By Sara Thompson and Kathryn Puczkowskyj
At-home DNA tests were all the rage when people realized that these self-administered kits could find out their ancestry, understand their allergies, or locate long-lost relatives. These tests enable individuals to make informed personal decisions by taking control of their genetic information. The DNA collected by testing companies can help law enforcement solve cold cases and research institutions develop new drugs. However, aggregating DNA data in this way can be dangerous for individuals. Today, governments with unclear motives are collecting DNA data to monitor minorities, life insurance companies are allowed to use DNA test results to discriminate against customers, and researchers are connecting anonymous DNA data to personal identifying information. While there are clear personal and society benefits to collecting DNA data, the personal privacy risks associated with connecting oneself and one’s family to highly sensitive DNA data far outweigh the benefits.
Genetic Health Data
Personal DNA testing products differentiate themselves by what insights their tests can provide clients. Most home kits give information related to ancestry and geographic origins. Some tests, however, include additional screening for health indicators to inform clients of possible health risks. For example, tests from company 23andMe test for 10 different disease risks to determine the likelihood of developing conditions like breast cancer or Parkinson’s disease, they test for genetic variants associated with certain genetic disorders like cystic fibrosis and hereditary hearing loss, and they test for wellness traits like the predisposition for addiction and likelihood of deep sleep (Barclay, 2018). Individuals looking to learn more about their likelihood of developing health conditions in their lifetime can get an inside look at their cellular blueprint. Additionally, people planning to be parents can learn how their genes might be passed on, and what sort of conditions their children might inherit. Some DNA test results, such as a 25% chance of a child inheriting a serious medical condition, could lead prospective parents to consider adoption instead of bearing biological children (Psymbolic, 2018).
These examples of health information supplied by home DNA tests offer conditions for informed decision-making, and the possibility of putting minds at ease. However, there are ways in which genetic health traits can be misused. In 2008, the Genetic Information Nondiscrimination Act (GINA) was passed, making it illegal for US health insurance providers to make decisions on eligibility or coverage based on the member’s genetic information (US National Library of Medicine). This federal law, however, does not apply to employers with fewer than 15 employees, or other types of insurance like disability or life insurance. If an employee of a small business takes an at-home DNA test and that test reveals that she is genetically predisposed to a medical condition, she could be denied health insurance coverage even if she had no actual medical history indicating risky diagnoses. Alternatively, the insurance company could offer coverage to the employee, but it might charge exorbitantly for the plan premiums.
Countries like China are using DNA to catalogue data about racial groups and inform governmental campaigns. Disguised as physicals and free medical checkups, the Chinese government has been collecting DNA samples, personal data, images of irises, fingerprints, voice recordings, and other personally identifying information (Wee, 2019). The apparent purpose of these massive data collection campaigns is to monitor a Muslim ethnic group called the Uighurs. China’s government seeks to control what it sees as radical Islam by controlling this group. Thousands of Uighurs have been detained and sent to work camps in an effort to regulate their behavior and “re-educate” them. Most of the tests and samples being taken are not seen as optional, and Uighurs have no control over how the information is used or how it is shared. The level of human rights violations in this situation is a frightening picture of how genetic data can be misused.
Genetic Forensic Data
In April of 2018, Californian law enforcement officials announced that after 42 years, they had finally identified the infamous Golden State Killer (Selk, 2018). Families and friends of the killer’s 12 murder victims and 45 rape victims could finally have some degree of closure. Officials claimed that they had identified the killer using crime scene DNA, but how could they be making such a breakthrough so long after the crimes had been committed? Where were they getting the new matching samples that were not available decades ago? The answer lay in GEDmatch, another genealogy website providing DNA ancestry services. A distant relative to the killer used the site to look up her ancestry information, but inadvertently clued the police into her kin’s genetic family.
The implications of forensic DNA for investigators, past and future victims of crime, and criminal activity as a whole are apparent: criminals will be putting themselves in much more risk, and many more crimes could potentially be solved. However, there are some serious questions raised by the way genetic data was used in this case. A Pew Research Center Survey conducted in 2019 revealed that only 48% of US adults think it is acceptable for these DNA testing organizations to share client genetic data with law enforcement agencies (Perrin, 2020). One-third of respondents find this practice unacceptable, and 19% were not sure what they thought about it. The idea raises concerns over individual loyalty to family, safety, justice, and the larger community. Some American courts have ruled that there is a right to privacy of family life, and that parent-child privilege should be recognized (Findlaw). If parents cannot be compelled to testify against their children and vice versa, it does not seem appropriate for investigators to use genetic data from either parent or child to charge the other with a crime. Following this line of logic makes for shaky ground on which to use familial DNA match as an evidentiary basis for murder charges, especially if none of the family members were aware that their genetic information was being used. In addition, a 2014 British study warned that some familial DNA searches had an 83% failure rate (Selk, 2018). Until there are more improvements in the science of familial DNA searches and the failure rate nears zero, individuals may not want to risk incriminating themselves or their family members for a botched attempt at connecting to distant relatives.
