Should we be worried about DNA Privacy?
What is more personal than your DNA? The string of A’s, T’s G’s and C’s is almost exclusively personal to an individual and dictates much of what makes you, you. Knowing this, it is understandable that people would be curious to know more about their past and potential future that is locked away in their genetic code. So, as genomic technology and techniques improve, and the associated costs continue to drop, a lucrative industry has grown out of this curiosity. But what are you giving up in return?
Over the past decade, the popularity of at-home DNA testing has increased dramatically, with reports in 2019 estimating that over 26 million people have submitted their DNA for testing (1). Companies such as 23 and me and Ancestry have now become billion-dollar companies; however, only a proportion of this revenue comes from their customers wanting to learn more about their DNA.
So how do these companies work?
Well, it turns out much of the work of mapping the human genetic code has already been done, in 2003 the human genome project mapped almost the entire human genetic code, and it turns out the majority of this code is identical from human to human (99.9% of it), so all these companies need to do is find the 0.1% that is unique to you (2). So, when an individual’s DNA is tested, all that these companies are doing is scanning through the genetic code and determining where along these chains, a single letter in the genetic code has been changed (Single nucleotide polymorphisms- SNPs). The location and the type of mutation that occurs at each of these SNPs is then compared with the company’s massive genetic reference library, and using this information a prediction of where your ancestors came from can be created, based on a single, or group, of these SNPs.
To many people who are sent off for these tests, the results are highly awarding, providing insights into families they never knew about, shedding light on crucial medical information, or just learning more about where you come from. But it does raise a few other questions; like, who owns your DNA? And do you have much say in what is done with this information after you send it away for testing?
The answer to both of these questions may surprise you. In a 2013 Superior court hearing, Judges in the USA decided that DNA cannot be patented, meaning that neither you nor anyone else can own DNA(3). Although it is illegal to take a person’s DNA without consent (with the exception of the police if you are suspected of committing a crime), if you agree to the terms and conditions and freely give up a DNA sample for testing, the company doing the testing DOES own that sample, and the information they are able to obtain from it. Subsequently, these companies are allowed to share or even sell this information to third-party companies, including genomic testing facilities, medical research institutes, online genetic databases, and even law enforcement and government groups; this is in fact a second major part of the company’s revenue stream. The fact that customer’s information could be shared is detailed in the terms and conditions of the testing process, however, in a study conducted by Raz et al (2020), 23 and Me customers were surveyed about their awareness of the twin-sided business models these testing companies use, as well as their thoughts about consent. The results of these surveys showed that although 68% of respondents were aware that these companies could store their genetic information without their consent, more than 40% were unaware of the fact that sharing and selling the information gathered through this DNA testing was actually a part of these companies business model.
But, aside from a few issues surrounding data transparency within companies such as 23 and me and Ancestry, everyone who submitted DNA samples to be tested by these organisations did consent and freely gave away their genetic data, but are there any further ethical concerns with this trend?
As more and more people submit their DNA, the genetic privacy of everyone else could be put at risk. Using data collected via these DNA testing kits, any individual can be identified using genetic data from a family member as distant as a third cousin, and in fact in any population that shares some common ancestry, having genetic data from just 2% of that population could make any individual identifiable, via a third cousin or closer family member (5).
This is not some far-off, sci-fi idea that could potentially happen way in the future, online DNA databases have been used in the United States. Perhaps the most famous example is the apprehension of a serial rapist and murderer, active during the ’70s and ’80s, known as the “Golden State Killer”. Police forces acquired DNA evidence from crime scenes, but could not match this to any specific individual within their own criminal database. So, in 2018, investigators uploaded this genetic profile to an online database (GED match), a website where individuals can upload their own information collected from DNA testing kits such as Ancestry. This site is free to access and searchable, meaning that anyone can compare a sample of DNA with anyone else within the database. And after creating a fake account and uploading their sample, investigators found a partial match. This individual was related to the person who committed these crimes, and whose DNA shared a lot of the same SNPs as the suspect they were looking for, identified using a process called long-range familial search. Using this information, investigators were able to narrow down their search to a single lineage or family tree, and shortly afterwards, the rapist and murderer were apprehended, almost 50 years after the crimes were committed.
This instance does show the tremendous potential that such a resource DNA could have, resulting in one less murderer on the streets, and I am sure that most of you reading this are not planning on trying to get away with a murder anytime soon (I hope). However, these practices could have ethical implications for those who just wish not to have their genetic information made freely available. And, as more and more people voluntarily take these tests and upload their information, it also puts at risk those who have decided not to. We all hear so much about online security, and how we need to protect the mass of personal information; well soon we may need to be more concerned about our genetic information as well. Imagine all the DNA you leave anywhere you go (shedding skin and hair, saliva etc), and what could happen if someone gained access to the genetic data contained within this sample. This ne’er-do-well could then potentially use this, alongside other freely (or not freely) available data to potentially find out your medical history, or discriminate against you. Also, these genetic tests are not perfect, so it could also result in you being implicated in a crime you did not commit, due to a false positive match.
This may sound a little far-fetched or even conspiratorial, but a lot of negative consequences have come from the good intentions of others, and the existence of people who are willing to exploit this. In fact, a lot of socio, technological and ethical research is being conducted on how best we should approach a future where genetic security is a real issue.
1.Regalado, A. (2020, June 18). More than 26 million people have taken an at-home ancestry test. MIT Technology Review. Retrieved August 8, 2022, from https://www.technologyreview.com/2019/02/11/103446/more-than-26-million-people-have-taken-an-at-home-ancestry-test/
2. Ahmed Z, Zeeshan S, Mendhe D, Dong X. Human gene and disease associations for clinical-genomics and precision medicine research. Clin Transl Med. 2020 Jan;10(1):297–318. doi: 10.1002/ctm2.28. PMID: 32508008; PMCID: PMC7240856.
4. Aviad E. Raz, Emilia Niemiec, Heidi C. Howard, Sigrid Sterckx, Julian Cockbain & Barbara Prainsack (2020) Transparency, consent and trust in the use of customers’ data by an online genetic testing company: an Exploratory survey among 23andMe users, New Genetics and Society, 39:4, 459–482, DOI: 10.1080/14636778.2020.1755636
5. Erlich Y, Shor T, Pe’er I, Carmi S. Identity inference of genomic data using long-range familial searches. Science. 2018 Nov 9;362(6415):690–694. doi: 10.1126/science.aau4832. Epub 2018 Oct 11. PMID: 30309907; PMCID: PMC7549546.