Lots of folks will give themselves and their relatives direct-to-consumer genetic testing kits as holiday gifts this year. Millions of customers have already used such kits to learn about their genetic ancestry. For example, 23andMe reports that 99.6 percent of my genes derive from Europe, with 43.2 percent being British and Irish. Also, I bear more Neanderthal variants than 85 percent of 23andMe customers, although Neanderthal ancestry accounts for less than 4 percent of my overall DNA.
Sen. Chuck Schumer (D–N.Y.) thinks the testing companies don't provide enough privacy protection for their customers' genetic data. "Many don't realize that their sensitive information may end up in the hands of many other third party companies," he said at a press conference Sunday. Schumer wants the Federal Trade Commission to investigate the situation, with an eye toward establishing rules that forbid testing companies from sharing your genetic information with other companies or researchers.
The senator did not cite any evidence that genetic testing customers are actually much worried about their privacy. I reached out to various testing companies asking if they had received many (or any) complaints from customers about their privacy policies. Only 23andMe got back to me: Spokesperson Andy Kill claimed there is "nothing substantial to report as far as customer concerns on this front."
That sounds about right to me.
First, my bona fides. Seven years ago, I wrote an article arguing that worries about genetic privacy are way overblown. I have gone so far as to post publically my 23andMe genotype scanning results. My results are constantly updated as new information about the genetic variants tested for become available. My point is that genetic information is not special, toxic, or occult.
In any case, the direct-to-consumer genetic testing companies all post their privacy policies so that consumers can review them. All of them promise not to disclose your information without your permission. If the companies change their privacy policies, they notify users of the changes and give them an opportunity to withdraw from their services.
For example, 23andMe states, "We will not sell, lease, or rent your individual-level information (i.e., information about a single individual's genotypes, diseases or other traits/characteristics) to any third-party or to a third-party for research purposes without your explicit consent." MyHeritage similarly declares: "In no case is the personal information provided by our users sold, licensed or otherwise shared by us with advertisers, sponsors, partners or other third parties. We will never sell or license DNA samples, DNA Results, DNA Reports or any other DNA information, to any third parties without your explicit informed consent, and we will never sell or license such information to insurance companies under any circumstances." Ancestry.com won't disclose personal information to third parties without your knowledge and consent, except "as reasonably necessary to comply with a law, regulation, valid legal process (e.g. subpoenas or warrants served on us) or governmental or regulatory request."
Of course, no company can promise absolutely that it can prevent disclosure through hacking.
For what it's worth, I have basically consented to let 23andMe do whatever it wants with my genetic test results. I think that doing so advances biomedical research that will end up helping lots of people and aids in figuring out what makes us humans tick. For example, my 23andMe genetic data was used in a study published in Nature Communications that found genetic associations with the susceptibility to some common infectious diseases and another in Molecular Psychiatry that identified genetic correlations associated with empathy. You're welcome.
At any rate, if any people do have concerns about their genetic privacy, they have a simple way to avoid the issue: Don't take the tests.
Disclosoure: I am a longtime happy customer of 23andMe.