I’m concerned about the privacy implications of DNA testing services like 23andMe or AncestryDNA. What are the potential risks of sharing our genetic data with those companies, and are there any privacy-focused alternatives available?

  • neidu2@feddit.nl
    link
    fedilink
    arrow-up
    82
    ·
    edit-2
    8 months ago

    I can easily imagine a reality where insurance companies have access (intentionally or accidentally) and give you a higher premium because they found something that makes you more predisposed to some ailment.

    The above is pure speculation, but it’s only one security breach or bag of money away. It’s never safe to assume that a your data is 100% secure at a (presumably) benign company. As curious as I am regarding certain aspects of my heritage, the fact that I have no control over what they do with the info is keeping me on the bench.

    • vulgarcynic@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      25
      ·
      8 months ago

      This is 100% the dystopian reality we are heading for. Maybe not in the near-term future but, there is no way that eventually corporate greed and shareholder gains won’t reach a point that this has to become the reality. They are simply leaving too much money on the table by not doing it.

      I think our only saving grace is that the laws haven’t been defined enough yet to prevent this from happening. But I have to imagine to some degree it already is. Just look at the way driving telemetry is being sold to auto insurance providers in the States already. If the information is out there, someone will get their hands in it and use it to manipulate the price of something.

    • BearOfaTime@lemm.ee
      link
      fedilink
      arrow-up
      8
      arrow-down
      1
      ·
      8 months ago

      Just look at the “monitor your driving for a discount” which th already do.

      My insurance company offered $30/year discount if I used their OBDII monitor. Are you effing kidding me? Thirty freakin dollars? I’d need to see a 50% discount before I even considered it.

      • neidu2@feddit.nl
        link
        fedilink
        arrow-up
        6
        ·
        8 months ago

        What always rubbed me the wrong way about those is that they don’t see what I’m seeing. Yes, I slam my brakes sometimes, but it’s not because I’m driving dangerously. Sometimes animal come out of the blue, and what telemetry might show as dangerous driving could just as easily be me saving them money.

        • catloaf@lemm.ee
          link
          fedilink
          English
          arrow-up
          6
          ·
          8 months ago

          That’s why they don’t ding you unless you do it often. If you have to do it often, you’re driving too fast.

    • ƊƲƘЄƬӇƠƦƖƠƝ@lemmy.one
      link
      fedilink
      arrow-up
      7
      ·
      8 months ago

      100% this. They already got caught sharing your health data with Facebook. Don’t think they (insurance companies)won’t buy DNA data en masse.

    • exanime
      link
      fedilink
      arrow-up
      6
      ·
      8 months ago

      Insurance companies already extrapolate such data from zip code… So it’s not speculation at all that they’d want an even more accurate metric

      Basically in today’s world, you’d have less than 1% of actors that would take this data and do something productive or beneficial for you or society as a whole… The other 99% will just use this data to make money on the back of others

    • kersploosh@sh.itjust.works
      link
      fedilink
      arrow-up
      6
      ·
      8 months ago

      Life insurance companies could conceivably do this already. They sometimes ask for blood tests (among other exams) as a precondition of granting overage.

      • BearOfaTime@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        They often require an exam before they provide coverage, including a blood test (who the hell knows what they do with that?).

    • blackbirdbiryani@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      8 months ago

      I work with genetic data and this sort of stuff is trivially easy to do in an automated way. They could easily run your variants against a known database such as clinvar and broadly deny insurance for a particular pathology if they wanted to.

      If they had access to your non-pathogenic variants it also becomes trivially easy to ID you, as non pathogenic variants tend to be random so more likely to ID a person/sample.

    • eyeon@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      8 months ago

      In the US that is not legal per the GINA act. Note that that is specific to health insurance. Life insurance can legally use that data. And laws can be broken often with less penalty than the profit made from violating them. And data can be retained much longer than laws exist so the GINA act could be repealed or updated at some point allowing companies to legally use the data already acquired.

    • BearOfaTime@lemm.ee
      link
      fedilink
      arrow-up
      21
      arrow-down
      1
      ·
      8 months ago

      I have some family who used them (against my advice), so now that’s partly my DNA out there.

  • Nefara@lemmy.world
    link
    fedilink
    arrow-up
    35
    ·
    edit-2
    8 months ago

    You can call me paranoid, but the first thing I thought of when I heard about it was how excited the Nazis would have been to access a database like that when they came into power. Imagine knowing the names and addresses of whatever Undesirables you wanted to single out, and exactly what percentage of “impure” they were. Ethnic makeup information can also be used against you in things like gerrymandering congressional districts to hand select voters and disenfranchise minorities. It’s pretty safe to assume that once your genetic profile has been gathered by a private company, it’s vulnerable to all sorts of bad actors gaining access and using that information. Would you want the KKK or the Proud Boys knowing just what percentage black you are? No thanks.

  • mozz@mbin.grits.dev
    link
    fedilink
    arrow-up
    32
    arrow-down
    2
    ·
    edit-2
    8 months ago

    The big real-world implication I’m aware of is that law enforcement can match DNA they found somewhere against 23andme’s database. Then if you (or any of your relatives!) are in the database because they’ve ever used 23andme, they’ll find that out, and they can use it to investigate or prosecute you.

