this post was submitted on 02 Oct 2024
265 points (98.5% liked)

Privacy

32156 readers
945 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

23andMe is not doing well. Its stock is on the verge of being delisted. It shut down its in-house drug-development unit last month, only the latest in several rounds of layoffs. Last week, the entire board of directors quit, save for Anne Wojcicki, a co-founder and the company’s CEO. Amid this downward spiral, Wojcicki has said she’ll consider selling 23andMe—which means the DNA of 23andMe’s 15 million customers would be up for sale, too.

23andMe’s trove of genetic data might be its most valuable asset. For about two decades now, since human-genome analysis became quick and common, the A’s, C’s, G’s, and T’s of DNA have allowed long-lost relatives to connect, revealed family secrets, and helped police catch serial killers. Some people’s genomes contain clues to what’s making them sick, or even, occasionally, how their disease should be treated. For most of us, though, consumer tests don’t have much to offer beyond a snapshot of our ancestors’ roots and confirmation of the traits we already know about. (Yes, 23andMe, my eyes are blue.) 23andMe is floundering in part because it hasn’t managed to prove the value of collecting all that sensitive, personal information. And potential buyers may have very different ideas about how to use the company’s DNA data to raise the company’s bottom line. This should concern anyone who has used the service.

DNA might contain health information, but unlike a doctor’s office, 23andMe is not bound by the health-privacy law HIPAA. And the company’s privacy policies make clear that in the event of a merger or an acquisition, customer information is a salable asset. 23andMe promises to ask its customers’ permission before using their data for research or targeted advertising, but that doesn’t mean the next boss will do the same. It says so right there in the fine print: The company reserves the right to update its policies at any time. A spokesperson acknowledged to me this week that the company can’t fully guarantee the sanctity of customer data, but said in a statement that “any scenario which impacts our customers’ data would need to be carefully considered. We take the privacy and trust of our customers very seriously, and would strive to maintain commitments outlined in our Privacy Statement.”

Certain parties might take an obvious interest in the secrets of Americans’ genomes. Insurers, for example, would probably like to know about any genetic predispositions that might make you more expensive to them. In the United States, a 2008 law called the Genetic Information Nondiscrimination Act protects against discrimination by employers and health insurers on the basis of genetic data, but gaps in it exempt providers of life, disability, and long-term-care insurance from such restrictions. That means that if you have, say, a genetic marker that can be correlated with a heart condition, a life insurer could find that out and legally deny you a policy—even if you never actually develop that condition. Law-enforcement agencies rely on DNA data to solve many difficult cases, and although 23andMe says it requires a warrant to share data, some other companies have granted broad access to police. You don’t have to commit a crime to be affected: Because we share large chunks of our genome with relatives, your DNA could be used to implicate a close family member or even a third cousin whom you’ve never met. Information about your ethnicity can also be sensitive, and that’s encoded in your genome, too. That’s all part of why, in 2020, the U.S. military advised its personnel against using consumer tests.

Spelling out all the potential consequences of an unknown party accessing your DNA is impossible, because scientists’ understanding of the genome is still evolving. Imagine drugmakers trolling your genome to find out what ailments you’re at risk for and then targeting you with ads for drugs to treat them. “There’s a lot of ways that this data might be misused or used in a way that the consumers couldn’t anticipate when they first bought 23andMe,” Suzanne Bernstein, counsel at the Electronic Privacy Information Center, told me. And unlike a password that can be changed after it leaks, once your DNA is out in the wild, it’s out there for good. Some states, such as California, give consumers additional genetic-privacy rights and might allow DNA data to be deleted ahead of a sale. The 23andMe spokesperson told me that “customers have the ability to download their data and delete their personal accounts.” Companies are also required to notify customers of any changes to terms of service and give them a chance to opt out, though typically such changes take effect automatically after a certain amount of time, whether or not you’ve read through the fine print. Consumers have assumed this risk without getting much in return. When the first draft of the human genome was unveiled, it was billed as a panacea, hiding within its code secrets that would help each and every one of us unlock a personalized health plan. But most diseases, it turns out, can’t be pinned on a single gene. And most people have a boring genome, free of red-flag mutations, which means DNA data just aren’t that useful to them—at least not in this form. And if a DNA test reveals elevated risk for a more common health condition, such as diabetes and heart disease, you probably already know the interventions: eating well, exercising often, getting a solid eight hours of sleep. (To an insurer, though, even a modicum of risk might make someone an unattractive candidate for coverage.) That’s likely a big part of why 23andMe’s sales have slipped. There are only so many people who want to know about their Swedish ancestry, and that, it turns out, is consumer DNA testing’s biggest sell.

Wojcicki has pulled 23andMe back from the brink before, after the Food and Drug Administration ordered the company to stop selling its health tests in 2013 until they could be proved safe and effective. In recent months, Wojcicki has explored a variety of options to save the company, including splitting it to separate the cash-burning drug business from the consumer side. Wojcicki has still expressed interest in trying to take the company private herself, but the board rejected her initial offer. 23andMe has until November 4 to raise its shares to at least $1, or be delisted. As that date approaches, a sale looks more and more likely—whether to Wojcicki or someone else.