Third party Users of Genetic Data
In 2018, 23andMe announced a new partnership with GlaxoSmithKline, a large British pharmaceutical company. Partnerships like this one are not novel in the DNA testing industry; genetic data pipelines between DNA testing companies and research institutions have been in place since the inception of at-home DNA tests. According to Business Insider, “Scientists want to learn more about the genetic roots of various conditions and diseases in the hope that this information will lead to better treatments or even cures.” The CEO of 23andMe, Anna Wojiciciki, described the partnership with GlaxoSmithKline as an opportunity for citizens to contribute to the health issues that they are passionate about instead of passively waiting for solutions to “appear.” In 2018, those customers of 23andMe who opted-in to sharing their genetic data with third parties had contributed to an average of 230 studies on illnesses including asthma, lupus, and Parkinson’s disease (Brodwin, 2018).
GlaxoSmithKline estimates that drugs developed with DNA data are twice as likely to be successful in clinical trials compared to those that are not. But how many drugs have been discovered using DNA data? The Wall Street Journal reported that the collaboration between 23andMe and GlaxoSmithKline has led to the discovery of six potential drugs, one of which is beginning human trials this year (Roland, 2019). 23andMe recently announced the sale of a license to the pharmaceutical Spanish company Almirall SA for a drug discovered using DNA data. The drug provides promising results for treating inflammatory diseases like psoriasis; however, it may be used to treat several other conditions like lupus and Crohn’s disease (Brown, 2020).
While the collaboration between DNA testing companies and researchers may prove to add meaningful contributions to society, it is currently a risky endeavor because society doesn’t yet understand how to adequately protect this highly sensitive information. Although DNA data are anonymized by the companies who collect it, in actuality this information may not be anonymous at all as reidentification is quite common. Wired magazine reported a case where researchers were able to identify a husband and wife by using their DNA to connect them to distant relatives and cross-referencing their findings with public records. It took the researchers one day to connect the anonymous DNA to personal identifying information (Molteni, 2018). This type of reidentifying is not new; in fact, for a decade researchers have been able to connect anonymized DNA data to personal identifying information using census data and voter records. In another study, the chief science officer of MyHeritage, Yaniv Erlich, discovered that a database which contained the DNA data of 1.3 million US residents could be used to trace 60% of all white Americans to their third cousins, regardless of whether they had personally contributed to the DNA database. In the fall of 2018, 23andMe alone had collected DNA data on 19 million individuals (Brodwin, 2019).
Reidentification is also possible through data breaches, although DNA testing companies understand that the privacy of genetic data is paramount. The nascent understanding of data security leads to countless ways these data could be ascertained illegally. When genetic information is held by DNA testing companies, it is protected by security measures and stored separately from personal identifying information; however, these data could still be hacked and traced back to individuals. Moreover, once a user downloads his or her genetic information from the company, it is no longer protected by the proprietary security measures and is therefore much more susceptible to hackers. According to Business Insider, this data should at least be encrypted while downloading to prevent attacks. Once this information is stolen, one cannot get it back. The director of digital safety and privacy for an advocacy organization known as Tactical Tech told Business Insider, “You can cancel your credit card. You can’t change your DNA” (Brodwin, 2019). Ultimately, industries lack the understanding of the threats that surround data breaches, when the information in question is a human being’s genetic makeup.
It is possible to opt-out of sharing one’s data with third parties by correctly navigating the hoops laid out by the particular DNA testing company; however, the process is so convoluted that there are several guides online detailing the maneuvers for opting-out for each specific company. Once one has “secured” her data, it is important to know that these companies are allowed to change their policies regarding the handling of one’s data at any time. Furthermore, if the company adds a new partner to their list of third-party researchers, data that may have been opted-out of research in the past could be included in the new partnership. Ultimately, if one has ever opted-in to sharing of personal data with third parties, this sensitive information could be kept by the company for up to a decade (Brodwin, 2018).
While DNA tests provide an inside look at one’s genetic makeup and could connect otherwise estranged relatives, this data can be used by insurance companies to discriminate. Not only that, if corrupt governments wanted, they could use this data to monitor certain ethnic groups. Indeed, this is already happening in China. The aggregation of DNA data has enabled law enforcement to catch a high-profile killer – but at what cost? Reidentification based on genetic data is now common not just for those who have participated in DNA tests but for the majority of white Americans. This is clearly a privacy violation because it exposes the DNA of many human beings without their knowledge, much less without their consent. Until this information is either truly anonymized, properly secured, or protected from discrimination, it is not advisable to participate in at-home DNA testing.
