Yeah, this. If an entity really wants to screen your DNA, there are easier routes than figuring out how to deanonymise you from a collection of thousands of profiles with basic demographic info they've just bought or paying enough to convince the entity with the very profitable lawful line in selling anonymised data to break the law for them.
Because it impractical to tie the information found in the DNA back to you as an individual (e.g. name, social security number, etc). It is therefore impractical for companies to use that information to target you.
The ways in which this data can be abused (eg. prescreening for insurance, loans, etc.) doesn't line up with someone going out and hunting identifiable DNA samples to build a database. It does line up with self submitted/self funded database - you are basically paying to get in a DB that can be used to discriminate against you - it almost seems comical
Of course it could be massive credential stuffing. The problem is that an inside job would look completely identical. Or negligent security.
If you sell your DNA profile to someone, they are free to give or sell it to someone else. At best that's a breach of contract, but what are you going to do? A successful class action only changes the price retroactively.
(I am told some people sell their DNA data at a negative price, which I suspect may be the same people who pay to have to have a remotely controlled microphone at home. That I don't understand, and accept that I probably never will. But it doesn't change the underlying premise and market dynamic. The above is still true.)
They are selling the data for (allegedly) medical research now. Tomorrow, they will sell it for genetic discrimination against you. The point is: it's not your data anymore, and from your perspective it can only be used against you.
While I understand there are pro-social uses of this data, such as medical research and identifying criminals and their victims, those exceptions should be clearly delineated by law in a white list, with strong safeguards, with the default being DNA privacy.
Consider that there are a significant number of people who don't know they have more relatives than the ones they know and love. If the information is public, it becomes an avenue for blackmailing.
Scams about relatives already happen without DNA [1].
Depending on what state in which you live your insurance coverage or cost might change too. [2]
There's also significant risk that your DNA will be sequenced in one jurisdiction but, because of The Cloud, it gets analyzed and stored in another jurisdiction. For example, the EU and US have very different privacy laws.
Some DNA analysis software employ stochastic algorithms. That means that the answer they provide can be different if run more than once, especially if run with different parameters (such as sample pool). [3] [4] Some customers know this and will ask for their data to be reanalyzed.
Some companies make the DNA available to be downloaded by the customer. That file can then be used for your own analysis or research. It could also be uploaded to other companies for different analyses or conclusions.
I don't think it's unreasonable to assume that your grandmother, who uploaded her DNA to a foreign company for a new or different analysis, has given a foreign adversary private information about you and your potential medical hazards or secret relationships.
I am actually more worried about nefarious private sector actors using my DNA against me. There are countless ways that the private sector can use knowledge of my DNA against me.
I wanted to have it done so badly, but now I'm with you. Anyone have a cost on analyzing your DNA privately? Then the breach is just you+1, and you could use a fake name (I know, I know, that isn't foolproof when DNA is involved)
110% with you on this. In fact, even if they hand out your data, against any agreement you had with them, the worse they would face would be a pittance fine.
There is no situation where they would put people over money and DNA is immutable.
If you don't want a company to have your DNA, don't give it to them.
It seems like a business was built around people wanting to be told they had 20% more fun in their bloodline, for a fee. Those people didn't consider the implications of giving this kind of data to a private company.
Now the company is saying, "we got the DNA you gave us, for a fee and we don't want to go to court to fight you about how we use it".
Just don't give them your DNA. It's not that hard.
I think the difference is much smaller than you think. If someone finds male DNA and my uncle has used this service, and a public photo with my eyes and hair clearly visible in the background on his Facebook page, then suddenly it’s almost as if I registered my DNA in a public registry. It’s the metadata problem all over again, it just takes one or two more public data points to deanonymize it entirely.
That’s a fair point. Operating a global database that connects someone’s DNA to their identity brings up different issues than just being able to easily sequence someone’s DNA in a “targeted attack”. I think worrying about keeping your DNA private is a fools errand (See oxford nanopore and extrapolate), but discussing what companies can do with these databases is probably a more fruitful effort.
Citation needed, but I'm fairly certain I've read that companies like Ancestry retain the right to use your DNA/data for a variety of commercial reasons. Also, if I were you I would be concerned about it being used by the government [1]. Sure, looking up a serial killers DNA is something most can agree with but imagine this being used in an automated way for way lesser crimes.
It's all the same scam - you send them your dna to do some fun test, like see what % of neanderthals genes you have or how much Scottish you are (which is btw a total scam because error margins on these tests are usually huge and thus results are pretty meaningless) and your dna ends up in their database forever, and they can data-mine and cross-analyze and sell it as they wish. Of course they have good lawyers and EULAs and it's all legally covered, but it's just as immoral.
I was honestly baffled to see the proliferation of DNA analysis companies... aren't people concerned about the importance of the data they're giving out? AND you pay to give them that data... leaves me speechless.
How accustomed we've become to giving our privacy away.
reply