Public and policy makers grow suspicious of genetic testing companies—for good reason
The popularity of direct-to-consumer (DTC) genetic testing by companies such as 23andMe and Ancestry.com has skyrocketed. Meanwhile, so has concern about the privacy and uses of the genetic information being amassed. As controversies build, several state and federal initiatives are bringing to light the importance of addressing privacy—both genetic and digital—in public policy.
In response to the consequential mishandlings of digital consumer data by Silicon Valley tech giants, California legislators have unanimously adopted the California Consumer Privacy Act. The bill will increase online privacy standards by forcing tech companies to disclose the information they collect about users, allowing them to opt out of having their information shared with third parties.
Although genetic testing companies like 23andMe aren’t monitoring and marketing your online profile like Facebook and Google, they are collecting and selling your genetic profile. The new California law appears to exempt DTC genetic testers, but should it? Genetic information is perhaps an individual’s most intimate information, and the European Union’s recently enacted General Data Protection Regulation has chosen to recognize this. The European policy includes DNA in the basket of “personal data” it governs, whereas in the U.S. the flow of genetic information remains curtained from political oversight.
DTC genetic testing companies advertise their products as opportunities for consumers to glean personalized insight into their health and heritage. But this traditional consumer-product model is in fact an inverted understanding of the sector’s business model. Since their inception, the companies have stored consumers’ information in massive biobanks and have sold it in de-identified and aggregate form to partner companies. As a result, consumers—by way of their DNA–actually become the product.
And the “sale” is permanent: even if an individual requests their DNA be removed from company databases, quality assurance protocols prevent any deletion for at least a decade. In an article titled “Deleting Your Online DNA Data Is Brutally Difficult,” Bloomberg reporter Kristen Brown concluded, “Once you share your DNA online, you can’t really ever unshare it.”
Who exactly does have access to consumers’ DNA? That question has now become a topic of Congressional concern. Last November, Senate Minority Leader Chuck Schumer (D-NY) issued a press release calling on the Federal Trade Commission “to investigate and ensure that the privacy policies of all DNA test kits are clear, transparent, and fair to consumers.” Schumer expressed apprehension about companies that put consumers’ most personal information in the hands of third parties, pointing out that they make it impossible to “have any concrete understanding of to whom and for what purposes their data might be sold or used.” The FTC showed no signs of responding to Schumer until Fast Company published this piece last month—though no explicit details have been publicly divulged and Schumer has since fallen quiet.
Mounting clamor over cases such as the Golden State Killer has also triggered action in the House. In June, Representatives Dave Loebsack (D-IA) and Frank Pallone (D-NJ) sent letters directly to the offices of four genetic testing companies, posing numerous questions about how customers’ data is stored, used, and deleted upon request; which employees and third parties can access that information; and what kinds of security procedures are in place to protect it. “With the type of personal data being collected, these genetic testing companies are in a unique position and customers must be assured that their data is safe,” Loebsack said. He added that he wants to avoid “another Equifax situation where millions of Americans have to deal with close, personal information being stolen and put on the internet.”
Magnifying the controversy about genetic privacy is the Trump Administration’s plan to use DNA tests on the thousands of families that they have separated at the border. On July 5, CNN reported that the HHS’ Office of Refugee Resettlement was performing genetic tests on children and parents at the border. This announcement follows a previous suggestion by Congressmember Jackie Speier (D-CA), who in June called on 23andMe to offer their testing services to help reunite families.
Neither proposal has gone over well with NGOs working on civil rights and immigration issues at the border. RAICES explicitly rejected the idea of collecting DNA samples from an already at-risk population, telling CNN that stockpiling this type of information could allow the government to conduct surveillance on the children throughout their lives. “These are already very vulnerable communities, and this would potentially put their privacy at risk,” RAICES spokesperson Jennifer Falcon said. “Essentially, we’re solving one violation of their civil rights basically with another.”
Opposition toward implementing DNA tests at the border echoes the mounting skepticism of privacy standards in DTC genetic testing companies. It appears that the public and policy makers alike have recently recognized the inadequacies of the status quo.
DNA’s market value is massive. It is immutably intimate and incredibly informative. Moving forward it must be included in public policies concerning personal privacy.