How do we balance the good that can come from troves of genetic data with the privacy concerns they engineered?
Like a lot of forward-thinking companies these days, there’s no question that the creators of 23andMe are in the business to collect and sell data on as many people as they possibly can. Despite what must be enormous revenue from selling their $99 “Personal Genome Service” to over 3 million people, their business goal is not to make a profit selling genetic testing kits. It’s to leverage the voluminous stores of genetic data they’re hoping to collect.
Leveraging big data: that’s becoming a familiar catchphrase these days. So, too, are the mounting privacy concerns that inevitably crop up whenever you pit Big Data against unwary individuals. But in the case of 23andMe, the stakes are even higher because it’s the most personal kind of data that’s on the line: people’s genetic code.
In addition to holding value for marketers, this type of data could also hold the key to miraculous scientific advances in the field of medicine. Herein lies the dilemma for individuals as well as privacy advocates.
A Cure for Cancer vs. Genetic Privacy
Because of the huge potential for deriving medical breakthroughs from genetic data, more people are tempted to share this type of data than other types, for the good of medical research. In the spirit of making the world a better place, people are happy to give consent and sign away their rights, often without fully investigating the fine print.
It doesn’t help that the folks who run 23andMe know this and capitalize on the philanthropic leanings of their customers. It’s especially easy with Millennials, famous for being more receptive to cause marketing.
Indeed, a recent article by 123andMe co-founder Anne Wojcicki liberally sprinkles terms like “be part of a solution” and “cures based on genetic insights” and “improve the future of healthcare” and “by… participating in research, we would all benefit” and “empowering consumers to play a role in creating impactful new treatments”.
This heavy-handed approach to getting consumers to opt in to data-sharing works because it’s partly true. Big data does hold exciting promises in healthcare, for both the prevention and treatment of some of the world’s worst diseases.
But at what personal cost are consumers agreeing to help advance medical science? Can they help the researchers without compromising their privacy? It helps to understand what, exactly, 23andMe does.
What Sort of Data Does 23andMe Provide/Collect?
23andMe analyzes all 23 pairs of chromosomes (hence their name) for its customers. That sounds comprehensive but actually, their saliva test covers just a tiny fraction of the whole human genome. It’s powerful data, however, and it provides insight on more than 250 different genetic factors, including ancestry and health-related data. Examples include carrier status for certain diseases, how your body might respond to drugs, physical traits (like muscle composition or a predisposition to drinking coffee), and genetic variants. Some seriously private information.
Some Just-the-Tip-of-the-Iceberg Privacy Concerns
In addition to all that private health information collected by 23andMe, there are usually third-party apps involved, too.
23andMe produces raw genetic data but people want easy-to-digest facts about themselves. Interpretive apps and websites have stepped up to fill the gap. Genetic Genie, for example, provides “methylation and detox analysis” from 23andMe results.
One looming issue is, what’s the privacy standard on these apps and websites? It seems that data sharing is rampant and it doesn’t stop there.
In 2015, the company announced they’d be sharing genetic data from 650,000 customers with Pfizer, the pharmaceutical giant. This summer, they announced that GlaxoSmithKline had purchased a $300 million stake. That gives the pharma company access to 23andMe’s genetic data. Privacy advocates are wringing their hands at this. In addition, sharing from one entity to another also raises the issue of hacking.
People Think Differently About Genetic Privacy (But They Shouldn’t)
After a shaky start in 2007, the company has grown considerably thanks in no small way to the sales boost they got from Angelina Jolie. She got tested (albeit not through them) and discovered some troublesome spots in her genetic makeup. Her resulting double mastectomy (to head off breast cancer) made headlines and spurred thousands of women to consider testing their own genes.
And so the notion of genetic testing as preventive medicine went viral. It took the company seven years to collect data on just 800,000 people. In the last five years, they’ve upped that number to 3 million.
You can now purchase two types of testing kits from 23andMe: one lets customers learn about their ancestry and the other is aimed at health. The type of test Ms. Jolie took cost $3000 but for $99, 23andMe customers can learn about their predisposition for Parkinson’s, Alzheimer’s, and a few of the BRCA mutations. Imagine the consequences of finding out, at the young age of 23, that you may someday get Alzheimer’s. That’s only the beginning of how loose standards around genetic privacy can impact lots of different kinds of people.
Here’s Who Feels the Privacy Impact of Genetic Testing
– Adoptive parents. They can’t provide family medical history so they acquire it from 23andMe. But what if they find something big? Do they share it with the child or not?
– Adoptive parents of foreign-born babies. They have no connection to their culture and their relatives but some might be possible through 23andMe. By submitting the test, parents are opening a can of worms. Do they want fifth cousins reaching out to their adopted child?
– Family members of 23andMe customers. It’s possible that, by signing up for private gene testing, you’re putting your own family members’ privacy at risk through correlation. They say data is anonymized but don’t trust it. Remember how law enforcement caught the Golden State Killer in the U.S. earlier this year? It was through a genealogy website.
– Long-term-care insurance providers. Their stance is that why should consumers have this information that they don’t, which they need for their underwriting?
– Insurers and employers. The U.S. Genetic Information Non discrimination Act (GINA) makes it illegal for them to discriminate on the basis of genetic makeup. The problem: it doesn’t apply to long-term-care insurers.
– People with sensitive risks. Customers have the option of learning about their risk of diseases like Parkinson’s and Alzheimer’s. Once that cat is out of the bag, however, it can never go back in. Some insurers require you to disclose what you know about your genetics.
– People with secrets. One biologist watched his family become torn apart after his 23andMe test revealed his father had had an illegitimate son. Consider the other types of deeply-held family secrets and the effect of exposing them inadvertently.
There are ways to beat 23andMe and retain at least some of your genetic privacy. They involve using Virtual Private Networks (VPN), fake names, tracker-blockers, multiple email accounts and forwarding, and browser add-ons designed to mask your phone and credit card numbers.
The sooner the public learns they have to work for privacy rather than expect it by default, the better. As you can see, however, that takes is levels of persistence and technical expertise that most people simply don’t have.
That leaves us with regulation. Sadly, the regulatory environment has a long way to go to catch up. A good place to begin would be taking a page from GDPR on making it easy to opt out of sharing all your genetic data when you purchase a saliva test and submit it for testing. Right now, if a 23andMe customer chooses to opt out, they probably won’t get the privacy-enhanced results they’re expecting.
Another GDPR-like important direction to take would be regulating the sharing of personal information, which took on a critical urgency the minute GlaxoSmithKline bought part of 23andMe. New research can be good for all but genetic information can also be used against you. Be careful and think carefully about how companies like 23andMe are sharing your data. If they’re not doing it now, they probably will be someday soon.