It’s pretty remarkable that DNA tests are a normal part of life in the 21st century. For a reasonable fee you can learn all about your ancestry and genetic traits. Of course, mailing saliva to a tech startup so they can analyze your DNA also sounds like a dystopian sci-fi movie. How safe is it to trust these companies with your genetic data?
First, the good news: giving your DNA to a company will not automatically put you in a database where anyone can track you down. The bad news, though, is that it does require you trust each company to abide by their self-imposed rules. Like a lot of data privacy concerns, it’s all a bit nuanced.
23andMe, AncestryDNA, and other popular services
Like a lot of tech companies, 23andMe knows that people are worried about how their data is used and shared, and they spell it out pretty clearly: they don’t share your genetic data with any public databases or law enforcement agencies (unless required by subpoena or warrant, which has yet to happen). And you can also request to delete your data. Ancestry has similar rules and also promises not to share your data with outside parties.
But here’s the thing: at its heart 23andMe is a data company. They’ve even partnered with pharmaceutical giant GlaxoSmithKline for medical research based on all the genetic information they’ve accrued. You don’t have to participate, but you do have to pay attention before clicking “yes” on every form when signing up. And while they also promise not to use your data without consent, Ancestry has research partners as well.
That’s why skeptical people might warn you not to use DNA services. There’s nothing inherently risky happening right now, but these companies are accruing a lot of data and could change their privacy policies whenever they want. Moreover, it’s possible that courts could allow law enforcement officials to search that data in the future.
What about searchable genealogy databases?
You might’ve heard that law enforcement officials found a murder suspect in 2018 by searching for his DNA online. They were using a public database called GEDmatch, which is used by hobbyists and people looking to cast a wider net when searching for relatives. Your genetic data only ends up here if you choose to upload it.
Why would the suspect upload his own DNA? He didn’t. Rather, investigators found a relative of his. That’s another reason why privacy advocates are wary of genetic databases in general: even if you don’t participate, your relatives can connect you indirectly.
The takeaway from all of this is basically that you need to pay close attention to the policies of whichever company you give your DNA to. Don’t treat it like an iTunes user agreement that you click through without reading. You’re giving them your most personal data—literally your genes!—and it’s your decision how much you’re willing to share.