In recent years, consumer DNA testing kit services have exploded in popularity. The MIT Technology Review called 2017 the "year consumer DNA testing blew up" as it was the first time more people had their DNA tested in a single year than all previous years combined. Analysts attribute the impressive growth in popularity not only to consumers' curiosity but also to the continuing price war between consumer home DNA testing companies. With this developing industry, getting a DNA tested has never been cheaper as companies compete with sub-$60 deals and 2-for-1 specials — especially at the end of the year, around the holiday season.
However, not everyone is sold on the booming business. As more people choose to get their DNA tested, many are beginning to investigate potential privacy concerns around such tests. Of course, it's always a good idea to take privacy concerns seriously, but in the age of "fake news" and other misleading —and sometimes outright incorrect— information being spread on social media, we need to take a deeper look at home DNA test kits and privacy. From 23andMe to MyHeritage and beyond, here's what you need to know before comparing these 10 companies offering home DNA test kits and making a purchase.
Are DNA Testing Companies Selling My Data Without My Permission?
The short answer is a simple no. Contrary to what viral posts on Facebook may have said, DNA testing companies are not sharing genetic information with third parties without permission. If unsure, consider the following statements from some of the most popular direct-to-consumer DNA testing companies:
"In particular, you should be aware that we do not share your Genetic Information (as defined in the Privacy Statement) with employers, insurance providers, or third-party marketers without your consent...Any sharing of Genetic Information for scientific research is governed by our Informed Consent to Research, which only applies if you expressly agree to participate."
"We will never share your Genetic Information with pharmaceutical or insurance companies, employers, or third-party marketers without your express consent."
"23andMe will not sell, lease, or rent your individual-level information to any third party or to a third party for research purposes without your explicit consent."
Misunderstanding And Consent
Perhaps the biggest confusion in the direct-to-consumer DNA testing industry comes from a misunderstanding of how "your information" is shared with third parties. Though many consumers do opt-in to sharing their information (more than 80% of all 23andMe users), they're not required to.
As with the case of all major DNA testing companies, these programs are 100 percent optional and will not affect your ability to use the service if you do not choose to opt-in. For example, consider the excerpt from Ancestry.com's "Informed Consent" page:
"Your consent to participate in this research is completely voluntary and is not required to use any of our products or services. Even if you consent to participate in the research, you may withdraw your consent at any time, but your information will not be removed from research that is in progress or completed."
It's important to note that those who do choose to opt-in will have their information stored potentially indefinitely — so remember this before making a decision. Again, there is no penalty for choosing not to opt-in; some users simply don't care and have no issue with their information being shared, others see the research as an important asset for furthering medical research and others don't want their information shared at all. Regardless of where you stand, the choice is up to you.
Where Real Privacy Concerns Lie
Previous points notwithstanding, there are still potential privacy concerns consumers should keep in mind when comparing different DNA testing products. When user information is shared with third parties without your informed consent (i.e. non-individual-level information), the data is aggregated and pooled in an "anonymized" manner. However, recent research has shown that the "anonymized" information isn't as difficult to de-anonymize as you may think.
There are more traditional privacy concerns to consider such as a potential security breach. User information is stored via data repositories that could, in theory, fall victim to malicious attacks. As of today, no such attacks have occurred, but consumers should always consider the possibility of such an event.
Unlike credit card or banking information that can be changed after a security breach, there's no retracting and changing genetic data after the fact.
The Bottom Line
No matter where you stand on the DNA testing opinion spectrum, it's always crucial to challenge misinformation and hyperbole spread on social media. There are real, valid privacy concerns to consider before purchasing a DNA testing kit of your own, but they're not what most people think. No, DNA testing companies aren't selling your personal information to third parties without asking you and even when companies such as FamilyTreeDNA share information with law enforcement, they're not granted any additional privileges than average users and only have access to what users have chosen to make public. There are privacy concerns here, let's just make sure we're asking the right questions and focusing on the relevant risks.