Visa Wants to Make Money off Your DNA
Have you noticed that websites increasingly include advertisements targeted to someone who lives in your area and shares some of your interests? In the past three years, according to the Wall Street Journal [sub], "the personal-data business has exploded, with hundreds of companies tracking online behavior." That in turn naturally raises privacy issues. And they are likely to get much, much worse.
Visa has filed a patent application for a process that would use, among other sources, DNA databases to identify potential customers. The application, published in April, is titled "Systems and Methods to Deliver Targeted Advertisements to Audience," and covers generating
transaction profiles based on the transaction data, the account data, and/or other data, such as non-transactional data, wish lists, merchant provided information, address information, information from social network websites, information from credit bureaus, information from search engines, information about insurance claims, information from DNA databanks, and other examples.
Emily Steel of the Wall Street Journal broke the story last week. The main article is behind a subscription wall, but a related blog post is available, and links to the application itself. Martha White at Time's Moneyland blog picked up on the story, and has reaction from Lillie Coney of the Electronic Privacy Information Center, who is understandably concerned, on several grounds. White summarizes some of them:
What if a company decides not to give you a credit card because it has used DNA to discover that a relative of yours doesn't pay his or her bills? What if they take a peek at your genetic code and see that you're at risk for an expensive health ailment and decide to deny you credit?...
What's more, if a big financial institution has a data breach today, you may have to fight fraudulent charges or outright identity theft. What if that wasn't just your Social Security number, but your fingerprints or DNA that a cybercrook got his hands on?
The scariest news in this story is that anything we can imagine as frightening, they can imagine as a potential commercial opportunity. Visa's patent might not be granted, but if so that would likely be because the process is too obvious to be patentable (not because it's too appalling).
The profiles may initially be generic rather than individual; geographically based, say, or similar to the bland "customers who bought this also liked that" suggestions we've become used to. But the more companies have access to your most personal data, the more certain it is that some will sell it. As Coney says, "It's not going to sit there and not get used."
Visa is a clearing house that does not issue cards or generally deal directly with customers; it's not ready to implement this scheme but the idea that they are seriously planning for it is extremely worrying. MasterCard seems to be thinking on similar lines, having pitched a document to ad executives earlier this year called "You are what you buy." The company, however, insists (in a comment at the Time blog):
Our commitment to privacy and data protection is at the core of our value proposition to consumers and businesses. Simply put, MasterCard does not receive cardholder names and contact information with card transactions. Nor does MasterCard link our anonymous information to individuals.
GeneWatch UK, the Council for Responsible Genetics, and Privacy International have compiled information on concerns about the development of DNA databases worldwide for commercial, forensic and other reasons. A briefing paper titled "DNA databases and human rights" is here [PDF], and the August-September issue of GeneWatch focuses on forensic DNA and related issues.
Previously on Biopolitical Times: