DNA and privacy

, , ,

There’s been a lot of news articles and news show segments about DNA testing and privacy, and we all know I feel about that:

What I want to do here is help people make an informed choice about DNA testing, and that means facts, not fearmongering.

There are three basic concerns when it comes to DNA testing: what the company is doing with your DNA results, whether your DNA results can be used against you and the biggest concern, privacy.

First of all, let’s talk about what the company is doing with your DNA results. There is a rumour going around that DNA companies own your DNA once it is submitted, and that they are selling it to third parties. This is an urban legend, so much so that Snopes posted a response to it. The fact is that your DNA is actually being licensed to the DNA company, which you can read more about here (in the particular case of Ancestry).

Second, many people have expressed concern that your DNA results can be used against you. This is especially concerning when it comes to health and life insurance. However, a little research will allow anyone to see that Canada has enacted a Genetic Non-Discrimination Act. This act prevents companies from discriminating against people on the basis of genetic tests or requiring people to undergo genetic testing to obtain services.

  • 3 (1) It is prohibited for any person to require an individual to undergo a genetic test as a condition of

    • (a) providing goods or services to that individual;

    • (b) entering into or continuing a contract or agreement with that individual; or

    • (c) offering or continuing specific terms or conditions in a contract or agreement with that individual.

  • (2) It is prohibited for any person to refuse to engage in an activity described in any of paragraphs (1)(a) to (c) in respect of an individual on the grounds that the individual has refused to undergo a genetic test.

  • (1) It is prohibited for any person to require an individual to disclose the results of a genetic test as a condition of engaging in an activity described in any of paragraphs 3(1)(a) to (c).

The US has a similar law called the Genetic Information Nondiscrimination Act (GINA). While the American version does not allow discrimination for health insurance, it seems that the same is not true for life insurance. However, this is not the wild west and there are agencies available to help people understand this law and its implications.

A lot of references have been made to Cambridge Analytica when talking about DNA and privacy and I just

It’s a really, really poor analogy. First of all, the information that Cambridge Analytica used was freely given. The word “breach” has been thrown around as if a vault was broken into and its contents stolen. People knew by signing up to Facebook that they were making their information available, much like using my grocery store’s discount card means that I know someone is tracking my purchases. There is a big difference in paying for a service and receiving a service for free: in the first instance your information is something you are paying for, in the second, your information is something you are paying with.

A breach can still happen, however. I am confused, though, at what people think will be done with their DNA. Since our entire genome is not sequenced, it’s not like somebody is going to be cloning us or planting our DNA at crime scenes. Privacy expert Timothy Caulfield states in this article: “If marketers have other pieces, say your search habits, where you live, your education, and they have this piece also, it does create a more comprehensive picture of you.” But if it takes a company millions of dollars, groups of scientists and references populations to give me a best guess at what my ethnicity is, I’m not sure what a more comprehensive picture means, let alone how it would be profitable for companies to do so. Further, so much of what makes us who we are can’t be reduced to our genetics -the old nature vs. nurture debate. Finally, I am extremely skeptical of an article that claims that our genetic information can be used against us in terms of our health insurance but makes no mention of any of the laws mentioned above that prohibit this kind of discrimination.

I don’t like articles like these which hint at privacy bogeymen. While there are many uses for the DNA that has been submitted to DNA testing companies that we have not even thought of, the fact that these articles make inaccurate claims to bolster their arguments and don’t even mention the actual privacy concerns says to me that they are just fearmongering and engaging in sensational journalism.

Let’s talk now about actual privacy concerns. All these DNA testing companies take your DNA and compare it against other DNA to see if they can find a connection. No one can actually see your DNA, just the places in which they match (and in the case of Ancestry, they can only see how much DNA is shared,  not even the place where it is matched). While it is not impossible for people to glean medical information from your DNA results, it can only happen in a very narrow set of circumstances, as in this case, where you know someone has a genetic disease, and so you then know that people who share genes with this person are carriers for this disease.

People also need to be aware that there are many people using DNA to help them find their biological families. Adoptees, birth families and even donor conceived children are using these sites to find matches, gleaning what they can from their family trees and figuring out who their biological family is. Knowing that people can be identified in this way is an important consideration when deciding to take a DNA test. Even those not searching for their birth families are going to use every trick in the book to try to identify their matches to help them further their genealogical research. If you were not aware that things like this could be done, it is important to know. However, the people in the video did not use genetic information at all to identify the match, they used information from social media  as well as other privacy-busting sites, so people should be aware that this privacy concern is not alleviated by avoiding DNA tests.

Given that DNA companies have hit a tipping point in terms of the amount of people who have tested (Ancestry has sold over 10 million kits), it makes sense that people are coming up with new uses for the data stored there. A missing persons case was solved with the use of a database called Gedmatch, and the hope is to solve many more cases that way. However, while Gedmatch’s terms of service state “While the results presented on this site are intended solely for genealogical research, we are unable to guarantee that users will not find other uses,” I don’t know that anyone expected the following use.

A serial killer was recently arrested in California, and law enforcement vaguely stated that a genealogical database was used to collect data that led to his arrest. Two of the big companies have denied that they were a part of the investigation and their terms of service state that law enforcement must follow procedure in order to obtain data (i.e. a warrant must be issued). However, since Gedmatch’s terms of service don’t contain those terms. In fact, Gedmatch itself posted recently:

We understand that the GEDmatch database was used to help identify the Golden State Killer. Although we were not approached by law enforcement or anyone else about this case or about the DNA, it has always been GEDmatch’s policy to inform users that the database could be used for other uses, as set forth in the Site Policy (linked to the login page and https://www.gedmatch.com/policy.php). While the database was created for genealogical research, it is important that GEDmatch participants understand the possible uses of their DNA, including identification of relatives that have committed crimes or were victims of crimes. If you are concerned about non-genealogical uses of your DNA, you should not upload your DNA to the database and/or you should remove DNA that has already been uploaded.To delete your registration contact gedmatch@gmail.com

I hope that Gedmatch’s terms of service will be updated with that language, since while I don’t have a problem with my DNA being used to catch serial killers or solve missing persons cases, some might. Here’s a really good post on the issues.

In the end, informed consent is what it comes down to. No one is suggesting that privacy concerns don’t exist, or that people shouldn’t read the terms and services of the companies that they are sending their data to. However, to single out DNA companies with fearmongering does a disservice to those of us in the genealogy world. While we can use information to diminish the amount of risk we expose ourselves to, zero risk is an impossible dream. People are still using Facebook after Cambridge Analytica (although hopefully a little more carefully) because they see that the value that they receive as a result overshadows the risk. The same is true of DNA testing.

2 responses to “DNA and privacy”

  1. Please Upload Your DNA Results to Gedmatch.com | Jenealogy Avatar
    Please Upload Your DNA Results to Gedmatch.com | Jenealogy

    […] This is an important concern! Please read the Terms and Conditions. I also wrote a blog post about DNA and privacy here. […]

    Reply
  2. Obituaries | Jennealogie Avatar
    Obituaries | Jennealogie

    […] relatives I had never met. If I were to ask someone what the best way to invade someone’s privacy is, I’m sure an obituary wouldn’t even make the list. However, when I work to help […]

    Reply

Leave a comment

Search

Latest Stories

Email me