Politics

/

ArcaMax

Commentary: The risks of sharing your DNA with online companies aren't a future concern. They're here now

Nila Bala, Los Angeles Times on

Published in Op Eds

Turmoil at 23andMe, a company offering popular at-home DNA testing, has upset the industry. Following the resignation of every independent member of the company’s board of directors, its chief executive, Anne Wojcicki, expressed openness to selling the company and its database of around 15 million customers, raising concerns about the misuse of genetic data.

Although Wojcicki has since said she is focused on taking 23andMe private, the data-sharing risks raised by DNA testing and matching companies are already here. A class-action lawsuit filed in August alleges that the operator of GEDmatch.com, a genealogy site that claims to have a database of more than 1 million members, has been sharing users’ information with Facebook. This revelation should alarm us all.

GEDmatch stands apart from companies such as 23andMe. It’s an open, crowdsourced database that anyone can search. Founded in 2010, it emerged as a tool for genealogy enthusiasts to upload DNA results and connect with relatives. It gained notoriety when law enforcement officials announced in 2018 that they had used the service to identify the Golden State Killer.

Initially, the site’s users consented to share DNA to solve only cases of murder and rape. However, GEDMatch co-founder Curtis Rogers unilaterally made an exception to the policy for an assault case. The resulting backlash led to Rogers and his partner making users unsearchable to law enforcement by default; they could opt in to searches if they chose. But later that year, the line between hobbyist’s tool and crime-solving platform blurred further when Verogen, a for-profit forensic sequencing company with government ties, acquired GEDmatch. (Verogen has since been acquired by the multinational company Qiagen.) And last year, reports surfaced that a loophole gave law enforcement agencies access to GEDmatch users who did not consent to those searches.

The August lawsuit alleges that GEDmatch has been secretly sharing users’ genetic information using Meta Pixel, a tracking code embedded in websites, essentially wiretapping users’ interactions. If the allegations are true, that means Facebook could see whether you have taken a genetic test — and could track links you click on to learn more about your DNA, such as, “Are your parents related?” or a comparison tool detailing chromosome matches, or a tool to explore DNA segments linked to physical traits and medical information.

The implications of genetic data breaches are staggering: This information can reveal sensitive information about a person’s health and other characteristics. In the wrong hands, it carries profound risks. For example, it can lead to discrimination in schools, housing and disability insurance (all areas not covered by the federal Genetic Information Nondiscrimination Act), or to the creation of biological weapons that use DNA to kill a targeted individual. Unlike a compromised password or credit card number, genetic information cannot be changed.

Moreover, your DNA reveals information about not just you but also your family. Even if you’ve never taken a DNA test, if a relative has, your privacy may already be compromised. Research suggests that 90% of white Americans can be identified on genealogy websites even if they’ve never submitted their own DNA.

DNA commodification is no longer a future concern; it’s a present reality. Beyond charging users for their services, some companies have explored selling their data and giving consumers a small cut of the profits or offering other financial incentives to hand over the lucrative samples.

Through a merger, acquisition, sale of assets or bankruptcy, companies could monetize the treasure trove of DNA they have collected. The privacy policies of 23andMe and GEDmatch both make clear that if the companies are sold, a user’s personal information can be transferred as part of that transaction.

The involvement of tech giants such as Facebook adds another layer of concern. Facebook’s business model revolves around sharing information with many third parties. Unlike medical providers, genetic testing companies aren’t bound by health privacy laws such as HIPAA despite the health information DNA contains. Even if these companies ostensibly promise to seek permission before using your data, there’s no guarantee that subsequent buyers will honor the same commitment. Once your genetic information is out there, controlling its spread becomes nearly impossible. It’s often easy to unmask individuals on genetic databases that are technically anonymized.

 

These risks demand a response. While some states have passed genetic privacy laws requiring express consent for data sharing, these laws often rely on a notice-and-choice model. This approach places the burden on individual consumers who must wade through terms and conditions, clicking through things just to get to the next page. The empirical research is clear that we are woefully bad at managing our own privacy. In addition, when you opt into sharing, you expose the genetic information of the relatives and family members genetically linked to you — future generations included — without their consent

We need a paradigm shift for genetic privacy. We aren’t expected to become experts on food production or vehicle manufacturing to trust that there are minimum standards protecting us. Similarly, we shouldn’t need to be genetic-privacy experts to protect our DNA.

