A Primer on Genetic Privacy
Image credit geneticliteracyproject.org
Have you spent time tracing the branches of your family tree? According to an article in Time Magazine, genealogy has become the “second most popular hobby in the U.S. after gardening” and represents a billion-dollar industry. Our obsession with ancestry has driven us to seek proof of our past and—in the case of genetic testing—potentially help us glimpse our future.
But in our journey for self-knowledge, we share a large quantity of information. This is especially the case when we share our DNA with startups eager to help us find our hidden connections and heritage. Who else should have access to this knowledge? How should it be used? For privacy advocates, there are profound questions around genetic privacy.
Defining Genetic Privacy
The World Privacy Form defines genetic privacy as “the complex set of issues surrounding how DNA information about individuals is handled and used.” Once DNA samples are acquired by a company, there are many valid questions pertaining to how the information is stored, who has access to the material, and the possibility of “anonymized” information being relinked to the donor. Additionally, complex consent issues are attached to DNA information. A donor may potentially reveal information about blood relatives without their knowledge or consent.
Genetic privacy also confronts the possibility of discrimination, especially in terms of insurance and employment. It’s important to define how genetic material may be used, especially in research and marketing beyond the initial scope of an individual’s request.
Best Practices for Genetic Testing Services
In a positive gesture towards genetic privacy, the Future of Privacy Forum has recently partnered with several genetic testing services to develop best practices for genetic privacy. The goal is to promote transparency in the process, provide consumers with choices about how their genetic information is used, and upgrade consumer protections by requiring consent for release. (The complete PDF is available here: “Privacy Best Practices for Consumer Genetic Testing Services.”)
Part of the drive for these best practices is the result of the recent high-profile manhunt for the Golden State Killer. According to the Washington Post,
“Investigators identified the suspect using a decades-old DNA sample obtained from the crime scene, which they uploaded to GEDmatch, a crowdsourced database of roughly a million distinct DNA sets shared by volunteers.”
Investigators argued they did not need a court order to upload the data to GEDmatch.
Compliance with the proposed best practices is voluntary, and some are wary that companies will find lucrative incentives to leverage the massive DNA databases they have on file. In fact, a recent partnership between 23andMe and GlaxoSmithKline has privacy advocates concerned. In a search for Parkinson’s disease treatments, GSK will use five million 23andMe records to conduct research. It is also reported GSK has made a $300 million investment in the genetic testing company as part of the partnership.
While there may be significant good as a result of these sorts of partnerships, is this arrangement aligned with best privacy practices? Many believe there is risk to users in these companies sharing aggregated genetic data.
Our Quantified Selves
Genetic privacy is a vital issue in the ongoing effort to protect privacy as a human right. Much like biometric data and facial recognition databases, our DNA is uniquely ours. We should have a say in how our information is used, especially when those uses might restrict our freedoms or limit our opportunities without our knowledge.
Keep an eye on genetic privacy, and be mindful of what else you’re offering when you’re searching for your roots.
#FutureofPrivacyForum #23andMe #quantifiedself #geneticprivacy #DNA