5 months ago
16
Turmoil astatine 23andMe, a institution offering fashionable at-home DNA testing, has upset the industry. Following the resignation of each autarkic subordinate of the company’s committee of directors, its main executive, Anne Wojcicki, expressed openness to selling the institution and its database of around 15 cardinal customers, raising concerns about the misuse of familial data.
Although Wojcicki has since said she is focused connected taking 23andMe private, the data-sharing risks raised by DNA investigating and matching companies are already here. A class-action suit filed successful August alleges that the relation of GEDmatch.com, a genealogy tract that claims to person a database of more than 1 cardinal members, has been sharing users’ accusation with Facebook. This revelation should alarm america all.
GEDmatch stands isolated from companies specified arsenic 23andMe. It’s an open, crowdsourced database that anyone tin search. Founded successful 2010, it emerged arsenic a instrumentality for genealogy enthusiasts to upload DNA results and link with relatives. It gained notoriety erstwhile instrumentality enforcement officials announced successful 2018 that they had used the work to place the Golden State Killer.
Initially, the site’s users consented to stock DNA to lick lone cases of execution and rape. However, GEDMatch co-founder Curtis Rogers unilaterally made an objection to the argumentation for an battle case. The resulting backlash led to Rogers and his spouse making users unsearchable to instrumentality enforcement by default; they could opt successful to searches if they chose. But aboriginal that year, the enactment betwixt hobbyist’s instrumentality and crime-solving level blurred further erstwhile Verogen, a for-profit forensic sequencing institution with government ties, acquired GEDmatch. (Verogen has since been acquired by the multinational institution Qiagen.) And past year, reports surfaced that a loophole gave instrumentality enforcement agencies entree to GEDmatch users who did not consent to those searches.
The August lawsuit alleges that GEDmatch has been secretly sharing users’ familial accusation utilizing Meta Pixel, a tracking codification embedded successful websites, fundamentally wiretapping users’ interactions. If the allegations are true, that means Facebook could spot whether you person taken a familial trial — and could way links you click connected to larn much astir your DNA, specified as, “Are your parents related?” oregon a examination instrumentality detailing chromosome matches, oregon a tool to research DNA segments linked to carnal traits and aesculapian information.
The implications of familial information breaches are staggering: This accusation tin reveal delicate information astir a person’s wellness and different characteristics. In the incorrect hands, it carries profound risks. For example, it tin pb to favoritism successful schools, lodging and disablement security (all areas not covered by the national Genetic Information Nondiscrimination Act), oregon to the instauration of biologic weapons that use DNA to termination a targeted individual. Unlike a compromised password oregon recognition paper number, familial accusation cannot beryllium changed.
Moreover, your DNA reveals accusation astir not conscionable you but besides your family. Even if you’ve ne'er taken a DNA test, if a comparative has, your privateness whitethorn already beryllium compromised. Research suggests that 90% of achromatic Americans tin beryllium identified connected genealogy websites adjacent if they’ve ne'er submitted their ain DNA.
DNA commodification is nary longer a aboriginal concern; it’s a contiguous reality. Beyond charging users for their services, immoderate companies person explored selling their information and giving consumers a tiny chopped of the profits oregon offering different fiscal incentives to manus implicit the lucrative samples.
Through a merger, acquisition, merchantability of assets oregon bankruptcy, companies could monetize the treasure trove of DNA they person collected. The privateness policies of 23andMe and GEDmatch some marque wide that if the companies are sold, a user’s idiosyncratic accusation tin beryllium transferred arsenic portion of that transaction.
The engagement of tech giants specified arsenic Facebook adds different furniture of concern. Facebook’s concern exemplary revolves astir sharing accusation with galore 3rd parties. Unlike aesculapian providers, familial investigating companies aren’t bound by wellness privateness laws specified arsenic HIPAA contempt the wellness accusation DNA contains. Even if these companies ostensibly committedness to question support earlier utilizing your data, there’s nary warrant that consequent buyers volition grant the aforesaid commitment. Once your familial accusation is retired there, controlling its dispersed becomes astir impossible. It’s often casual to unmask individuals connected familial databases that are technically anonymized.
These risks request a response. While immoderate states person passed familial privateness laws requiring explicit consent for information sharing, these laws often trust connected a notice-and-choice model. This attack places the load connected idiosyncratic consumers who indispensable wade done presumption and conditions, clicking done things conscionable to get to the adjacent page. The empirical probe is wide that we are woefully atrocious astatine managing our ain privacy. In addition, erstwhile you opt into sharing, you exposure the familial accusation of the relatives and household members genetically linked to you — aboriginal generations included — without their consent
We request a paradigm displacement for familial privacy. We aren’t expected to go experts connected food accumulation oregon conveyance manufacturing to spot that determination are minimum standards protecting us. Similarly, we shouldn’t request to beryllium genetic-privacy experts to support our DNA.
Instead, we should beryllium capable to beryllium connected the authorities to modulate unsafe information practices. This should see strict oversight of sharing with 3rd parties, specified arsenic data brokers, that presently get a walk to acquisition and resell our accusation to the government and others.
Even for those who person already taken familial tests, robust regulations could forestall their information from being exploited successful unforeseeable ways, including those enabled by caller technology. Such protections besides would safeguard aboriginal users of familial investigating services, ensuring that curiosity astir one’s ancestry doesn’t travel astatine the outgo of privacy.
Our DNA is the astir idiosyncratic accusation we possess. It’s clip we treated it that way.
Nila Bala is simply a instrumentality prof astatine UC Davis who researches transgression instrumentality and emerging technologies.
English (CA) · 
English (US) · 
Spanish (MX) ·