Your DNA, Your Data: Why Protecting Genetic Privacy Is More Important Than Ever

When you send in your DNA to services like 23andMe, you’re sharing more than just your family tree. Your genetic information can reveal a lot about you, but once that data is collected, what happens to it? Who has access, and how is it used?

In recent years, privacy concerns around genetic data have grown significantly, with companies facing increased scrutiny over how they handle personal information. While services like 23andMe promise to give you deeper insights into your genetic makeup, it’s important to understand the potential risks. After all, your DNA is one of the most personal pieces of data you own.

The accountability act highlights the gaps in genetic privacy laws and federal protections, particularly in relation to the Health Insurance Portability and Accountability Act (HIPAA). This underscores the need for more robust legislative frameworks to safeguard personal genetic information.

In this blog, we’ll unpack 23andMe’s data practices, explain how to manage your information, and explore why genetic privacy matters now more than ever.

What Is Genetic Privacy?

Genetic privacy refers to the protection of an individual’s genetic information from unauthorized access, use, or disclosure. With the rise of genetic testing and the widespread collection of genetic data by companies, researchers, and law enforcement agencies, safeguarding this information has never been more critical.

Genetic privacy is essential to prevent genetic discrimination, which can occur when an individual’s genetic information is used to make decisions about their employment, health insurance, or other aspects of their life. As genetic testing becomes more common, understanding how to protect your genetic data is crucial to maintaining your privacy and preventing misuse.

Why It Matters

Your genetic data is one of the most sensitive pieces of personal information you can share. Beyond revealing your ancestry, it holds details about your health risks, predispositions to diseases, and genetic traits. This makes it incredibly valuable—and vulnerable.

Services like 23andMe store and sometimes share this data with third parties. While they claim to protect your privacy, once your genetic information is out there, it can be used in ways you didn’t expect. Data breaches, insurers, or even employers could potentially access this sensitive info.

The Scoop on 23andMe: What Are You Really Sharing?

Beyond the Swab: What You're Really Sharing

It’s easy to get caught up in the excitement of ancestry testing, but you’re also potentially exposing sensitive information. From your physical traits (think: eye color and hair texture) to your predisposition for conditions like Alzheimer’s, heart disease, or cancer, this data can be valuable, but it also comes with risks. Those health insights can expose you to genetic discrimination or lead to privacy issues down the road. Additionally, while health insurance rates are protected from the use of genetic information, disability insurance and long-term care policies are not, raising concerns about how DNA testing may influence insurance decisions and the potential implications for policyholders based on genetic predispositions.

Data Usage: Where Your Information Goes

Here’s the catch: your genetic information doesn’t stay locked up in a lab. Once it’s in the system of a company, it can be used in ways you might not expect. Sure, your test might give you cool insights into your genetic profile or your ability to metabolize certain drugs, but 23andMe also shares this data with third-party researchers.

While some companies promise to anonymize the data they share, there’s still a possibility that your genetic data could be re-identified. Genetic databases are growing every day, and if your DNA sample is matched with other personal information, you might find that your privacy isn’t as secure as you thought. Additionally, there are concerns about genetic data being stored in a database and the potential for unauthorized access, including law enforcement's interest in utilizing these databases for criminal investigations without users’ explicit consent. So, when it comes to genetic testing, the question isn’t just how cool it is to learn about your health—it’s how much you’re willing to expose, and to whom.

Privacy Trade-offs: Entrusting Sensitive Information

By opting into a service like 23andMe, you’re trusting them with a lot of sensitive data—sure, they offer some protections, like anonymizing data and letting you opt-out of research participation, but the reality is that your genetic data is valuable. It can be used for research purposes or even sold to pharmaceutical companies, all in the name of better health studies.

The major data breach experienced by 23andMe, which affected 6.9 million customer accounts and involved stolen passwords, has heightened privacy concerns among customers who are apprehensive about how their genetic data will be handled amidst the company's turmoil and falling stock valuation.

And while companies like 23andMe promise to keep your information secure, there’s always a risk that malicious actors might find a way in.

Genetic testing services like 23andMe operate on a direct-to-consumer model, which means they function outside traditional healthcare regulations such as HIPAA. This raises significant privacy concerns for consumers, particularly regarding the handling of personal DNA data.

Law Enforcement Access

Law enforcement agencies can access genetic data in certain circumstances, such as during a criminal investigation. While this can be a powerful tool for identifying suspects, solving crimes, and preventing future crimes, it also raises significant concerns about genetic privacy. Law enforcement agencies must ensure that they are respecting the genetic privacy of individuals and following legal protocols when accessing and using genetic data. Proper protection of genetic data is essential to prevent misuse and unauthorized access. As consumers, it is important to be aware of the potential for law enforcement access to genetic data and to understand the legal protections in place to safeguard your privacy.

