Home DNA Tests Could Be Gathering Your Personal Info! A Discussion of Genetic Testing Privacy Issues

Finjan TeamBlog, Cybersecurity

Finjan Home DNA Tests Could Be Gathering Your Personal Info!  A Discussion of Genetic Testing Privacy Issues

Privacy concerns and worries about the handling of information gathered from consumers by mobile apps, websites, and online resources have been very much in the news, of late. But with the holiday season upon us – and with many people having excess time on their hands and/or memorable festive gifts to shop for – there’s an unusual new avenue which potentially poses additional threats to our personal data.

Intrusive Tests? Genetic Testing Privacy Concerns Revealed

It’s been recently brought to public attention that a range of kits on sale for home DNA testing and sampling may be serving as an unregulated avenue for personal information to make its way to any number of third-party organizations and entities.

In a story reported by the New York Post, U.S. Senator Chuck Schumer specifically called out companies like AncestryDNA which offer consumer-level kits for hair, saliva, blood, or other tissue sampling from buyers, as a prelude to conducting tests on their DNA to discover whether or not they have traits or tendencies of particular interest.

This interest can cut both ways, and Sen. Schumer warns that:

“Many don’t realize that their sensitive information may end up in the hands of many other third-party companies,” and goes further to state that:

“There is no point in learning about your family tree if your privacy gets chopped down at the same time.”

Schumer says he’s calling on the Federal Trade Commission (FTC) to investigate the possible DNA data mining and selling activities being conducted by players in the growing DNA home testing kit market.

The Capabilities of Genetic Testing Products

There’s more than just novelty, in the home DNA testing concept. While many consumers might simply buy a kit to discover whether they have ancestral traits from certain geographical regions or ethnicities, other uses of the technology may have value in a diagnostic or therapeutic sense, pointing to potential markers which might indicate a future tendency to certain medical or psychological conditions.

In the public perception (largely due to exaggerated claims and over-simplifications in the entertainment world and popular media), “DNA” has become synonymous with “infallible proof”. But the actual capabilities of DNA research – and certainly those of what are essentially quite low-grade products for popular consumption – should be taken with a degree of reservation.

Considering the capabilities of home DNA testing kits in her article “What I learned from home DNA testing“, online journalist Barbara Ellen suggests that, far from providing buyers with definitive proof that they’re liable to develop conditions such as Alzheimer’s, Parkinson’s, or breast and ovarian cancers (BRCA1/BRCA2), these products may instead awaken unhealthy concerns in the minds of consumers, and create additional work for already over-stretched conventional medical services, which are called upon to handle the fall-out from worried customers of private companies (the test kit vendors) consulting doctors for a second opinion.

Genetic Testing Privacy – Disclaiming the Disclaimers

More worrying by far is what’s happening to the genetic material and DNA test results being generated by these consumer-level processes.

As the manufacturers and distributors of home DNA test kits accelerate their marketing campaigns for the festive season, Senator Schumer points out that any disclaimers made by these companies over their usage of customers’ personal information aren’t really worth much, as the data concerned doesn’t necessarily come under the provisions of the Health Insurance Portability and Accountability Act (HIPAA), or other legal frameworks and compliance regimes currently in force.

And any disclaimers in place are actually pretty weak – since almost all DNA testing kits on the market have a blanket policy of distributing user-generated data in some form or other, on to third parties. The article “23andMe, Ancestry and Selling Your DNA Information” on DNA-Explained.com takes as an example the privacy policies of two of the worst offenders.

In the Terms of Service section of the 23andMe website (accessed via the minuscule “I accept the terms of service” check-box, which is just above the large gray “submit order” box of the purchase screen), there’s a link to this highlight from their Privacy statement:

“We may share anonymized and aggregate information with third parties; anonymized and aggregate information is any information that has been stripped of your name and contact information and aggregated with information of others or anonymized so that you cannot reasonably be identified as an individual.”

“If you withdraw your consent for research your Genetic Information and Self-Reported Information may still be used by us and shared with our third-party service providers to provide and improve our Services (as described in Section 4.a), and shared as Aggregate Information that does not identify you as an individual…”

Meanwhile, over at AncestryDNA (one of the brands specifically cited by Senator Schumer), there’s this:

“By submitting DNA to AncestryDNA, you grant AncestryDNA and the Ancestry Group Companies a perpetual, royalty-free, worldwide, transferable license to use your DNA, and any DNA you submit for any person from whom you obtained legal authorization as described in this Agreement, and to use, host, sublicense and distribute the resulting analysis to the extent and in the form or context we deem appropriate on or through any media or medium and with any technology or devices now known or hereafter developed or discovered. You hereby release AncestryDNA from any and all claims, liens, demands, actions or suits in connection with the DNA sample, the test or results thereof, including, without limitation, errors, omissions, claims for defamation, invasion of privacy, right of publicity, emotional distress or economic loss. This license continues even if you stop using the Website or the Service.”

Neither company offers consumers a clear procedure for opting out of such information-sharing – and they’re by no means alone, in this.

Genetic Testing Privacy Concerns and the Potential Misuses of Personal Data

Besides the beneficial claim which manufacturers of home DNA testing kits make about using customer-generated information as a means of improving future versions of their product, there are several ways in which such data may be used for far less noble purposes.

At the lesser end of the scale, genetic information and materials may be used by law enforcement agencies investigating criminal cases, by pharmaceutical firms developing and marketing new drugs, or by insurance companies looking to surcharge or disqualify potential applicants on the basis of pre-existing medical conditions.

At the darker end of the spectrum, such information may be used in genetic or racial profiling, or for the development of products such as 23andMe’s patented Designer Baby technology.

Genetic Testing Privacy – Let the Buyer Beware

Despite Senator Schumer’s efforts, there are as yet no legal frameworks in place to protect consumer privacy in this burgeoning market.

Buyers in the European Union (EU) may look forward to some degree of protection, once the General Data Protection Regulation (GDPR) and its associated compliance regime comes into effect in May 2018. Its provisions will at least demand that DNA test kit manufacturers and data processors provide opt-out procedures for consumers which are written in plain and transparent language.

For everyone else, the best advice in the current environment is to read the fine print before making a purchase, seek legal advice if necessary, and consult a licensed medical practitioner if further clarification on results and testing procedures is required.

Share this Post

Summary
Finjan Home DNA Tests Could Be Gathering Your Personal Info!  A Discussion of Genetic Testing Privacy Issues
Article Name
Home DNA Tests Could Be Gathering Your Personal Info! A Discussion of Genetic Testing Privacy Issues
Description
A range of kits on sale for home DNA testing and sampling may be serving as an unregulated avenue for personal information (PI) to make its way to any number of third-party organizations and entities.
Author
Publisher Name
Finjan
Publisher Logo
Finjan Home DNA Tests Could Be Gathering Your Personal Info!  A Discussion of Genetic Testing Privacy Issues