Instead, we should be able to depend on the government to regulate unsafe data practices. This should include strict oversight of sharing with third parties, such as data brokers, that currently get a pass to purchase and resell our information to the government and others.

Even for those who have already taken genetic tests, robust regulations could prevent their data from being exploited in unforeseeable ways, including those enabled by new technology. Such protections also would safeguard future users of genetic testing services, ensuring that curiosity about one’s ancestry doesn’t come at the cost of privacy.

Our DNA is the most personal information we possess. It’s time we treated it that way.

____

Nila Bala is a law professor at UC Davis who researches criminal law and emerging technologies.

_____


©2024 Los Angeles Times. Visit at latimes.com. Distributed by Tribune Content Agency, LLC.

 

Comments

blog comments powered by Disqus

 

Related Channels

ACLU

ACLU

By The ACLU
Amy Goodman

Amy Goodman

By Amy Goodman
Armstrong Williams

Armstrong Williams

By Armstrong Williams
Austin Bay

Austin Bay

By Austin Bay
Ben Shapiro

Ben Shapiro

By Ben Shapiro
Betsy McCaughey

Betsy McCaughey

By Betsy McCaughey
Bill Press

Bill Press

By Bill Press
Bonnie Jean Feldkamp

Bonnie Jean Feldkamp

By Bonnie Jean Feldkamp
Cal Thomas

Cal Thomas

By Cal Thomas
Christine Flowers

Christine Flowers

By Christine Flowers
Clarence Page

Clarence Page

By Clarence Page
Danny Tyree

Danny Tyree

By Danny Tyree
David Harsanyi

David Harsanyi

By David Harsanyi
Debra Saunders

Debra Saunders

By Debra Saunders
Dennis Prager

Dennis Prager

By Dennis Prager
Dick Polman

Dick Polman

By Dick Polman
Erick Erickson

Erick Erickson

By Erick Erickson
Froma Harrop

Froma Harrop

By Froma Harrop
Jacob Sullum

Jacob Sullum

By Jacob Sullum
Jamie Stiehm

Jamie Stiehm

By Jamie Stiehm
Jeff Robbins

Jeff Robbins

By Jeff Robbins
Jessica Johnson

Jessica Johnson

By Jessica Johnson
Jim Hightower

Jim Hightower

By Jim Hightower
Joe Conason

Joe Conason

By Joe Conason
Joe Guzzardi

Joe Guzzardi

By Joe Guzzardi
John Micek

John Micek

By John Micek
John Stossel

John Stossel

By John Stossel
Josh Hammer

Josh Hammer

By Josh Hammer
Judge Andrew Napolitano

Judge Andrew Napolitano

By Judge Andrew P. Napolitano
Laura Hollis

Laura Hollis

By Laura Hollis
Marc Munroe Dion

Marc Munroe Dion

By Marc Munroe Dion
Michael Barone

Michael Barone

By Michael Barone
Michael Reagan

Michael Reagan

By Michael Reagan
Mona Charen

Mona Charen

By Mona Charen
Oliver North and David L. Goetsch

Oliver North and David L. Goetsch

By Oliver North and David L. Goetsch
R. Emmett Tyrrell

R. Emmett Tyrrell

By R. Emmett Tyrrell
Rachel Marsden

Rachel Marsden

By Rachel Marsden
Rich Lowry

Rich Lowry

By Rich Lowry
Robert B. Reich

Robert B. Reich

By Robert B. Reich
Ruben Navarrett Jr

Ruben Navarrett Jr

By Ruben Navarrett Jr.
Ruth Marcus

Ruth Marcus

By Ruth Marcus
S.E. Cupp

S.E. Cupp

By S.E. Cupp
Salena Zito

Salena Zito

By Salena Zito
Star Parker

Star Parker

By Star Parker
Stephen Moore

Stephen Moore

By Stephen Moore
Susan Estrich

Susan Estrich

By Susan Estrich
Ted Rall

Ted Rall

By Ted Rall
Terence P. Jeffrey

Terence P. Jeffrey

By Terence P. Jeffrey
Tim Graham

Tim Graham

By Tim Graham
Tom Purcell

Tom Purcell

By Tom Purcell
Veronique de Rugy

Veronique de Rugy

By Veronique de Rugy
Victor Joecks

Victor Joecks

By Victor Joecks
Wayne Allyn Root

Wayne Allyn Root

By Wayne Allyn Root

Comics

John Cole Christopher Weyant Darrin Bell Peter Kuper Lee Judge Jack Ohman