You Discovered Your Genetic History. Is It Worth the Privacy Risk?

Kylie Charles spent years carefully weighing the pros and cons of genetic testing until her curiosity got the better of her. The 36-year-old writer yearned to know more about her distant father and his family history. All she knew was what he had told her, and it wasn’t much. It had been nearly 14 years since he last wrote her, and years more since they spoke, when Charles chose to carve out the missing fragments of her genetic history for herself.

While the process of producing a sufficient saliva sample and sending it off was tediously routine, Charles was unusual among the millions looking for answers about their family history in wanting to know what could happen to her DNA data after all is sequenced and settled.

Charles, who asked to use a pseudonym to protect her anonymity, is not your average consumer. She was so concerned about maintaining her privacy that when she finally settled on using AncestryDNA, a subsidiary of Ancestry.com, in March, she did so under a fabricated name for fear that her genetic information might somehow be traced back to her person.

A few weeks later, in April, the long-awaited arrest of a man in California alleged to be the infamous “Golden State Killer” ignited frenzied debate about the potential threat genealogy services that trace ancestry or medical history pose on privacy. The suspected killer had been identified when law enforcement found matching DNA from his relatives on a genetic database.

“Initially I was like, ‘Oh my god, was it my DNA that found him?’” said Charles, who coincidentally received the first results of her own genealogy test that same day.

That quickly turned out not to be the case. It was through GEDMatch, an open-source website that enables users to voluntarily upload their genetic information in the hopes of reuniting with long-lost relatives, and not AncestryDNA that investigators were able to solve the cold case.

Charles felt a pang of relief. She knew that she had the potential to discover surprises, even those of a criminal nature, in her genetic history. Indeed, since April at least six more cold cases have been solved by matching crime-scene DNA to genetic information posted by relatives on GEDMatch. In July, for example, such advances in genealogy technology led to the arrest of John D. Miller for the murder and mutilation of 8-year-old April Tinsley, a crime that had otherwise remained unsolved for more than 30 years.

“It makes me a little nervous, not in the sense that this technology is being used to stop violent criminals, but whether law enforcement will know when to stop,” says Charles. “Will it just be used to catch murderers? Or will it be used to catch protesters one day, too?

***

Share your genetic information with a site like GEDMatch and you’re fully aware that you’re publicizing it. But what about using one of several DNA kits on the market today? If you spit in a tube and send it away, will your personal information stay private?

The answer is: it depends. Like any consumer good, participation in a genealogy service is contingent on the user’s agreement to its privacy contract. Tucked discreetly in the legalese of these policies, you will find a line indicating your consent to sharing de-identified genetic data with unnamed “third-parties.” While this shared information may be stripped of personal identifiers such as your name or location, some question whether individual privacy can truly be preserved.

There are two key players who dominate the genetic testing field today—and they both insist it can be: Ancestry.com, via its AncestryDNA unit, and 23andMe, the California biotech company led by Anne Wojcicki. In the last few years, both have experienced serious booms in business. In March, AncestryDNA, which launched in 2012 (its parent company was founded in 1983), announced that it had tested nearly 10 million people, claiming the title as the world’s largest genealogy company. (In 2016, the privately held company was reported to be valued at $2.6 billion.) Rival 23andMe says it has tested more than five million people, according to 2018 company reports, and was reportedly valued at $1.5 billion at the end of last year.

Both companies have managed to capitalize on increasing demand in a relatively new market, but they differ in purpose and thus present different ethical dilemmas when it comes to considerations of privacy. Where AncestryDNA offers information solely on a person’s ancestral heritage, 23andMe takes it one step further—providing the consumer with data on their genetic predisposition or risk of acquiring certain diseases in the future. Those results could warn individuals of potential medical issues. But, if, as some fear, that information were de-identified and shared—particularly with insurers and employers —it could put those people, and their family members, at risk of medical discrimination.

Charles weighed those hypotheticals. While worrying, she was still curious and sent off another sample, this time to 23andMe, in late July. She hasn’t yet received the results: “I do still have some anxiety about it,” Charles admits. “But there’s really not a lot of privacy left with today’s technology, so I thought, ‘Let’s throw caution to the wind.’”

In this era of dwindling privacy, human DNA is perhaps the last frontier. And the burgeoning group of companies that sequence, store and interpret that DNA operate in a largely uncharted territory, somewhere between the realm of lightly regulated consumer goods and highly regulated medical services.

