Selling yourself away
Consumer genetics is fraught with privacy concerns
In recent years, direct-to-consumer genetic tests have become a common holiday gift option. These services have become immensely popular, with one such service, 23andMe, claiming over 5 million users. Ancestry.com reported record sales for its AncestryDNA kit in November, right around the Black Friday and Cyber Monday shopping days.
More interesting than a gift certificate or a few dollars stuffed into a card, these DNA tests claim to trace the users’ ancestry back thousands of years, connect users with distant relatives and even reveal predispositions for certain ailments such as Alzheimer’s or Parkinson’s disease.
But this growing world of consumer genetics is fraught with privacy concerns.
Some consumers became wary after 23andMe announced it would share users’ data with pharmaceutical giant GlaxoSmithKline as part of a $300 million collaboration. 23andMe claimed that customer data, in this case genetic information, is shared in aggregate and wouldn’t be traced back to any individual.
But in 2017, the Federal Trade Commission cautioned that people should be aware of the risks involved in sending their genetic information to a company, warning that “hacks happen.”
“That tiny sample can disclose the biological building blocks of what makes you you,” FTC Bureau of Consumer Protection senior attorney Leslie Fair wrote in a blog post. “The data can be very enlightening personally, but a major concern for consumers should be who else could have access to information about your heritage and your health.”
Similar concerns have erupted over genealogical databases, publicly available repositories of people’s DNA meant to help people find relatives via genetic information. This past April, authorities used one such site to identify and arrest the so-called Golden State Killer, an elusive serial rapist and murderer active in California throughout the 1970s and 1980s.
While no one weeps for the apprehension of a serial killer, one can still be uneasy about the implications of the authorities having ready access to entire databases full of people’s genetic code.
What’s more, privacy and ethics law has not caught up to consumer genetic companies or biometric technologies. For instance, current interpretations of the Fifth Amendment prevent the police from forcing a person to divulge his phone password, but the police can force people to unlock their phones with a fingerprint.
While it would be nice to see the law catch up to the ever-accelerating technological changes now affecting millions of Americans, our federal government needs to resume working before it can actually pass any laws. Even so, addressing privacy concerns has rarely been at the top of its to-do pile.
In the meantime, consumers must practice more caution and think carefully about what information they are willing to provide and to whom. Giving out your email or phone number is one thing, but handing off your DNA? The consequences could be more dire than we could ever imagine.