spectacular fashion. Despite claiming on their website that they “believe that genetic information deserves the highest level of security“, they have been unwittingly exposing thousands of their customer’s records online including both personally identifying information and genetic information – and have been doing so for years.
- Consumer data breaches are frequent and significant and occur at companies of all type and size. This is despite enormous consumer awareness, advancements in industry best-practices and security technology, stronger consumer-protection legislation, and significant financial and brand consequences to the corporation that becomes hacked. Even so-called ‘unhackable’ blockchain technology is proving to be hackable, and this is before use of this technology has become widespread.
- The larger and more valuable the database, the more likely it is to be attacked either by hackers or by employees. 23andMe and Ancestry each store comprehensive and truly unique information on millions of existing customers, and they continue to grow these databases at break-neck speed.
- As per their terms of service, 23andMe and Ancestry will share your information with law enforcement agencies if lawfully requested to do so. This could aid law enforcement in targeting you or your family member. But both companies are transparent about these requests and report that it is still a relatively rare occurrence. This is likely to change in the future as interest in genealogical profiling by law enforcement continues its sharp ascent (check out this recent New York Times article).
- As per their terms of services, 23andMe and Ancestry will NOT share your information with insurance companies. In the US genetic discrimination is largely illegal as it applies to health insurance, but in most jurisdictions it can still be used to assess eligibility and determine premiums for other types of insurance including life, disability, and long-term care.
- As per their terms of service, 23andMe and Ancestry CAN change their terms of service at any time although they must inform their customers of any material change and give them an opportunity to close their account. However, your genetic profile along with a “small” amount of personally identifying information will permanently remain part of their corporate assets. The same rules would apply if either company were purchased or merged with another corporation.
Don’t throw the baby out with the bath water: choose anonymous genetic testing
At DNASquirrel we are big proponents of consumer genetic testing and believe that it will empower individuals to make truly personalized health and wellness decisions. 23andMe and Ancestry are trailblazers in this field, and their efforts should be commended. But regrettably, these fast-moving companies currently only offer their services in exchange for ownership of your genetic identity (your genetic information combined with your personal information). By doing so, these companies are unnecessarily exposing customers and their families to the risk of an irreversible loss of genetic privacy, and to the known and unknown harms that could result from this.
Your genetic identity is uniquely yours. It should not be the property of a corporation.
We advocate for ANONYMOUS consumer genetic testing ONLY. Genetic testing service providers will one day offer consumers the privacy protection and peace of mind that only anonymous genetic testing can offer. In other words, they will offer genetic testing without requiring customers to hand over personal information that could be used to link their genetic test results to their personal identity. Until this time comes, if you want anonymous 23andMe and Ancestry test results you will need to do a little bit of work.
Let the Squirrel show you how:
Want to learn more about genetic privacy is and how to protect yours?