    Whether you think that’s a good or a bad thing depends a lot on whether you think the cops should be able to succeed if they get a hold of someone’s DNA and are looking for the person to match their sample against… that success is, to me, much more likely to be a good thing than a problem, but that may not be the consensus view here and it’s certainly a massive, massive privacy implication.

    • Euphorazine@lemmy.world
      link
      fedilink
      arrow-up
      14
      ·
      8 months ago

      Well prosecutors and cops are incentivized to get arrests. Whether to pump numbers up for promotions or to use in campaigning. So it wouldn’t surprise me if cops turn a cold case into a witch hunt because some partial DNA match in a “private” database gave them a few suspects and then they start to build some case to fit the suspects.

      • mozz@mbin.grits.dev
        link
        fedilink
        arrow-up
        5
        arrow-down
        1
        ·
        edit-2
        8 months ago

        Well prosecutors and cops are incentivized to get arrests. Whether to pump numbers up for promotions or to use in campaigning.

        Accurate, and it does impact their decisions in ways that are sometimes pretty bad

        So it wouldn’t surprise me if cops turn a cold case into a witch hunt because some partial DNA match in a “private” database gave them a few suspects and then they start to build some case to fit the suspects.

        What do you think the ratio is of unsolved rapes, to felony cases that were falsified by cops and prosecutors that led to a conviction? I know the second one happened one time in the recent past, and it was a big enough deal that they made a Netflix special about it. I don’t know of it happening a second time besides that.

        • Euphorazine@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          8 months ago

          Well overall, using these techniques has probably resolved a ton of investigations where the leads ran out and it being an overall positive. I think it would still be better that DNA from these sources cannot be used in trial. So a DNA match can give you a new angle to find other elements, but the fact DNA was used to find a trail shouldn’t be admissable.

          I guess the saying “better 100 guilty people go free rather than an innocent man should suffer” applies though.

          My bias though is probably skewed through the media I consume. I do watch a lot of channels like Lackluster YouTube videos (shows corruption and double standards in policing). I do try to balance it out with channels like Code Blue Cam which does highlight good policing too, but I would say I have an inherent distrust with policing nowadays.

          • mozz@mbin.grits.dev
            link
            fedilink
            arrow-up
            2
            ·
            8 months ago

            My bias though is probably skewed through the media I consume. I do watch a lot of channels like Lackluster YouTube videos (shows corruption and double standards in policing)

            Yeah. I don’t want to get into my whole take on ACAB or anything, but what I’ll say quick about it is that when the court system is involved, the opportunity for abuse is way less. Police on their own with no oversight and everyone believes what they say always like back in the day, is way different from police with bodycams and modern hypervigilant cell-phone/news-media oversight like the modern day, is way different from police having to show up in court and the defense lawyer gets to mount a vigorous at-length factual challenge to whatever they’re saying happened. It’s still far far from a perfect system (public defender / plea agreement / wtf) but it’s also not equal to the stereotype where all the cops are just trying to get out and do as much harm to society as they can possibly manage every single day and nothing like working to catch rapists ever happens in real life.

            Plus, if the cops wanted to falsify the DNA and put someone away, they can do that without 23andme being involved. If they’re trying to run a match against the DNA they found to look for people to interview / cross match with whatever sample they have, then that’s already a moderate indication that they’re trying to find the actually guilty person.

            • BearOfaTime@lemm.ee
              link
              fedilink
              arrow-up
              3
              ·
              8 months ago

              You should go sit in on court cases before making such claims.

              The “experts” often used in court cases are frequently not so expert as the seem. It’s staggering some of the stuff that gets passed off as “evidence”. Like “gun fingerprinting” - “experts”, in court, will claim they can positively connect a case to a gun with extremely high accuracy - if you look into the research, it’s practically useless.

              • mozz@mbin.grits.dev
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                8 months ago

                When did you sit in on court cases? What did you observe in terms of the experts and their testimony when you did? Or maybe a better way to ask it is, how many times have you been in court and observed the proceedings?

                I have family who are lawyers, I’ve been to court a few times, and I’ve had friends on both sides of the justice system. Not sure why you assume I’m just totally unfamiliar with these things.

  • rho50@lemmy.nz
    link
    fedilink
    arrow-up
    17
    ·
    8 months ago

    At least in some circumstances, the risks of sharing your DNA include having children…

  • antlion@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    16
    ·
    8 months ago

    If you’re like me, you could find out at age 38 who your true biological father is, and contact him for the first time. It may spiral you into an identity crisis, wondering if you should change your name and the name of your children. Here’s the thing though, my biological dad didn’t share his DNA. His first cousin did, and I contacted him.

    As others have said, because you share your DNA with all of your relatives, it’s already not 100% private. One or more of your relatives has already tested their DNA. The most genetic privacy you can get would be for nobody to know who you’re related to. How tightly do you protect that information? Changing your name would be a good first step.

