After the arrest of the alleged “Golden State Killer” based on his relatives DNA sample that was submitted to a website called GEDmatch, people are wondering how their own DNA is being handled by ancestry companies like Ancestry.com and 23andMe. It can vary from company to company, but people have much more to worry about than their DNA being used to track down suspects. In fact, the additional privacy issues that you need to be worried about are similar to what you need to worry about when it comes to your Facebook account: third-parties.
According to Tufts Now, the genealogy companies are making some money selling the tests to consumers, but the bulk of the money made is from selling your DNA information to other companies. About 10 percent of ancestry companies destroy your saliva sample once you’ve received your results, while an estimated 50 percent of companies sell your saliva sample or genetic information to third-parties. Even though the samples can be sold without your personal information, it’s possible to de-anonymize the sample and pinpoint who it belongs to.
The companies that buy DNA information include pharmaceutical companies that use it during research and development of new drugs. Some companies that are known to buy genome information are Pfizer and Genentech.
Officials tracked down Joseph James DeAngelo using a relative's DNA sample in a genealogical website database. https://t.co/BGiNckqaYN
— HuffPost (@HuffPost) April 27, 2018
But worst of all, in some cases it’s impossible to know where your information is being sold. Joel Winston, a consumer protection lawyer, elaborated.
“[The ancestry companies are] handing over your information to someone else and when they do they’re disclaiming responsibility for it and you could never find out who those third parties are.”
Other third-parties can include insurance providers and the military because the Genetic Information Non-Discrimination Act is full of loopholes. So even the law that’s supposed to protect people from discrimination based on their DNA, is not effective.
Another probable third-party can also be hackers, as experts warn your genetic information is not bound by HIPAA medical information privacy laws and can be stored in vulnerable databases.
There are many striking resemblances between the handling of sensitive data by ancestry companies and Facebook. Laws are not taking into account the sophisticated nature of new technologies, leaving consumers vulnerable.