Direct-to-consumer genetic testing companies like 23andMe must win FDA approval to send individuals medical risk findings, while companies that involve physicians in the process do not. But unlike healthcare providers, direct-to-consumer genetic testing companies are not bound by HIPPA, the law that protects the privacy of personal medical information, and there are few laws in place to regulate the privacy of genetic information obtained by these companies.

“One of the big distinctions between medical research and data in Silicon Valley is the ethical framework that requires informed consent,” said Charles Seife, a professor of journalism at New York University who writes extensively on the genetic testing industry. “It is a difference of making sure that [privacy] rights are being preserved.”

Although 23andMe’s privacy policy vows that personal genetic information will never be distributed without explicit written consent, the company does “use and share aggregate information with third parties,” the policy states. That means they only share customers’ genetic information once it has been pooled together and de-identified.

While 23andMe says the majority of these third party entities are research partners—it recently inked a $300 million deal with British pharmaceutical giant GSK, which will use genetic data for drug discovery, for example—the company’s website notes such exchange may take place“to perform business development, initiate research, send you marketing emails and improve our services.”

Even though this aggregate data is anonymized, experts question whether privacy is truly protected.

“They will strip the data of identifiers, but if this is going to be useful for medical research, there will necessarily be information about your age, your height, your weight, where you live, maybe where you were born, and any diseases you may have,” says Hank Greely, director of Center for Law and Biosciences at Stanford. In other words, he says, “Your information might be personally identifiable.”

Even so, Greely sent his genetic information to AncestryDNA. Although he acknowledges the danger of re-identification, the bioethicist questions whether the risk of his genetic information being made public is anything more than a theoretical concern.

“I don’t know how realistic a threat this is. Is anybody going to really care,” wonders Greely. “Maybe if somebody thinks that Steph Curry is in this database they’re curious to identify him and see what makes his jump shots so good.”

But other experts see the risk of re-identification as a direct threat to personal liberty. Joel Reynolds, a post-doctoral fellow of bioethics at the Hastings Center, fears that most consumers are unlikely to grasp the nuanced threat that medical genetic tests like those offered by 23andMe could pose to their future privacy.

“This is complicated stuff for professionals who are developing the technology and have been working in the field for years,” says Reynolds. “I’m a little worried that people are not fully understanding the meaning of it.” (In an effort to research the ethics of genealogy services fairly and completely, the bioethicist decided to put his own private medical data on the line and took a 23andMe exam.)

An overwhelming majority of consumers are willing to share their DNA for research purposes under the assumption that it is for a greater good. According to 23andMe, nearly 80% of its users actively opt to donate their data for “research purposes.” But while the general assumption suggests that such science is for a greater good, bioethicists warn that may not always be the case.

“Most people are going to be happy to contribute to medical research,” says Greely. “But what if somebody wants to do research on race and intelligence?”

Reynolds voices similar concerns, explaining that scientific research on race is often misunderstood and misinterpreted.

“One very complicated facet of genetic research is the fact that racial categories that people use in everyday speech and that are part of our culture mean something very different when they get used in this research,” says Reynolds.

“You get into a weird situation where the belief that particular races have particular health risks and are going to have particular health consequences,” he explains. “That belief can easily turn into very pernicious racist ideas that certain races have X, Y and Z health problems and that is simply not what the research says.”

But perhaps the most troubling threat of third party sharing is the possibility that a consumer’s genetic data—shared in the name of research—might one day be used for non-research purposes.

Ancestry’s spokesperson offered these assurances: “We do not and will not sell DNA data to insurers, employers, health providers or third-party marketers and will only share DNA data with researchers if the customer has consented.” Similarly, 23andMe maintains that sharing only happens with consent and that law enforcement agencies must have a court order to access specific data.

While for now privacy policies seem to offer customers a degree of protection, it is worth noting that these policies are legally allowed to change at any time. Ancestry’s 16-point privacy policy, for instance ends with this caveat: “We may modify this Privacy Statement at any time.” That’s perfectly legal, and it’s what worries experts.

“Today, there are open doors to certain types of genetic discrimination that we simply do not have legal protections for,” says Reynolds. “This is very high stakes.”

Seife, the New York University journalism professor agrees the nation’s existing laws to prevent genetic discrimination are weak and unlikely to hold in practice. “If genomic information is out there, why wouldn’t an insurer take a look at someone’s genome before putting them in their risk pool?”

He adds, the threat is not in the “Gattaca remote future. It’s in the here and now.”

As Charles awaits her latest set of genetic test results, she still harbors reservations but is bargaining for a bit more time.

“I had to take privacy policies at face value in order to be able to send my tests in,” says Charles. “I guess we’ll find out in 5 to 10 years if they were true.”