Consumer Backlash Causes 23andMe, Ancestry and Others to Get Consent Before Sharing DNA Data with Police or Businesses
A handful of genetic testing companies have voluntarily agreed on a set of guidelines to address privacy after backlash concerns from consumers on sharing DNA data, especially since law enforcement now utilizes genealogy websites to crack cases.
23andMe, Ancestry, Helix, MyHeritage, Habit, African Ancestry and FamilyTreeDNA, in collaboration with the Future of Privacy Forum, pledged on Tuesday they would obtain consumers’ “separate express consent” before giving their individual genetic information to businesses and other third parties, including insurers, according to The Washington Post.
However DiversityInc CEO Luke Visconti said he doesn’t trust any of these companies to do the right thing.
“Ancestry.com‘s CEO is from Google,” explained Visconti. “Google sells everything they collect while reading your email and watching what you search for. Note these people list genetic details on their employees, but not for themselves!
“Also note that they apparently don’t know any Black or Latinx executives.
“In light of the history of slavery, colonialism and medical experimentation on minorities, it’s important to understand where a company is coming from.
“With Ancestry.com, I can find no philanthropy, nothing to connect themselves to any sense of responsibility, except platitudes. Remember, these people are from the Silicon Valley culture they don’t think like normal human beings.
“There’s no privacy (for you), everything is for sale and they’re not responsible for the side effects of what they do. The Russians used our product to commit an act of war Oh well.”
Also, if companies solely wish to follow industry-made rules, there’s no guarantee users will always be notified when their information is shared.
“Under the industry-made rules, DNA testing services don’t have to tell their consumers every time their data has been stripped of their identity, combined with others’ genetic information, combed for insights, then turned into statistics, and perhaps shared with a third party for further analysis,” according to The Washington Post.
Companies that agreed to the guidelines set on Tuesday with the Future of Privacy Forum said they would disclose the number of law-enforcement requests they receive each year.
In April, police used a genealogy website called GEDmatch in the case of the Golden State Killer, a serial killer and rapist who was active in the 1970s and 1980s. Police uploaded a decades-old DNA sample to GEDmatch where people share their full genetic information entirely in public. An Oregon man was arrested as a result.
The Verge reports that 23andMe received five requests from law enforcement during the company’s entire history but did not turn over any data. Meanwhile, Ancestry received 34 and provided data in 31 cases.
Under the new guidelines, “companies say they will ‘attempt to notify’ individuals when their data is requested, although they may be blocked from doing so by court gag orders,” according to The Verge.
GEDmatch is not covered by the new privacy guidelines.