Taking do-it-yourself DNA tests from providers found online is a growing trend nowadays, as, by the end of the decade, the direct-to-consumer lab testing market is expected to reach $350 million.
Some of the purposes for these DNA tests are finding out where one’s ancestors come from, what health dangers are hidden in our genes or even if a child is truly ours.
Why is this happening, though? Why are people, suddenly, looking for their origins? Perhaps they feel that in an increasingly globalized world, we, as individuals are losing our identities and need to belong to a group or maybe it’s quite the opposite: we want to stand out from an apparently homogenous society.
Regardless of our reasons for taking these tests, though, one thing is clear. As for anything that’s too good or simple to be true, there are risks involved.
We are not talking about the accuracy of these tests, because others, more qualified on the matter, have tackled this subject thoroughly.
We are however discussing something one should always be careful about: online privacy.
Why would anyone be interested in your genetic data?
Your genetic data reveals precious information about you, more precious than you think. Drug companies, insurers and sometimes police would love to have a sneak peek into those.
Once you put your cheek swab in the mailbox, you are willingly sending a valuable copy of your genetic data to a group of strangers who can do as they please with your information. You may have signed a privacy agreement, but since this is a commercial service and not an academic research project, things can change overnight, as companies get bought, and your data could get sold along with that transaction.
One quite controversial example is genealogy company Ancestry.com, criticized for continuing to keep customers’ DNA data. Even though the company recently rephrased a much disputed “perpetuity clause” in its T&Cs, in practice, it turns out that users’ DNA records are still not deleted unless requested.
How is this possible legally?
According to the office of the Information Commissioner, the UK’s data protection watchdog, Ancestry has complied with current rules, which do not force companies to regularly delete individuals’ DNA profiles.
Then there’s also the Health Insurance Portability and Accountability Act (HIPAA), a 1996 US federal law that allows medical companies to share and sell patient data if it has been “anonymized,” or scrubbed of any obvious identifying characteristics. But if genetic data does fall into the wrong hands, it’s relatively easy for them to de-anonymize it.
This loophole has turned out to be highly profitable. For instance, 23andMe has sold access to its database to at least 13 outside pharmaceutical firms. AncestryDNA recently announced a lucrative data-sharing partnership with the biotech company Calico.
What’s there to do?
Given these circumstances, some security-concerned users have asked the DNA testing companies to delete their records. But can we absolutely be sure that they will do so? Just think of trying to erase your online presence and how something always gets left behind.
Also, it’s always better to prevent than cure – that is also the reason why we encourage everyone to use CyberGhost VPN, thus preventing having our online activities and even identities spied on, or worse stolen.
Therefore, maybe you should think twice before taking a quite pricy online DNA test and, as an alternative, consider a more trustworthy option, backed by various certifications and bulletproof terms and conditions that clearly state your sole ownership of the revealed genetic information.