“It’s not Personal” — DNA, Privacy, and Direct to Consumer Genetic Testing

Your DNA defines you as a unique human being. Unless you have a genetically identical sibling, your DNA is yours alone, a genetic map of proclivities for disease, personal traits, and physical similarities to your biological family members who both lived before you and who may exist after you are gone. While your fingerprints may also uniquely identify you, your DNA tells the rich story of your genetic inheritance and how you resemble and differ from other humans.

Yet, in an interview study I conducted in 2017, I found that as a group, these willing customers of one direct-to-consumer genetic testing (DTCGT) service thought their DNA was far less personal than the queries they shared with their online search providers. I will be presenting these findings, entitled ‘“Becoming Part of Something Bigger”: Direct to Consumer Genetic Testing, Privacy, and Personal Disclosure’, at the 22nd ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW) on Wednesday, Nov. 13 in Austin, Texas. This exploratory study, which comprised a portion of my dissertation research (filed in May 2018 at U.C. Berkeley), consists of qualitative interviews with ten customers of the online genetic testing service 23andMe. This research is some of the first in the field to delve into the knowledge and concerns related to the privacy expectations of consumers who have electively taken a DTC genetic test.

An Exploratory Approach

To date, there is little research examining what DTCGT consumers know about the potential privacy risks of genetic testing, as well as what their expectations are with the experience. To explore these questions I conducted a qualitative study, using hour-plus long interviews with a diverse group of participants to probe their experiences with genetic testing: why they sought it out, what they learned from it, and how they benefited from the experience. I also asked them about any concerns they might have with genetic testing, why they trusted the company they used, and what risks they thought, if any, genetic testing might pose for them. 

Key Findings

The participants were generally enthusiastic about their experiences with 23andMe. Most felt that they gained useful insights about themselves, their potential for developing genetic diseases, and their familial relationships from the service. Some, for example, used the service to find unknown genetic relatives, or to explore questions of ethnic ancestry. A primary motivator for many of the participants was the opportunity to contribute to 23andMe’s research efforts, which most assumed provided a benefit for society through public health focused research. I discuss below some issues with that assumption.

Several of the participants expressed privacy concerns, though they were discussed in theoretical terms, such as if the company began selling their genetic data without their permission, or used it for a different purpose than what was originally specified.  Interestingly, most of the participants believed their DNA was not highly personal information because it didn’t reveal the parts of themselves that they considered to be highly personal, such as their emotions, interests, or personality traits. Most also assumed that their genetic data was anonymized, and that the company wasn’t interested in their data at an individual level but rather as group contributions to 23andMe’s genetic database. Unfortunately, these interviews were conducted before the Golden State Killer story broke in 2018, and the resulting press covering law enforcement interest in using DTCGT services to identify criminal offenders might have increased the immediacy of some of the participants’ privacy concerns. As I will discuss below, overall the participants lacked an understanding of both individual and societal level risks to privacy that commercial genetic databases pose. In sum, with few salient examples to draw from and little awareness of the more complex and abstract privacy threats posed by DTCGT, the participants accepted the company’s framing and portrayal of DTCGT with little critical analysis.

Genetic Testing - A Privacy Expert’s View

My motivations for this study stemmed from my own and other experts’ concerns (e.g., https://doi.org/10.1038/nrg3723; https://dnasec.cs.washington.edu/genetic-genealogy/ney_ndss.pdf; https://doi.org/10.1126/science.aau4832)  with the use of consumers’ genetic data for non-medical purposes. Today, the DTCGT marketplace is largely unregulated in the U.S. While one law exists (GINA, the Genetic Information Non-Discrimination Act) to prevent employers and health insurers from using one’s genetic testing results to discriminate against individuals, no laws explicitly regulate the use of consumers’ genetic data by DTCGT companies for genealogy matching and ethnic composition (Note: 23andMe’s use of customer data to provide disease-related health risks is regulated by the FDA). Further, there are no limitations on what these companies might do with consumers’ data in the future. This is a particular concern with 23andMe, which partners with a range of consumer products and pharmaceutical companies (in addition to academic and non-profit research partners, such as Stanford University, my employer). While 23andMe customers may opt-in to the company’s research platform, unless they have a match for a particular genetic disease study they cannot elect which specific research study they might wish to contribute their data, meaning their DNA might be used to develop a new drug or a new consumer product. In either scenario, the customer will have paid the company for this privilege with no guarantee of any benefit in turn, and certainly no compensation. Ultimately, all DTCGT customers have to rely upon are the promises of these companies as to whether they will elect to treat their customers’ data with respect and refrain from selling it or using it for marketing purposes down the line.

Complexity and Risk

Understanding the privacy risks of DTCGT is a challenge in part because it’s a complex topic, and many of the risks are abstract and future-centric. In addition to the lack of current regulation in this space, privacy experts are concerned about:

• DNA’s unique identifiability: Despite my participants’ beliefs that their DNA isn’t personal, DNA is uniquely identifiable, as well as identifiable through family relationships with both immediate and distant relatives. This is why law enforcement was able to identify the Golden State Killer through a match with a third cousin even though the killer himself had never submitted his own data to a DTCGT service.
• Potential for discrimination: While GINA presently protects us from discrimination by employers and health insurers in the U.S., the law simply does not go far enough. It does nothing to protect the public from discrimination by other commercial services, including other forms of insurance (such as long term health insurance), or the use of genetic data for other forms of social sorting, such as identifying consumers on the basis of disease characteristics and targeting or excluding them from marketing campaigns.
• Target for Law Enforcement: The Golden State Killer case opened the door to greater law enforcement interest in forensic genealogy, relying in part on DNA matching to identify criminal suspects. Allowing governmental access of consumer databases without sufficient cause or opt-in from existing customers, as some DTC genetic databases have, creates an environment where members of the public are subject to police search without consent. Further, while some authorities used commercial databases as an option of last resort for cold cases involving horrific crimes, others submitted DNA samples for far lesser crimes.
• Loss of Anonymity and Consent: As identified by Erlich et al in Science, contributions to these databases will make it possible to individually identify nearly all Americans of European descent through relational ties in the next five years, whether or not they have contributed their DNA. In short, individuals are making decisions about their genetic data that impact all of their living and future relatives without considering the consequences or a solid regulatory framework in place to prevent abuse. These individual decisions have a major impact on how we define privacy as a social, collective level. 

Implications

While large scale DNA databases can hold immense promise for public health research, what becomes quickly clear is that who owns them and who controls them matters. In the wrong hands, DNA can become a tool of discrimination and social control, as we are currently witnessing in China today in the country’s efforts to identify and control their Muslim Uighur population. Some legal scholars are arguing that existing law in the U.S. is inadequate to protect consumer genetic data; my colleague Professor Jasmine McNealy argues that we may need to think about new legal structures, such as genetic trusts, to hold and manage genetic data. In sum, allowing DTCGT companies to continue to grow and map human relationships without some restrictions on how they collect, store, and use genetic data poses not only individual risks to privacy, but given the inherently networked properties of genetic data, also to society at large. Given how little the public knows today about these issues when making decisions to participate, we are negligent to allowing people to make participation decisions without providing more education about the potential risks, as well as holding these decisions to a higher standard of consent.

Acknowledgments

Many thanks to Al Gidari, Jasmine McNealy, Deirdre Mulligan, Coye Cheshire, and Rena Coen for their support and feedback with this project.