The risk of DNA data being misused has existed since DNA tests first became available. When customers opt in to participate in drug-development research, third parties already get access to their de-identified DNA data, which can in some cases be linked back to people’s identities after all. Plus, 23andMe has failed to protect its customers’ information in the past—it just agreed to pay $30 million to settle a lawsuit resulting from an October 2023 data breach. But for nearly two decades, the company had an incentive to keep its customers’ data private: 23andMe is a consumer-facing business, and to sell kits, it also needed to win trust. Whoever buys the company’s data may not operate under the same constraints.

all 37 comments
sorted by: hot top controversial new old
[–] [email protected] 63 points 1 month ago (1 children)

which means the DNA of 23andMe’s 15 million customers would be up for sale, too.

Wild to me that this isn't categorized as sensitive health data you aren't allowed to sell.

[–] clutchtwopointzero 43 points 1 month ago

It's America - your data and privacy do not matter right now and the septuagenarian congress will only look at regulating this 150 years from now

[–] [email protected] 56 points 1 month ago (3 children)

I always wanted to check out my genome, but never did so because of shady companies like this.

Is there any genome sequencing service for consumers that actually respects your privacy? Especially for full genome sequencing.

[–] [email protected] 7 points 1 month ago (1 children)

Same. I'd love to know any privacy-respecting companies.......that is, if they even exist.

[–] [email protected] 3 points 1 month ago (1 children)

Well, Swiss has some companies and strict laws to handling of health data (including DNA). But i dunno if you can just send your sample via package.

[–] [email protected] 2 points 1 month ago

Yeah, I imagine the USPS would would have some concerns about transporting biological samples across international borders. Lol.

[–] mazelado 5 points 1 month ago (1 children)

https://www.dnasquirrel.com/

This site walks you through how to take a DNA test anonymously. That’s as close as I’m aware of that you can get to privacy.

[–] [email protected] 3 points 1 month ago

That's cool, but seems kind of pointless, considering you can be easily reasonably deanonymized if your relatives take a DNA test. It doesn't address the main issue of your genetic information being used commercially.

[–] [email protected] 1 points 1 month ago

I as well was curious, but it was clear to me that this was a bad idea from the get go. Long before I became truly privacy focused, it was still blatantly obvious this was a bad idea. It sucks that it was such a hot trend and terms written in a horrible, and dare I say predatory fashion.

[–] [email protected] 29 points 1 month ago (2 children)

US government should buy them, not for the data, but the research and disease information. That was the most eye-opening thing about the results. Until I got results, my family had no idea that we carried the CF gene.

[–] [email protected] 6 points 1 month ago (1 children)

Some countries, like Finland, already started collecting their population's DNA sequences of willing individuals for research purposes.

[–] Ted 8 points 1 month ago

And as far as I've researched it is nowadays very hard to deny the finnish biobanks of access, storage and sharing of your collected samples. Which are used as a marketing leverage to honeypot healthcare investors and researchers to Finland from abroad by granting access. The sample data is "anonymized". I would like to opt out, but it is made so hard that it is generally impossible. Nobody asked if this is okay to us or not. And we are talking about private data that was collected for national research.

The least the legislators could've done for the participiants would've been to make an effective way to opt out from the databases, and deny all personal collection in the future. No such general solution available.

Disgusting from privacy point of an individual. And alarming that your state does something like this.

[–] [email protected] 2 points 1 month ago (1 children)

CF being short for what, in this case?

[–] [email protected] 4 points 1 month ago

Probably cystic fibrosis

[–] [email protected] 28 points 1 month ago (1 children)

Spelling out all the potential consequences of an unknown party accessing your DNA is impossible, because scientists’ understanding of the genome is still evolving.

Honestly, this is something that I hadn't actually considered before. I'm almost embarrassed, since I like to think of myself as someone who is always thinking about how my data can be misused, haha.

It's not just about data that can currently be used unethically; there's also the fact that someone may figure out a way in the future to use today's data unethically. This is definitely true with something like your DNA, which is so complex that there are infinite things to learn from it. But it can be true of more simple things, too. There's no way to predict what someone will be able to extrapolate from seemingly harmless information today.

[–] [email protected] 12 points 1 month ago

Plus this applies to your family as well. DNA is shared and by you giving it up you give up info about those related to you as well.

[–] Aeri 20 points 1 month ago

I should be able to copyright my DNA so they can't use it without paying me royalties.

If Lays can bother potato farmers in africa about it I should be able to own an organism too (myself)

[–] RecursiveParadox 12 points 1 month ago (1 children)

Great. Now how do I get them to delete my data and account?

[–] [email protected] 10 points 1 month ago (1 children)

I really didn't expect this when I used them 15 years ago.

[–] [email protected] 4 points 1 month ago

I did and thus didn't use them.

I hope it gets settled in a way for you, though. Should be outright illegal

[–] [email protected] 6 points 1 month ago

maybe it would be helpful if someone leaves some comments on how to delete olyour 23andme account and revoke as much of your data from them before they flop

[–] [email protected] 4 points 1 month ago (1 children)

Luckily I signed up with fake details (name, address, etc.).

[–] [email protected] 28 points 1 month ago

It doesn't help much if your cousins signed up with their real name. If you are male, they can figure out your surname even if no close relative submitted samples: https://en.wikipedia.org/wiki/Surname_DNA_project

[–] [email protected] 3 points 1 month ago

if you've forgotten your log-in info, contact customer service.

If you've previously downloaded your data, you can use that to help.

[–] [email protected] 1 points 1 month ago

Every platform Every time