“5 Reasons to Take up DNA Tests.” Psymbolic, Psymbolic Staff, 4 Nov. 2018, http://www.psymbolic.com/5-reasons-to-take-up-dna-tests/.
Barclay, Tim. “The Best DNA Test for Health in 2020: DNA Health Testing.” Innerbody, Innerbody, 9 Mar. 2018, http://www.innerbody.com/dna-testing/dna-health-testing.
Brodwin, Erin. “After you spit in a tube for a DNA test like 23andMe, experts say you shouldn’t assume your data will stay private forever.” Business Insider, Business Insider, 16 Feb. 2019, http://www.businessinsider.com/privacy-security-risks-genetic-testing-23andme-ancestry-dna-2019-2.
Brodwin, Erin. “DNA-testing companies like 23andMe sell your genetic data to drugmakers and other Silicon Valley startups.” Business Insider, Business Insider, 3 Aug. 2018, http://www.businessinsider.com/dna-testing-ancestry-23andme-share-data-companies-2018-8.
Brown, Kristen V. “23andMe Licenses Its Own Drug Compound to Spanish Firm Almirall.” Bloomberg, Blooberg, 9 Jan. 2020, http://www.bloomberg.com/news/articles/2020-01-09/23andme-licenses-drug-compound-to-spanish-drugmaker-almirall.
“Can the Results of Direct-to-Consumer Genetic Testing Affect My Ability to Get Insurance? – Genetics Home Reference – NIH.” U.S. National Library of Medicine, National Institutes of Health, ghr.nlm.nih.gov/primer/dtcgenetictesting/dtcinsurancerisk.
Harmon, Amy. “Why White Supremacists Are Chugging Milk (and Why Geneticists Are Alarmed).” The New York Times, The New York Times, 17 Oct. 2018, http://www.nytimes.com/2018/10/17/us/white-supremacists-science-dna.html.
“Is There a Parent-Child Evidentiary Privilege?” Findlaw, practice.findlaw.com/practice-guide/is-there-a-parent-child-evidentiary-privilege-.html.
Molteni, Megan. “Genome Hackers Show No One’s DNA Is Anonymous Anymore.” Wired, Wired, 18 Nov. 2018, http://www.wired.com/story/genome-hackers-show-no-ones-dna-is-anonymous-anymore/.
Perrin, Andrew. “About Half of Americans Are OK with DNA Testing Companies Sharing User Data with Law Enforcement.” Pew Research Center, Pew Research Center, 4 Feb. 2020, http://www.pewresearch.org/fact-tank/2020/02/04/about-half-of-americans-are-ok-with-dna-testing-companies-sharing-user-data-with-law-enforcement/.
Roland, Denise. “How Drug Companies Are Using Your DNA To Make New Medicine.” The Wall Street Journal, The Wall Street Journal, 22 Jun. 2019, http://www.wsj.com/articles/23andme-glaxo-mine-dna-data-in-hunt-for-new-drugs-11563879881.
Selk, Avi. “The Ingenious and ‘Dystopian’ DNA Technique Police Used to Hunt the ‘Golden State Killer’ Suspect.” The Washington Post, WP Company, 28 Apr. 2018, http://www.washingtonpost.com/news/true-crime/wp/2018/04/27/golden-state-killer-dna-website-gedmatch-was-used-to-identify-joseph-deangelo-as-suspect-police-say/.
Wee, Sui-lee. “China Uses DNA to Track Its People, With the Help of American Expertise.” The New York Times, The New York Times, 21 Feb. 2019, http://www.nytimes.com/2019/02/21/business/china-xinjiang-uighur-dna-thermo-fisher.html.
Table 1: Key Points for and Against Consumer DNA Testing Kits
|Arguments for Use of Consumer DNA Testing Kits||Arguments Against Use of Consumer DNA Testing Kits|
|Screening for risk of disease and health conditions||Current legal protections do not prevent health insurance discrimination|
|Family planning: determine risk of health conditions for potential children||Governments cataloguing data to discriminate against ethnic groups and violate human rights|
|Databases are accessed by law enforcement to solve crimes||High error rate can contribute to wrongful convictions|
|Can fill in ancestral history: family tree and geographic origins||Expectation of family privacy can be violated when familial DNA data used to convict|
|Data seemingly anonymized data can be re-identified|
|Opt-out and third-party access policies can be altered with changes to terms & conditions|