DNA Testing Privacy Issues and Genetic Profiling

There’s a fascinating true-crime video on YouTube in which a high-ranking Canadian military officer is being questioned by a detective for multiple murders which he actually committed. During the interview, the detective tries to get him to spit out his gum and offers him a coffee. If the officer throws out his gum, or drinks the coffee and leaves the cup, they have his DNA profile. He ended up confessing so it didn’t matter. In another story, a detective posed as a waiter at a restaurant just to get his hands on a suspect’s discarded pizza crust to get the DNA profile off of it. These are a few examples of how difficult it is for someone to get their hands on your DNA for genetic profiling if they don’t have a personal relationship with you. While your social security number, credit card numbers, or your bank card pins are all sensitive, perhaps the most unique piece of information you have is your DNA.

In earlier articles, we wrote about DNA testing companies like 23andMe, Ancestry.com, and Family Tree DNA. A number of people commented on their experiences using these platforms, and mentioned that you can upload your DNA results to a website called GEDMatch.com to find more matches. We could find no info about who owned this site or why they provided this service. We were quite surprised to see people were so nonchalant about the idea of sharing such a private piece of information with an organization that they knew nothing about. So what’s the big deal you might ask? What can someone actually do with this information?

Firstly, law enforcement can use it. We know, if you haven’t done anything wrong then you don’t have anything to worry about, right? Not necessarily. The FBI now conducts “familial DNA searches” which attempt to match a DNA profile to “close relatives” who have had their genetic profiles catalogued. Don’t think the FBI will show up at your door just based on these close matches? Think again. Wired wrote an article last year about a case where a film-maker was interrogated by police based on a DNA sample his father had donated to a genealogy project through his church. That database was acquired by Ancestry.com and the FBI decided to query it for genetic leads. He was cleared after providing them with a DNA sample and waiting an agonizing 33 days to find out he was innocent.

Secondly, there’s this concept of “genome hacking” where someone can get ahold of your DNA from discarded gum like in our earlier example or any other number of methods and find out things about you. In this article by Forbes, the topic is talked about in more detail along with the author’s experience of “genome hacking” his colleague from a glass of drinking water and finding out that the hacked individual was at risk for baldness, psoriasis and glaucoma. Wondering about what sort of children you might produce with your significant other but they don’t want to get a DNA test? You should be getting the picture by now.

Thirdly, your DNA presents the ultimate holy grail for target marketing, especially when we can fully understand what someone’s genetic profile says about them. Even with just the basics like gender, hair color and risk of baldness you could create some pretty targeted shampoo adds. Just think of how much your insurance company would like to get there hands on your DNA in order to know all about your “at risk” traits so they can adjust their policy prices accordingly. While there are laws preventing this, what if they offered you a large discount if you could prove you had or didn’t have certain traits?

Now that we’ve given you three issues to be concerned about when it comes to DNA privacy, let’s take a look at the privacy policies for each of the biggest 3 test DNA testing companies as of 4/5/2016. While these policies are massive documents, we took out excerpts that we believe are quite telling.

23andMe Privacy Policy

We will not use your sensitive information without your consent unless: (i) the information has been anonymized or aggregated so that you cannot reasonably be identified as an individual; or (ii) a legal obligation requires us to use it in some way e.g. a court order requires us to disclose the information.

FamilyTreeDNA Privacy Policy

We may disclose your Personal Information

• with your knowledge and any relevant permissions
• as described in this Privacy Document
• as may be required by law, regulatory authorities, legal process or to protect the rights or property of Gene by Gene or other Users (including outside your country of residence)
• to enforce our terms and conditions
• to protect our rights, privacy, safety, confidentiality, reputation or property, and/or that of Gene by Gene, you or others
• to prevent fraud or cybercrime
• to permit us to pursue available remedies or limit the damages that we may sustain.

AncestryDNA Privacy Policy

Examples of the limited circumstances when Ancestry may disclose your personal information to third parties are:

• (a) with your knowledge and any relevant consents;
• (b) as described in this statement;
• (c) where personal information is collected through the Websites;
• (d) as may be required by law, regulatory authorities, legal process or to protect the rights or property of Ancestry or other users (including outside your country of residence);
• (e) to enforce our terms and conditions;
• (f) to protect our rights, privacy, safety, confidentiality, reputation or property, and/or that of our Group Companies, you or others; (g) to prevent fraud or cybercrime; or
• (h) to permit us to pursue available remedies or limit the damages that we may sustain.

So these are the privacy policies that you are subjected to by each provider. If you don’t like them, just don’t get tested. But what if you had to in order to live longer? The new Illumina (NASDAQ:ILMN) venture called “Grail” is spending $100 million to detect cancer in the earliest stages by examining your DNA profile. Are you still going to refuse to take a DNA test if it could increase your life expectancy by 25 years?

DNA privacy is a delicate topic and nobody seems to be addressing it. If a company expects to build the world’s largest DNA test result database, like Illumina’s venture called Helix which will store your DNA in the cloud , they’ll need their data privacy policies wrapped up tighter than a drum. While it’s fun to find out where your long lost cousins are living, just be aware of who you give your DNA to and what they might be using it for.

Worried about DNA privacy? You should be. Now, Nebula Genomics allows you to learn about your DNA without giving it away. They even offer anonymous DNA testing.