An International Platform for perspectives that transcend the traditional Divides between the Humanities and stem    

The Privacy Concerns of Genetic Testing

Cayla Solomon
PHILOSOPHY+

Direct-to-consumer genetic testing has skyrocketed over the past decade. Lured by the possibility of discovering one’s long-lost relatives, ethnicity, or potential health risks, millions of people have sent their DNA samples to commercial testing laboratories. With a simple swab of saliva and a trip to the post office, DNA kits are convenient, affordable, and have become popular stocking stuffers and topics of conversation. Some of the most popular companies include 23andMe and Ancestry Corporate. In fact, within a decade, these companies are expected to reach over 10 billion dollars in revenue. Despite the apparent benefits of this new revolution in health care, many consumers are unaware that once they share their genetic information, they have little control as to who may gain access to it.

People are under the dubious assumption that the sensitive information they provide to these companies is kept private and secure in a database where it is safe from hackers or misuse. However, the information collected from the applications to receive the testing kits, or follow-up surveys, whether it's one’s IP address, name, address, email, or family history, is not confidential. There are very few laws that regulate what companies must adhere to in terms of keeping data private and secure. Many companies write their own privacy agreements that consumers sign off on when they purchase a test.

There are privacy laws that apply to genetic testing administered by a doctor or healthcare provider such as the Federal Health Insurance Portability and Accountability Act (HIPAA); however, this does not apply to direct-to-consumer genetic testing companies. Essentially, this allows these companies, including 23andMe and Ancestry Corporate, the freedom to control what happens to one's private information. According to a study by Vanderbilt University on genetic testing companies’ privacy policies, “78 percent said they provided genetic information to third parties in de-identified or aggregate forms without additional consumer consent” [1]. Third parties are private companies such as Alnylam Pharmaceuticals, Biogen, Pfizer, and Genentech, that both Ancestry and 23andMe have a history of sharing anonymized consumer data. Consumers are often misguided by the false advertising suggesting that their DNA is on a direct, protected route with the ability to control who gains access to it. Rather, the reality is that a donor’s DNA is shared and used to make a profit for large companies, without any compensation or notification to the donor.

DNA testing companies claim that a donor has the right to consent to allowing their de-identified genetic information to be a part of research studies aimed at making scientific discoveries within the fine-print of their waiver of consumer rights. Unfortunately, these waivers are often vague and constantly changing, leaving room for misleading information and unclear terms. In 2019, a woman named Lori Collett sued Ancestry Corporate for allegedly “misleading and deceiving patients...across the country about what Ancestry was actually doing with their DNA” after claiming that outside parties gained access to her private information without her consent [3]. It is true, yet unfortunate, that despite the stated terms and conditions, information online is never truly confidential, and the individual has no say regarding who may gain access to it.

Unlike a stolen credit card number or a bank account password that can be reshuffled and reassigned, DNA is a permanent code for an individual’s identity. If it gets into the wrong hands, people are able to de-anonymize the DNA with relative ease. More specifically, there are new lab techniques that can locate genetic markers for characteristics such as hair or eye color. These physical traits can then be compared to publicly available demographic data to identify the donor [2].

Another obscure fact is that genetic and personal information can be collected by law enforcement for police investigations. According to the 23andMe website, “23andMe may be required by law to comply with a valid court order, subpoena, or search warrant for genetic or personal information” [4]. One such instance was the Golden State Killer, Joseph DeAngelo. He was identified by comparing his DNA to genealogy sites. Although DeAngelo’s information was not in any database, he had distant relatives who had shared their information with direct-to-consumer genetic testing companies. This allowed police to narrow down the suspects significantly, which resulted in the arrest of the long-sought-after suspect. As a result, DNA testing sites are a double-edged sword. In one respect, it allowed the police to catch a criminal. On the other hand, there are ethical and privacy concerns. When someone wants to get their DNA tested, should their entire family have to sign a consent waiver?

Direct-to-consumer DNA testing kits have significant benefits. There are a wide range of stories of people who have found a sibling or relative whom they never knew existed, or discovered they had a disease and were able to get treated promptly. While the possibilities of this technology are endless, the lack of regulation and laws regarding privacy and security are worrisome. According to Michael Edge, the author of a recent study on the reidentification of genetic data, “The science of genetics is constantly evolving...The ground is moving in terms of what [certain] genetic information tells you about a person” [1]. This being said, do you believe the rewards outweigh the risks?

[1] The Washington Post. "The Privacy Risks of At-Home DNA Tests." September 14, 2020. Accessed February 20, 2021. https://www.washingtonpost.com/health/dna-tests-privacy-risks/2020/09/11/6a783a34-d73b-11ea-9c3b-dfc394c03988_story.html.

[2] Pitts, Peter. "The Privacy Delusions of Genetic Testing." Forbes, February 15, 2017. Accessed February 20, 2021. https://www.forbes.com/sites/realspin/2017/02/15/the-privacy-delusions-of-genetic-testing/?sh=506ba0ee1bba.

[3] Merken, Sara. "Ancestry.com Sued for 'Misleading' Customers about DNA Data." Bloomberg Law. Last modified April 25, 2019. Accessed February 20, 2021. https://news.bloomberglaw.com/privacy-and-data-security/ancestry-com-sued-for-misleading-dna-data-handling-claims.

[4] "Privacy Highlights." 23andMe. Last modified October 30, 2020. Accessed February 20, 2021. https://www.23andme.com/about/privacy/.

[5] Baig, Edward C. "DNA Testing Can Share All Your Family Secrets. Are You Ready for That?" USA Today, July 4, 2019. Accessed February 20, 2021. https://www.usatoday.com/story/tech/2019/07/04/is-23-andme-ancestry-dna-testing-worth-it/1561984001/.

[6] Ducharme, Jamie. "A Major Drug Company Now Has Access to 23andMe's Genetic Data. Should You Be Concerned?" Time, July 26, 2018. Accessed February 20, 2021. https://time.com/5349896/23andme-glaxo-smith-kline/.

[7] Selk, Avi. "The Ingenious and 'Dystopian' DNA Technique Police Used to Hunt the 'Golden State Killer' Suspect." The Washington Post, April 28, 2018. Accessed February 20, 2021. https://www.washingtonpost.com/news/true-crime/wp/2018/04/27/golden-state-killer-dna-website-gedmatch-was-used-to-identify-joseph-deangelo-as-suspect-police-say/.

[8] Regalado, Antonio. "More than 26 Million People Have Taken an At-Home Ancestry Test." MIT Technology Review, February 11, 2019. Accessed February 20, 2021. https://www.technologyreview.com/2019/02/11/103446/more-than-26-million-people-have-taken-an-at-home-ancestry-test/.

Cayla Solomon
PHILOSOPHY+
Cayla Solomon

Cayla Solomon is a 16-year-old high school student living in San Diego, California. In her free time, she enjoys playing tennis, cooking, baking, and researching genetics. She is currently working on a genetics blog targeted to teens with the help of a genetics professor.

Humanizing Mathematics: Modeling for Climate Justice

A Third Pandemic: Mental Health