What are the risks of sharing DNA?
I'm concerned about the privacy implications of DNA testing services like 23andMe or AncestryDNA. What are the potential risks of sharing our genetic data with those companies, and are there any privacy-focused alternatives available?
The biggest risk of "sharing DNA" is pregnancy.
...I'll show myself out.
I was going to say STDs.
I dunno, me and my boyfriend have been doing sharing almost every day, and neither of us are pregnant. Taking turns, too... 🤔
I can easily imagine a reality where insurance companies have access (intentionally or accidentally) and give you a higher premium because they found something that makes you more predisposed to some ailment.
The above is pure speculation, but it's only one security breach or bag of money away. It's never safe to assume that a your data is 100% secure at a (presumably) benign company. As curious as I am regarding certain aspects of my heritage, the fact that I have no control over what they do with the info is keeping me on the bench.
This is 100% the dystopian reality we are heading for. Maybe not in the near-term future but, there is no way that eventually corporate greed and shareholder gains won't reach a point that this has to become the reality. They are simply leaving too much money on the table by not doing it.
I think our only saving grace is that the laws haven't been defined enough yet to prevent this from happening. But I have to imagine to some degree it already is. Just look at the way driving telemetry is being sold to auto insurance providers in the States already. If the information is out there, someone will get their hands in it and use it to manipulate the price of something.
100% this. They already got caught sharing your health data with Facebook. Don't think they (insurance companies)won't buy DNA data en masse.
Just look at the "monitor your driving for a discount" which th already do.
My insurance company offered $30/year discount if I used their OBDII monitor. Are you effing kidding me? Thirty freakin dollars? I'd need to see a 50% discount before I even considered it.
What always rubbed me the wrong way about those is that they don't see what I'm seeing. Yes, I slam my brakes sometimes, but it's not because I'm driving dangerously. Sometimes animal come out of the blue, and what telemetry might show as dangerous driving could just as easily be me saving them money.
Life insurance companies could conceivably do this already. They sometimes ask for blood tests (among other exams) as a precondition of granting overage.
They often require an exam before they provide coverage, including a blood test (who the hell knows what they do with that?).
I work with genetic data and this sort of stuff is trivially easy to do in an automated way. They could easily run your variants against a known database such as clinvar and broadly deny insurance for a particular pathology if they wanted to.
If they had access to your non-pathogenic variants it also becomes trivially easy to ID you, as non pathogenic variants tend to be random so more likely to ID a person/sample.
In the US that is not legal per the GINA act. Note that that is specific to health insurance. Life insurance can legally use that data. And laws can be broken often with less penalty than the profit made from violating them. And data can be retained much longer than laws exist so the GINA act could be repealed or updated at some point allowing companies to legally use the data already acquired.
23andme already got hacked and 7 million people's private data was compromised:
https://www.theguardian.com/technology/2023/dec/05/23andme-hack-data-breach
I have some family who used them (against my advice), so now that's partly my DNA out there.
You can call me paranoid, but the first thing I thought of when I heard about it was how excited the Nazis would have been to access a database like that when they came into power. Imagine knowing the names and addresses of whatever Undesirables you wanted to single out, and exactly what percentage of "impure" they were. Ethnic makeup information can also be used against you in things like gerrymandering congressional districts to hand select voters and disenfranchise minorities. It's pretty safe to assume that once your genetic profile has been gathered by a private company, it's vulnerable to all sorts of bad actors gaining access and using that information. Would you want the KKK or the Proud Boys knowing just what percentage black you are? No thanks.
The big real-world implication I'm aware of is that law enforcement can match DNA they found somewhere against 23andme's database. Then if you (or any of your relatives!) are in the database because they've ever used 23andme, they'll find that out, and they can use it to investigate or prosecute you.
Whether you think that's a good or a bad thing depends a lot on whether you think the cops should be able to succeed if they get a hold of someone's DNA and are looking for the person to match their sample against... that success is, to me, much more likely to be a good thing than a problem, but that may not be the consensus view here and it's certainly a massive, massive privacy implication.
Well prosecutors and cops are incentivized to get arrests. Whether to pump numbers up for promotions or to use in campaigning. So it wouldn't surprise me if cops turn a cold case into a witch hunt because some partial DNA match in a "private" database gave them a few suspects and then they start to build some case to fit the suspects.
Well prosecutors and cops are incentivized to get arrests. Whether to pump numbers up for promotions or to use in campaigning.
Accurate, and it does impact their decisions in ways that are sometimes pretty bad
So it wouldn't surprise me if cops turn a cold case into a witch hunt because some partial DNA match in a "private" database gave them a few suspects and then they start to build some case to fit the suspects.
What do you think the ratio is of unsolved rapes, to felony cases that were falsified by cops and prosecutors that led to a conviction? I know the second one happened one time in the recent past, and it was a big enough deal that they made a Netflix special about it. I don't know of it happening a second time besides that.
Your clone escapes, hunts you down, kills you, fucks your wife, and replaces you
I like how the clone fucks my wife BEFORE replacing me.
He wants to try before accepting the deal.
You were at work. She thought you came home early and was excited.
It's still you, what's the problem?
I feel like this is a Schwarzenegger movie.
Its called The Island, not Schwarzenegger
Typical Tuesday, really.
At least in some circumstances, the risks of sharing your DNA include having children...
