A tweet recently popped up on my timeline with a link to a story stating that the genetics company 23andMe will no longer let app developers read the DNA data of its customers.
23andMe is one of numerous consumer DNA testing companies in the market at the moment. For as little as £80, curious consumers can purchase a home testing kit and send off a sample of saliva through the post. The company analyses the sample and returns an ancestry and/or health report. The happy buyer can then proudly assert that their genetic ethnicity is 50% Slavic, 25% Pacific Islander and 25% African hunter-gatherer, and that they have a propensity to snore and a predisposition to bunions, for example.
I read the article and wondered why the genetics company had been allowing app developers to read users’ DNA in the first place.
I decided to take a look at the T&Cs of some of these home genetic testing companies. Luckily, the Council for Responsible Genetics published a consumer guide to privacy in regards to ancestry DNA testing in March 2017. It contains a table of the privacy policies of around 30 direct-to-consumer genetic testing companies.
Some genetic testing companies seem to take the privacy of their customers seriously. African Ancestry states that its employees sign non-disclosure agreements. African DNA says that it accepts responsibility to keep its customers’ specific data private and DNA Solutions states that it ensures total customer privacy and confidentiality. DNA Tribes tells its customers what to do to exclude their data from anonymous aggregate DNA analysis and states that is does not rent, sell or share personal information with other people or companies.
"Several companies make no mention of securing their customers' DNA samples."
Worryingly, several companies make no mention of securing their customers’ DNA samples and were instead more interested in telling customers about cookies and website data. One company states that its users have the right to decide if they want to give permission before their health information can be used or shared for certain purposes. “However, we may not grant the request,” it added.
This attitude appears quite cavalier. The lack of acknowledgement of the power they hold over the essence of someone’s being, I feel is a very worrying indicator of a company’s integrity.
The consumer guide also suggests 20 questions that consumers of DNA ancestry tests need to ask before submitting DNA samples.
It is definitely worth asking those questions and finding out beforehand if your DNA sample will be retained by the company or destroyed after it is sequenced for ancestry analysis. Users would also probably be quite keen to know who the company’s “trusted” business partners are and who it might share that information with. And even if it is possible to opt out of sharing.
In July, pharmaceutical giant GlaxoSmithKline announced a $300 million equity investment in, and a four-year collaboration deal with 23andMe. That pharma corporate is surely “trusted” by the company receiving its money, but would the customer’s have that same level of trust?
"Data doesn't get any more personal than this."
On a superficial level, creating a family tree with the help of genetic DNA testing may seem innocuous, but data doesn’t get any more personal than this. Be careful who you hand it over to.
I read a Medium blog a few years ago which highlighted the extensive rights the genetic testing companies would have over a person’s data, once they have signed up and agreed to the terms and conditions. The words ‘in perpetuity’ stuck in my head, and I firmly decided to keep my spittle to myself.