• Whitehat

5 Reason why you should not share your DNA with consumer genetic-testing companies

DNA testing companies have recently taken off, and companies such as 23andME, Ancestry, and Veritas have been leading the charge, allowing individuals to discover more about their DNA. Thanks to these companies, unknowns of the probability of genetic predispositions and other risk factors are now a thing of the past, and they have boasted about helping everyday people make better decisions about their lifestyle (see infographic below). For as low as a one-time payment of $129 this seems like a steal of a lifetime, But Should You Be Afraid Of Handing Your Most Private Information Over?

23andMe Infographic
Infographic about the healthier choices of those who have bought 23andme

With the Covid-19 pandemic almost behind us, health has become a bigger priority in today's society, and these tests give us an insightful look at our genetic makeup, helping us make healthier decisions that will impact us positively. Others are less optimistic about these products because of what they may find out about their genetics and would rather go through life not knowing at all because "The enemy you know is better than the one you do not know". Some live by this credence, but unfortunately, this is not the scariest thing about handing your DNA over, instead, it is your privacy. When you send a sample in with these kits, you are giving away your most private information that contains not only your genealogy but also those of your family members. Because beyond proving the consumer with genetic and health assessments, what do these companies do with the rest of your data?


3D DNA Mockup
3D DNA Mockup

This is the most important question when considering whether or not to purchase these kits. These companies (23andme, Ancestry, Veritas) focus heavily on privacy because their business relies on consumer trust and without this, their business model would fail. Yet they are being investigated by the Federal Trade Commission for their usage of these data. If this information is not worrying enough below we will list below 5 reasons why you should be wary before sending your information to these companies.


1) Hackers


Cybercrime has been growing at an exponential rate and there is now an online attack executed every 39 seconds. Meaning businesses are now more susceptible to cyberattacks including industry behemoths such as Amazon, Google, Apple, etc. Cybercriminals now have a more lucrative way of making money called ransomware. Ransomware allows for the quick transaction of cash due to the sensitive nature of the data they manage to ransom. Targeting companies that own consumer DNA data would mean the lottery for hackers. Because there are many avenues to pressure these companies into immediate payments such as; threatening to release information regarding, technology secrets, the media, and the list goes on.


Recently more than 92 million accounts from the genealogy and DNA testing service MyHeritage were found on a private server, luckily no consumer DNA information was leaked. Data leaks such as this will become more common as more consumers opt into these services, ultimately giving hackers more of a reason to infiltrate the system.


2) Who is profiting from your information?

Definitely not you. Companies sell information interchangeably all the time, this includes companies that deal with information as sensitive as your DNA. This information is sold to research groups such as GlaxoSmithKline (GSK), P&G, and others that have not yet been made public. When signing up for this product, there is a consent section that asks you whether you consent to your data being shared with other companies, and some users accept this proposal without thinking about the repercussion of this, only once the information is made public about their data being shared, then do people understand what they consented to and the complaints come rolling in. This is the basis of human nature and initially, this simple consent to help with research would not seem harmful, till you realize who you are sharing that information with.


3) Whose Information are you also sharing?


Your DNA doesn't just belong to you, it also belongs to everyone on your family tree: your brother, father, cousins, and extended family. This means when this information about your DNA is shared you are also giving these companies insights into your family's DNA tree. Often this area is overlooked due to the lack of knowledge by the end user because the landing pages of the companies are meant to market the product and generate sales, therefore these companies instead focus on conversions rather than helping the consumers make an informed decision. You cannot blame these companies for these things because they are for-profit organizations that have to answer to investors and if they are not turning a profit, they risk losing support and a potential collapse of their life's work.


4) The Government and Law Enforcement want your DNA, and they know these companies have it.


Request from law enforcement and courts for your information is constantly underway and can be subpoenaed. The Canadian government has been spying on its citizens for years now and has claimed it was "accidental".


The government has been long known for crossing privacy boundaries and many of these instances have been overlooked, but the introduction of DNA and the ability of the government to have a massive record keeping on its citizens has further increased susceptibility to potential wrongdoing with these records. Good can also be done with this information: The Golden State Killer is a perfect example of this. DNA from one of these companies was used to crack this case after decades of stalemate. But the ability of law enforcement to target your DNA poses a big issue.


Darnovsky who is a social justice advocate noted that in the Golden State Killer case, law enforcement found their way to the suspect by using DNA from relatives. She said:


there is a lesson in this for consumers.

“When you provide your genetic information to a DNA testing company, you are also providing information about those related to you — including distant cousins. When your relatives, including distant ones whom you may not even know, provide their DNA, they are also providing genetic information about you.”


She also pointed out that while testing companies stress that DNA data is “de-identified” to protect privacy, data shared with researchers can be re-identified in many cases.

Requests may also come from the federal government, including the State Department or U.S. Military. King said it is much more likely the federal government will want this DNA data for law enforcement purposes rather than to exploit any employer-employee loophole in GINA.


Lastly, Darnovsky pointed out that there may be a racial component to be concerned about in addition to civil liberties issues: “There’s great concern in the law-enforcement context both about civil liberties in general and about the disproportionate impact on communities of color because they are already disproportionately in contact with police.”


5) The company can change its privacy laws due to its situation


The biggest focus for any company is remaining profitable and generating large returns on their investments and once that is reached companies normally look to other sources of revenue to supplement their current to keep shareholders happy. For example, once Netflix said it will never run ads on its platform, but due to a 57% drop in their stock price, this rule was expediently changed. Companies do not answer to their customers but instead to the shareholders of that specific stock and if they are unhappy with how the company is run, they will make sure to exercise their right to tank the stock price. This game has been played back and forth with institutional investors and the companies' leaderships and who's to say this won't prompt one of these big 3 genealogy companies to sell their information to the wrong buyer? The only thing stopping the companies from doing this is the trust you as the consumer place in them as a business,


hold your privacy dear and these companies will do the same.

Full privacy statements from Ancestry, Veritas Genetics, and 23andMe:

23andMe, Ancestry, Veritas Genetics