If you’re like me, you could find out at age 38 who your true biological father is, and contact him for the first time. It may spiral you into an identity crisis, wondering if you should change your name and the name of your children. Here’s the thing though, my biological dad didn’t share his DNA. His first cousin did, and I contacted him.
As others have said, because you share your DNA with all of your relatives, it’s already not 100% private. One or more of your relatives has already tested their DNA. The most genetic privacy you can get would be for nobody to know who you’re related to. How tightly do you protect that information? Changing your name would be a good first step.
There's enough DNA registered to find almost literally anyone in the US that way now. It's how they caught the golden state killer. A partial DNA match will narrow down 350,000,000 people to less than 100. Then it's just a matter of gettin' a box of jelly donuts and gettin' down to some good old fashioned police work with a game of Guess Who.
If you're related to anyone that has done a DNA test ever, you're already in the system.
Insurers get hold of it and disqualify you for health, life and disability insurance based on genetic markers.
Someone could build an army of clones of you, launch galactic war, and then you'd be hated all over the galaxy. Assuming you have good genes. Probably they made a bad movie about this.
If someone launched galactic war using clones of me, I'd be laughed at all over the galaxy.
Not if my clones win.
Then I'm the Godking father of the new galactic empire
What was the bad movie?
Battle toads. It was OK.
we already know 99.9% of your DNA, it's over
What about the 0.01%?
a rounding error
In the US, insurance companies cannot discriminate based on your genetic data, contrary to what many people in the comments are saying.
https://www.hhs.gov/hipaa/for-professionals/special-topics/genetic-information/index.html
For now. The US is a victim of legislative capture by corporations and it's possible that in the future lobbying by insurance companies will open the door to them using some of that data.
They're spending a lot of money lobbying inside the Beltway to change that. So far it hasn't worked but it's only a matter of time.
Or what? A slap on the wrist?
“The penalties for noncompliance with GINA range from $300,000 per incident when noncompliance is intentional and a minimum of $2500 to a maximum of $500,000, where noncompliance with the law is unintentional.”
It just comes down to est. profit margin vs. risk and not some ethics about lawfulnes. If they think they can eat the fines/lawsuits then they're going to take higher profits until the hammer drops. Especially if it shows short term gains for a publicly traded company.
That said, genetic data is probably not the biggest indicator of how much an individual will cost an insurance retailer (behavior would be better) and i'm not about to sift through HIPPA law to see all that it covers.
My bias here is based insurance company behavior from back when they could descriminate based on pre-existing conditions as well as how any publicly traded company eventually functions. Etc...
That’s just for health insurance though, not life insurance
If anyone in your family starting at like your second cousin and closer have already done DNA testing then the cats outta the bag on worrying about your privacy.
This. Unfortunately it doesn't matter how careful you are if your boomer parents got curious about whether they're really 1/32 Cherokee or not. Now the data brokers and glowies effectively have a profile on you by association.
Also remember in most western nations the cops don't need a warrant to steal your trash from your bins and profile your DNA, or follow you for days and wait for you to drop a cigarette butt or use a straw at a restaurant.
These services, like most companies will store your data indefinitly, and can be hacked. You cound end up with your name, what ever infromation the service gave you, and contact info on the internet. This is not the end of the world, but something to be aware of.
I would never allow my DNA to be characterized or sequenced outside of a medical setting where strict privacy laws are in place.
https://www.dnasquirrel.com/ provides some guidance on how to get DNA results while maintaining privacy. I haven’t tried it yet, but I’d like to hear if anyone has.
It doesn’t matter if you use a service or not. Someone in your family most likely has DNA on file, either through voluntary submission, like 23andme, or through law enforcement, military government interactions that require submission. Once a family member is on file, it’s easy to ID you. Many crimes have been solved this way. Point being, doesn’t even matter if you try to keep private, if a nation state or three letter agency wants you, you done. If you’re worried about some company having your data just don’t participate in any of them… pretty much all you can do currently.
Forensic data on you is already pretty easy to obtain unless you're taking special effort to avoid it being taken. Also when you get arrested they take whatever biometrics they like. The info on you those DNA testing companies are getting is info already easily available to the government. I guess if you're concerned about your DNA being used to tailor ads to you, not just to criminalise you, it could be an issue, but idk I don't think your DNA can really predict what ads will be effective on you.
All who could have an idea of what to do with it could seek a way to get that data out of every company or gov that have it for their specific reasons, no matter if data was collected lawful or not, or if access to the data is then lawful or not.
For me the latter is actually enough to not willingly give my DNA data to anyone. for no reason. gov might already have it (covid probes had been collected and frozen at least) but actively pushing your data out inzo the world would be insane IMHO.
Laboratories often use Microsoft Windows, Microsoft Active Directory and Microsoft Exchange, thus i personally see no reason to NOT believe that any data they have received once in time would - sooner or later - end up rotating uncontrolled in the hands of uncountable criminals waiting for any chance to make quick or huge money out of it.
I was wondering about this for a while, is there an option to have a dna test like anonymously?
Not really, every for profit, has contracts that they can sell your DNA to anyone they want. AFIK
But if they don't know my name or anything at all? 🤭
Babies, I guess
Just from the title before I read the actual post, my first answer was going to be 18 years.
Those two apparently don't allow law enforcement access to their databses (yet?) even though I seem to remember they do. But others do:
https://www.nytimes.com/2021/05/31/science/dna-police-laws.html