Can you have both?
Thanks to several companies, DNA testing has become a popular way to learn more about your family history and your health. While this seems neat and helpful, it’s not without risk. Some cold cases have also been solved using DNA from relatives of killers. Do you know if your privacy is being protected? Are there other are risks involved in submitting your DNA to these companies?
The use of DNA testing in medical and scientific settings has been going on for decades. The latest trend of direct-to-consumer testing kits is still relatively new. The three biggest companies, you’ve probably heard of them, are 23andMe, Ancestry.com and MyHeritage. In addition, participation in public databases, such as Promethease and GEDmatch, has skyrocketed too. Their goal is to provide you with evidence about your genealogy and, in some cases, statistics about what diseases you’re most susceptible to. Many people desire to learn this information. As of last fall, over 19 million people had taken a test from Ancestry or 23andMe. DNA sequencing had gotten better and cheaper, which is why the size of these genealogical databases has grown rapidly. One study found that the DNA of 90% of Americans of European descent will soon be identifiable using genetic genealogy. In order to use these services, you’re required to send them a piece of your DNA via swabbing your cheek or giving a saliva sample. Many people don’t realize just how sensitive this material is, but it’s the most intimate data we can provide about ourselves. Often, it’s being used for ends that the participating individuals aren’t even aware of and can’t always control. While some companies are transparent about the sharing of data, others are less so. One survey done in 2016 showed that only a third of the 90 companies that were offering genetic testing services described how the data would be used.
What most people aren’t aware of is that the DNA testing companies sell your DNA and other data to third parties. These third parties are often pharmaceutical companies who want to use the information for research purposes. The material allows researchers to identify links between certain genes and a disease, so they then try to develop drugs that interfere with the action of disease-causing genes. Some of the DNA testing companies require you to fill out a separate agreement giving permission to use your DNA data for this purpose. Over 80% of 23andMe customers have agreed to let the company share their DNA with research partners. However, as part of this agreement, you waive all claims to a share of any profits that come from the research. When you take into account that those profits could be substantial, it should make you question whether or not this is fair. In addition, when you agree to allow the companies to sell your information, it’s supposed to be stripped of any identifying labels like your name or address. Sometimes, companies use what’s called de-identified aggregate data, which is summaries that don’t specifically distinguish individuals. However, genealogy research experts are able to re-identified individuals from that data, which is very concerning. Since 2009, researchers have proven that by comparing large sets of supposedly anonymous DNA data with public datasets from censuses or voter lists, they could correctly identify between 40% and 60% of all genetic testing participants. This is worrisome since pharmaceutical companies aren’t the only ones who want access to this genetic health information. Others, such as insurance companies, individuals involved in paternity/inheritance disputes and law enforcement agencies, want it too. Some experts surmise that in the future, this important data could be used for identifying terrorist suspects, tracking military personnel and limiting treatment in overstretched healthcare systems. Some of the companies also have a family finder feature that lets potential relatives contact you if your DNA matches. Another permission you might be asked to give is to allow the DNA testing company to store your sample, which would allow them to go back and test it again if more advanced techniques are developed in the future. The issue is that with all of these databases there is uncertainty about who has access to them and for what purposes. Just how well is your privacy protected?
In 2017, a research team looked at DNA testing companies’ privacy policies and discovered most of them were lacking. They found that 40% of them don’t have a written policy that specifically mentions genetic data. The team pointed out that there are fewer protections regarding genetic material with consumer DNA testing kits than there would be if you were taking a medical test. This is because when a doctor takes a DNA sample, that sample is protected by the Health Insurance Portability and Accountability Act (HIPAA), which means there are limits on how it can be shared. Obviously, a health tech company is not a doctor, so they don’t have to follow the same rules. The only regulatory body that oversees DNA testing companies would be the Federal Trade Commission (FTC). They don’t have a specific policy regarding genetic data but have the ability to regulate unfair and deceptive business practices in all industries. Back in 2018, a Fast Company report showed that 23andMe and Ancestry were being investigated by the FTC over their policies of handling personal info/genetic data and how they share that info with third parties. There are some additional regulations, like the Genetic Information Nondiscrimination Act (GINA), but it’s severely deficient in its ability to protect individuals. The Act only covers companies with more than 15 employees; doesn’t apply to federal workers, soldiers and officers; and individuals who receive their insurance through the Federal Employees Health Benefits, the Veterans Health Administration, the U.S. Military (TRICARE) and the Indian Health Service. Also, it doesn’t prevent you from being discriminated against because of your genetic test results when you apply for life, disability or long-term insurance.
One of the worst things about DNA testing and your privacy is that you don’t need to perform any tests yourself to compromise your data. If your siblings or distant relatives decide to test their genome, it’s almost as good as if you did it, too. For a sibling, around 50% of your DNA matches. A skilled genetic genealogist can compare an anonymous DNA sample with identified ones, which allows them to focus in on a person’s relatives, and then, identify the person themselves. One study hypothesizes that if there was a genetic database of 1.3 million US residents, roughly 60% of all white Americans could be traced to a third cousin, who is someone who shares a set of your 16 great-great-grandparents. We all have at least 800 of these individuals out there somewhere and there’s a good chance that some were excited enough about genealogy to join one of the many sites. In regards to this finding, an additional item that you should be concerned about is that law enforcement knows these companies have this DNA material and they’re asking for it. Others who may request this information are the federal government, including the State Department or US Military. Both 23andMe and Ancestry provide a transparency report on all requests made by law enforcement and government. While none of the leading genetic testing companies allow users to upload raw DNA samples, you can download your genetic data from your account and share it with GEDmatch or another open personal genomics and genealogy database. This is how law enforcement was able to track down a suspect in the Golden State killer case. The person arrested was 72-year-old Joseph James DeAngelo, a former police officer. He is believed to have killed at least 12 people, raped over 45 and burglarized hundreds of homes throughout California in the 1970s and 1980s. To crack the case, law enforcement agents uploaded their suspect’s DNA to GEDmatch using a sample from a crime scene. Using a team of experts, they were able to examine and compare several sets of data until they found their suspect. Even though DeAngelo had never participated in any genetic testing, 24 of his relatives had and this is how they were able to identify him. The announcement of how he was arrested led to a revolution in forensics that has helped to solve more than 50 rapes and homicides in 29 states. Many experts feel the technique could be used to solve a vast number of cold cases across the country, including at least 100,000 unsolved major violent crimes and 40,000 unidentified bodies. A forensic consulting firm, Parabon, has used the technique to garner 49 genetic identifications that have reopened a variety of cold cases, like the 1987 murder of a young Canadian couple, six rapes in North Carolina and the slaying of a Stanford University graduate that happened 46 years ago. So far, it has resulted in at least 17 arrests, some of whom were never considered a suspect. The National Center for Missing and Exploited Children said it’s revisiting almost 700 cases involving unidentified children’s remains. They’ve already been able to identify about 15.
Genetic data is like all data in that once it’s out there, it’s very hard to control, which is why it’s essential to be aware of vulnerabilities when it comes to protecting that information. Yes, the data you share with genetic testing companies is supposed to be private, but upholding that privacy is getting harder. These companies should have the highest level of security and they don’t. According to privacy experts and bioethicists, the best way to protect your data is to not hand it over in the first place. However, if you do want to participate, stick with the larger companies because they’ve got acceptable privacy policies and are more likely to have a vested interest in keeping your genetic data private.