Your DNA is a valuable asset, so why give it to ancestry websites for free? | Laura Spinney

DNA testing companies are starting to profit from selling our data on to big pharma. Perhaps they should be paying us

The announcement by 23andMe, a company that sells home DNA testing kits, that it has sold the rights to a promising new anti-inflammatory drug to a Spanish pharmaceutical company is cause for celebration. The collected health data of 23andMe’s millions of customers have potentially produced a medical advance – the first of its kind. But a few weeks later the same company announced that it was laying off workers amid a shrinking market that its CEO put down to the public’s concerns about privacy.

These two developments are linked, because the most intimate data we can provide about ourselves – our genetic make-up – is already being harvested for ends we aren’t aware of and can’t always control. Some of them, such as better medicines, are desirable, but some of them should worry us.

Launched in Silicon Valley in 2007, 23andMe offers genetic tests “direct-to-consumer” (DTC) – that is, independently of any healthcare system. The company collects genetic information about people, as well as information about their health, behaviour and much more besides. This allows it to identify links between certain genes and, say, a disease, and then – through its therapeutics division – to develop drugs that interfere with the action of disease-causing genes.

Companies such as 23andMe have proliferated over the past decade, feeding people’s hunger to know who and where they come from, and what diseases their genes might predispose them to. Over that time, it has gradually become clear that the main source of revenue for at least some of these companies comes from selling the data on to third parties.

Some DTC companies, such as 23andMe, are transparent about the sharing of data. When you sign its contract, you are asked if you consent to your data being used for research, and roughly 80% of 23andMe’s customers do. Other companies are less forthcoming. A 2016 survey showed that only a third of the 86 companies then offering genetic testing services online explained to customers how their data would be used.

The trouble is, a health tech company is not a doctor. It doesn’t take the Hippocratic oath, and the patient – or customer – is not the person whose wellbeing it is most concerned about. It is not obliged to talk you through its terms and conditions, and it could change these at any time – though in some jurisdictions this may void your consent. You can also withdraw your consent at any time, but that withdrawal generally takes time to come into effect, and in the meantime your data may have been passed on – after which it is harder to get it back. Erasing it entirely is harder still.

And what rights do the customers have over the product developed from their data? DTC companies are far from the only ones collecting sensitive data about you. National health systems, health insurers and, increasingly, social media providers are too. It’s already being used in research designed to improve our health and wellbeing, and there is a legitimate question to be asked about compensation. 23andMe, for example, asks its customers to waive all claims to a share of the profits arising from such research. But given those profits could be substantial – as evidenced by the interest of big pharma – shouldn’t the company be paying us for our data, rather than charging us to be tested? There are echoes of Henrietta Lacks here, the African-American woman whose cells became a workhorse of biomedical research after she underwent a biopsy in 1951, and who was never compensated (nor did she give her consent, but that was allowed under US law at the time).

The larger issue, though, is that with all of these databases there is ambiguity about who has access to them, and for what purposes. Besides pharmaceutical companies, others who might want such access include insurance companies, individuals involved in paternity or inheritance disputes, and law enforcement agencies. 23andMe states that it does not grant access to the police, but other companies – such as FamilyTreeDNA – boasts that it does. A suspect accused of being California’s notorious Golden State Killer was finally arrested in 2018 after investigators matched a DNA sample from a crime scene to the results of DTC testing uploaded on to a public genealogy site by a relative of his. Government-run biobanks have also granted access to police. This was how a conviction was secured against Swedish foreign minister Anna Lindh’s assassin in 2004. And experts speculate that in future, biological data could be used for identifying terrorist suspects, tracking military personnel, and the rationing of treatment in overstretched health systems.

National legislation varies widely across Europe, with respect to DTC genetic testing. France and Germany essentially ban it, unless done under medical supervision and consumers can be fined for ordering tests outside a clinical setting, while Luxembourg and Poland allow it with minimal restrictions – though, of course, any restrictions are difficult to police for tests bought online. The UK is somewhere in the middle, allowing the tests but insisting on informed consent. The European Union’s General Data Protection Regulation (GDPR), which came into effect in 2018, imposes strict requirements on secondary use of data, and it applies to any company in any jurisdiction that targets EU-based individuals for goods or services. Those individuals strip away their own GDPR protection, however, when they contact foreign companies that don’t explicitly target them. The UK recently signalled that it will not remain aligned with the GDPR after the Brexit transition period.

These are the privacy concerns that may be behind layoffs, not only at 23andMe, but also at other DTC companies, and that we need to resolve urgently to avoid the pitfalls of genetic testingwhile realising its undoubted promise. In the meantime, we should all start reading the small print.

• Laura Spinney is a science journalist, novelist and author


Laura Spinney

The GuardianTramp

Related Content

Article image
DNA ancestry tests may look cheap. But your data is the price | Adam Rutherford
Do customers realise that genetic genealogy companies profit by amassing huge biological datasets, asks geneticist and author Adam Rutherford

Adam Rutherford

10, Aug, 2018 @4:59 AM

Article image
A radical proposal to keep your personal data safe | Richard Stallman
The surveillance imposed on us today is worse than in the Soviet Union, says president of the Free Software Foundation, Richard Stallman

Richard Stallman

03, Apr, 2018 @11:05 AM

Article image
Black history has much to reveal about our ancestors – and ourselves | Sada Mire
In pursuit of a peaceful society, it is important that we record all perspectives of our complex human story, says academic Sada Mire

Sada Mire

30, Oct, 2018 @6:00 AM

Article image
Barbra Streisand’s dog cloning is a modern tragedy. Pets are meant to die | Stuart Heritage
To own an animal is to learn about the inevitability of dying – not that loved ones can be replicated in a lab if we cough up enough cash, writes Guardian columnist Stuart Heritage

Stuart Heritage

02, Mar, 2018 @10:39 AM

Article image
Has WhatsApp become a potential career assassin? | Afua Hirsch
The app helped connect me to an inspiring sisterhood. But the case of police officer Robyn Williams is a warning, says Guardian columnist Afua Hirsch

Afua Hirsch

06, Dec, 2019 @6:30 AM

Article image
The Cambridge Analytica saga is a scandal of Facebook’s own making | John Harris
Facebook has worked tirelessly to gather as much data on users as it could – and to profit from it, says Guardian columnist John Harris

John Harris

21, Mar, 2018 @11:33 AM

Article image
How afraid of human cloning should we be? | Philip Ball
The creation of two monkeys brings the science of human cloning closer to reality. But that doesn’t mean it will happen, writes science writer Philip Ball

Philip Ball

25, Jan, 2018 @2:33 PM

Article image
Genetically modifying future children isn’t just wrong. It would harm all of us | Marcy Darnovsky
Genome editing for human embryos is an unnecessary threat to society, says Marcy Darnovsky of the Center for Genetics and Society

Marcy Darnovsky

17, Jul, 2018 @2:25 PM

Article image
Zuckerberg got off lightly. Why are politicians so bad at asking questions? | Jonathan Freedland
Senators let Facebook’s founder off the hook – but that’s got nothing to do with them being tech dinosaurs, says Guardian columnist Jonathan Freedland

Jonathan Freedland

11, Apr, 2018 @1:03 PM

Article image
Behind this Nobel prize is a very human story: there’s a bit of Neanderthal in all of us | Rebecca Wragg Sykes
Svante Pääbo deserves his accolade – palaeogenetics is an expanding field that tells us who we are, says archaeologist Rebecca Wragg Sykes

Rebecca Wragg Sykes

10, Oct, 2022 @5:00 AM