Buying online DNA Ancestry Tests: You are the real product
28th March 2021
Genetic information is a highly valuable commodity -This should be apparent though I feel it needs to be emphasised. Your DNA is a prized asset, teeming with information that marketers and pharmaceutical companies, to name only two, are very keen on gaining access to. Access to this asset has been limited in the past, but the development of at-home DNA ancestry testing kits has caused a surge in DNA availability, but privacy laws regarding genetic information have not been developed at the same pace.
DNA ancestry testing is a market that, although a few decades old, has grown at an accelerated pace in the last number of years. In 2018 alone, there were more DNA ancestry tests taken, compared to the cumulative total of all previous years US National Library of Medicine reports suggest that over 26 million people worldwide have purchased use-at-home DNA ancestry testing kits, as of early 2019.
The most startling part of this entire phenomenon is the idea that people are paying for the analysis and storage of their genetic information. DNA ancestry testing companies, such as AncestryDNA or 23andMe, earn two sources of income from these tests – firstly from the consumers themselves, and secondly from the sale of the consumers’ information (with the consent of the consumer) to other companies for commercial use. Our most intimate form of data – literally making up who we are as individuals – is being stored and harvested, and may be used in ways that we are not aware of, and are not in control of. Although the consumers pay for the service provided by these DNA testing companies, they soon become the product sold to third-parties.
The industry leaders, AncestryDNA, 23andMe and MyHeritage DNA, have satisfied the public curiosity for potential family scandal in finding long-lost relatives or filling gaps in a family tree; discovering who they are and where they come from; and discovering the role that genetics play in their traits and their potential predisposition to disease.
For some of these direct-to-consumer at-home DNA ancestry testing companies, a majority of their income would come from the sale of customer data to other companies for commercial use. The more transparent of these companies show consumers exactly how their data could be used, given their consent, but a 2016 survey showed that only one third of the 86 companies offering genetic testing did this. Even with this lack of communication, 23andMe reported that 80% of their customers consent to this use of data.
“Our most intimate form of data – literally making up who we are as individuals – is being stored and harvested, and may be used in ways that we are not aware of”
23andMe allows customers to select exactly what this data is used for, be it academic research, non-profit research, industry organisations and/or specific disease studies. If consent is given initially, but retracted at a future date, there is no guarantee that your data will be fully erased from the research project. An Ancestry spokeswomen insisted that the permission to share DNA can be revoked at any time, but Jennifer King, director of consumer privacy at Stanford Law School’s Centre for Internet and Society, is not convinced, saying that “Quitting one of these services isn’t as simple as just clicking Delete. How do you verify that they’ve actually deleted your genetic profile or destroyed a physical sample?”
Like every online industry, the genetic-testing industry is also at high risk of hacking. The consequences of a hack of this magnitude are amplified given the personal nature of the information being breached. This is not just a hypothetical worry, but one that has happened in the past and there is a risk of happening again in the future. In October 2017, more than 92 million MyHeritage accounts were breached. The company released that email account details were leaked, but ensured that more sensitive information, such as DNA and family data, or credit card information, was stored separately and was not accessed. Although DNA data records were not breached, it should still be a concern to those involved.
If this genetic information falls into the wrong hands, it could be detrimental to society. The leaking of genetic information could compromise ability to get insurance, or life assurance, as people may not be covered for pre-disposed illnesses or ailments. For example, someone who has a family history of breast cancer, and is a carrier of the BRCA1 or BRCA2 gene, may be forced to pay exorbitant insurance premiums or may be denied insurance altogether.
The biggest issue with all of this is surrounding the idea that these are commercial businesses that can offer a health-related service, but are not healthcare workers. None of these companies have taken their Hippocratic Oath. These companies are not bound by a promise to care for the wellbeing of their customers. By sharing your DNA with companies like this, you are placing a huge amount of trust in the hands of these CEOs, who are solely motivated by their potential to generate profits from their assets.
As tedious as Terms & Conditions may be, users of these services should be fully aware of what they are signing up for, and the potential risks involved if data is breached or misused outside of what they consent to. A balance should be struck between the desire to learn about yourself and your family, and the implications for you, and your family members, if the data falls into the wrong hands.