Taking Control: How to Delete Your 23andMe Data

Deleting your 23andMe data isn’t as simple as pressing a delete button. To fully remove your genetic information, there are several steps you must follow, along with some important considerations. Consumers can make formal requests to delete their genetic data from 23andMe, ensuring their information is no longer stored by the company. Here’s how to take control of your DNA privacy.

The Deletion Process: Step-by-Step Guide

If you’re looking to remove your genomic data from 23andMe’s servers, here’s what you need to do:

1. Log Into Your Account: Start by specifically accessing your 23andMe account. You’ll need to enter your login credentials to proceed.
2. Go to Account Settings: Once logged in, head specifically to your account settings. Locate the Privacy section within your settings menu.
3. Request Data Deletion: Find the option to delete your account or your genetic data. You’ll be prompted to confirm your decision.
4. Verify Your Identity: For security reasons, 23andMe may ask you to verify your identity. This typically involves entering your password again.
5. Wait for Deletion: After confirming the deletion, 23andMe will begin the process. It can take up to 30 days for your DNA testing data to be permanently erased from their servers.

Aftermath: What Happens to Your Data Post-Deletion?

Once your genetic data is deleted, there are still some lingering considerations about what happens to that information:

• Research and Studies: If you’ve participated in genetic research, your data may still be used in studies, even after deletion. This is particularly true if you gave consent for your data to be shared with research partners or used for studies involving human subjects. The implications of such information being used in research can be significant, as it may continue to contribute to scientific findings and advancements.
• Data Sharing: Any customer data that has already been shared with third parties (such as pharmaceutical companies or researchers) will not be removed, as 23andMe does not control how these third parties store or use your data.
• Anonymized Data: Even after deletion, some data may remain in anonymized form. This genomic data is used for research purposes and can’t be directly linked to you, but it may still contribute to future genome sequencing studies.

Considerations: Before You Delete, Understand the Implications

Before you proceed with deleting your DNA databases and genetic information, it’s crucial to understand the implications:

• Loss of Reports: Deleting your account means losing any consumer reports or insights you’ve received, including details on your ancestry, health risks, and other genetic traits. You won’t be able to access them once they’re gone.
• Research Participation: If you’ve opted in to participate in studies, deleting your account means you’re withdrawing from those ongoing research studies. You won’t be able to contribute your biological samples or genetic data to future research on genetic testing or whole genome sequencing.
• No Future Updates: Once your data is gone, you won’t receive any future updates regarding your DNA testing results or new insights based on further genomic sequencing advancements.

The Bigger Picture: DNA Data in the Wild West of the Internet

The Federal Trade Commission (FTC) and other regulators have been raising alarms about how sensitive information like genetic data is handled. Without clear state regulation, you could find yourself at the mercy of privacy policies that don’t fully protect you from misuse or exploitation. Your data could even be sold to the highest bidder, leaving you with little recourse if it’s used in ways you didn’t consent to. Additionally, the federal government may request access to genetic data from DNA testing companies for law enforcement purposes, raising further privacy concerns.

So, how can you protect your DNA privacy in this increasingly interconnected world? Here are a few tips to keep your genomic data secure:

1. Review Privacy Policies: Before submitting any genetic data, always read the privacy policies of companies like 23andMe. Understand what data is shared, with whom, and for how long.
2. Opt-Out of Research: Many DNA testing services ask for permission to share your data with research partners. If you’re concerned about your data being used for genetic studies or commercial purposes, consider opting out.
3. Be Mindful of Genetic Databases: Stay aware of how your data might be used in public databases or shared with third parties. Consider whether you’re comfortable with your genetic profile being part of whole genome sequencing studies or DNA databases. The intersection of genetic privacy with criminal law also raises the potential for misuse in criminal investigations, emphasizing the need for careful consideration.
4. Limit What You Share: Only share the amount of data you’re comfortable with. For example, consider whether you really need to provide a saliva sample or if certain aspects of your genetic data are unnecessary for the service.
5. Monitor Your Data: Use tools that allow you to track how and where your data is being shared. Look for services that offer transparency on what happens with your genetic information after it’s been uploaded.

Final Thoughts

Your genetic data is powerful, but it’s also personal. From at-home genetic testing to potential uses in research and criminal investigations, it’s essential to understand where your data goes and how it’s used. By carefully reviewing privacy policies, opting out of research, and monitoring how your information is shared, you can safeguard your DNA privacy. Additionally, consider the implications of genetic privacy on future children, as genetic information can influence decisions about their genetic profiles, raising ethical and legal questions.

As we move further into the digital age, it’s crucial to stay vigilant about the security measures protecting your genomic data. The more informed you are about your rights and how your data is handled, the better equipped you’ll be to make decisions that prioritize your privacy. The power to protect your genetic information lies in your hands—use it wisely. Moreover, be aware of how your genetic data can affect family members, as it can expose sensitive information about their health and genetic backgrounds, raising significant privacy concerns.