    • AstridWipenaugh@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      8 months ago

      There’s enough DNA registered to find almost literally anyone in the US that way now. It’s how they caught the golden state killer. A partial DNA match will narrow down 350,000,000 people to less than 100. Then it’s just a matter of gettin’ a box of jelly donuts and gettin’ down to some good old fashioned police work with a game of Guess Who.

      If you’re related to anyone that has done a DNA test ever, you’re already in the system.

  • ikidd@lemmy.world
    link
    fedilink
    English
    arrow-up
    16
    ·
    8 months ago

    Insurers get hold of it and disqualify you for health, life and disability insurance based on genetic markers.

  • considine@lemmy.ml
    link
    fedilink
    arrow-up
    16
    arrow-down
    1
    ·
    8 months ago

    Someone could build an army of clones of you, launch galactic war, and then you’d be hated all over the galaxy. Assuming you have good genes. Probably they made a bad movie about this.

  • FraidyBear@lemmy.world
    link
    fedilink
    arrow-up
    8
    ·
    8 months ago

    If anyone in your family starting at like your second cousin and closer have already done DNA testing then the cats outta the bag on worrying about your privacy.

    • mctoasterson@reddthat.com
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      This. Unfortunately it doesn’t matter how careful you are if your boomer parents got curious about whether they’re really 1/32 Cherokee or not. Now the data brokers and glowies effectively have a profile on you by association.

      Also remember in most western nations the cops don’t need a warrant to steal your trash from your bins and profile your DNA, or follow you for days and wait for you to drop a cigarette butt or use a straw at a restaurant.

    • livus@kbin.social
      link
      fedilink
      arrow-up
      14
      ·
      8 months ago

      For now. The US is a victim of legislative capture by corporations and it’s possible that in the future lobbying by insurance companies will open the door to them using some of that data.

      • The Doctor@beehaw.org
        link
        fedilink
        English
        arrow-up
        2
        ·
        8 months ago

        They’re spending a lot of money lobbying inside the Beltway to change that. So far it hasn’t worked but it’s only a matter of time.

        • asmoranomar@lemmy.world
          link
          fedilink
          arrow-up
          4
          ·
          8 months ago

          It’s good that you were able to quote the regulations. You’re not wrong, I’m just apathetic; the question was more rhetorical. To be clear: I don’t have faith that this is strong enough to deter and/or that governing policies have enough teeth to enforce. I’d like to be wrong, but I’m not hopeful.

        • spicy pancake@lemmy.zip
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          8 months ago

          in terms of corporate expenses for legal penalties that’s barely a disinterested-grunt-from-parent-in-other-room, let alone a wrist slap

    • untorquer@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      8 months ago

      It just comes down to est. profit margin vs. risk and not some ethics about lawfulnes. If they think they can eat the fines/lawsuits then they’re going to take higher profits until the hammer drops. Especially if it shows short term gains for a publicly traded company.

      That said, genetic data is probably not the biggest indicator of how much an individual will cost an insurance retailer (behavior would be better) and i’m not about to sift through HIPPA law to see all that it covers.

      My bias here is based insurance company behavior from back when they could descriminate based on pre-existing conditions as well as how any publicly traded company eventually functions. Etc…

  • smb@lemmy.ml
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    8 months ago

    All who could have an idea of what to do with it could seek a way to get that data out of every company or gov that have it for their specific reasons, no matter if data was collected lawful or not, or if access to the data is then lawful or not.

    1. search for source of evidences on crime scenes: if one of your relatives happened to have been (related to crime or just bad luck) at a place where later on some evidence was collected, you might cause trouble for them bcs your data is very similar to theirs and that is obvious to laboratories. depending on the the “later on” current state of technology it could affect relatives more than two or three steps away from you. if you live in a country where law enforcement gives a shit about truth and just seeks for one argument to punish just anyone they can point a finger at, that could become a huge problem for the whole family then just because there was data that could have been abused.
    2. illegal organ traders could - once they have access to your data - think you or your relatives could be a source of nice income if a client of theirs happen to pay enough. however you will probably never know as the illegal organ traders are unlikely to ring the doorbell to ask nicely for a contract. How much do you think would a richie in personal needs pay for “spare parts” if those who deliver them wants him to just never ask where it came from ? does it matter if such organ teaders could know a “compatible match” by data only? maybe not because they might know tomorrow or someone might put up an AI to do the matching (does it matter if that matching by AI is correct then? i guess such traders don’t really care and their customers probably, but wouldn’t that be possibly too late then?)

    For me the latter is actually enough to not willingly give my DNA data to anyone. for no reason. gov might already have it (covid probes had been collected and frozen at least) but actively pushing your data out inzo the world would be insane IMHO.

    Laboratories often use Microsoft Windows, Microsoft Active Directory and Microsoft Exchange, thus i personally see no reason to NOT believe that any data they have received once in time would - sooner or later - end up rotating uncontrolled in the hands of uncountable criminals waiting for any chance to make quick or huge money out of it.

  • nothacking@discuss.tchncs.de
    link
    fedilink
    arrow-up
    7
    ·
    8 months ago

    These services, like most companies will store your data indefinitly, and can be hacked. You cound end up with your name, what ever infromation the service gave you, and contact info on the internet. This is not the end of the world, but something to be aware of.