This year, you and your loved ones may have come across ads for a great gift to give this holiday season: cheaper-than-ever home DNA-testing kits sold by companies like 23andMe, FamilyTreeDNA, and Ancestry.
And judging by the numbers, these companies’ sales pitches have been a wild success for them, especially in 2018. Just a few weeks ago, right after Black Friday and Cyber Monday, Ancestry boasted that it had shattered its November sales record thanks to the post-Thanksgiving surge. Ancestry even claimed its AncestryDNA kits were the best-selling non-Amazon-branded product sold through Amazon on Cyber Monday for the second year in a row. There are also still plenty of holiday-themed deals available for the taking and surely more to come.
On the face of it, these tests seem like the perfect stocking stuffer. They’re pegged as a novel, exciting experience, one that might even bring a family closer together by revealing their shared genetic past. But in this humble writer’s opinion, consumer DNA kits are one of the last presents you want to unwrap on Christmas morning. Why? Because they can still be laughingly imprecise, are barely regulated, and most worryingly of all, could expose your identity to people you’d rather not know anything about you.
We here at Gizmodo made a similar argument last year against gifting DNA test kits. So let’s just assume you loyal readers took our advice to heart. But what if you get one as a gift? From your favorite aunt? And she just can’t wait to hear about your results? Sorry, but you’re going to have to hurt some feelings and throw out that box.
For one thing, there’s no guarantee that the results you get back from a DNA-testing company are particularly meaningful or even accurate. Earlier this year, a company called Orig3n, which claims to offer fitness and lifestyle advice based on your genes, failed to note that a sample of submitted DNA actually came from a Labrador retriever.
Examples like this are likely outliers, but they do get at the heart of how flawed consumer DNA testing can be.
When you submit your DNA to these ancestry companies, the results you get back aren’t necessarily an extensive biography of your genetic history. Typically, these tests look for minute DNA variations (called SNPs) that differ between people. These variations can influence our risk of certain diseases or our likelihood of developing traits like hair color. Patterns of variations can also be matched up to patterns taken from other living people whose families are historically thought to have lived in a specific part of the world, which companies use to predict your ancestry.
As Gizmodo has reported before, though, different companies rely on different databases of genetic patterns and use different algorithms to come up with their results. So even if most companies can screen out dog DNA, you probably won’t get the exact same predicted heritage from any two companies’ tests; the most accurate you can really get right now is figuring which continents your recent ancestors lived on (other tests that look at our Y chromosome or mitochondrial DNA can estimate further back in time, but are still pretty unspecific). This accuracy problem is even worse for racial and ethnic minorities or for people living in countries where the DNA testing boom hasn’t hit as hard, like much of Africa, since there’s relatively fewer datasets of comparable DNA available for companies to use.
As more people take these tests and add their DNA to companies’ databases, the accuracy and specificity of these tests should get better. But that improvement comes with its own drawbacks, namely a loss of privacy.
This April, Sacramento police reportedly nabbed a prolific serial murderer, the Golden State Killer, with the help of a third-party genealogy database where users submit their genetic profiles obtained from other companies. They cross-referenced crime scene DNA to the database, finding possible relatives to the killer, then they used other sources of public data (like newspaper obituaries) to construct a likely family tree and eventually zeroed-in on the alleged killer, Joseph James DeAngelo.
The technique has since been implemented in other cold cases. And a study published in October found that the same technique could someday be used to identify just about anyone through their familial relations, once enough people have their DNA stored in a database somewhere.
Companies have tried to head off concerns about their customers’ DNA being sifted through by law enforcement or anyone else. In July, 23andMe, Ancestry, and other companies adopted a series of guidelines surrounding their customers’ genetic privacy. The guidelines include explicitly asking permission from users before sharing their data with third-party businesses like insurers, while also disclosing how often law enforcement agencies petition them for customer data (companies such as Ancestry have released transparency reports for a few years now). A 23andMe spokesperson told Gizmodo in an email that the company has “had 5 law enforcement inquiries and haven’t turned over data in any of those instances.”
But the guidelines are strictly voluntary, and don’t preclude the possibility that companies will have to give up their data if ordered to by a court. They also don’t do anything about third-party databases, which are publicly accessible to anyone. And law enforcement agencies can also circumvent the request process entirely (as they actually tried to during the Golden State case) by just creating fake profiles on sites using the DNA of a suspect.
The debate over privacy is definitely complicated. Many people say they’re worried about genetic privacy in general, but according to a review published in October by researchers from Vanderbilt University, we actually don’t know much about their specific preferences on the topic.
“Is the use of databases to solve serious crimes really something the public opposes? I think that’s an interesting question we don’t know the answer to,” lead author Ellen Clayton, a professor of law and health policy at Vanderbilt, told Gizmodo.
Clayton and others have even suggested the creation of a universal genetic database that police could access. That’s certainly an out-of-box solution, but they argue that a heavily regulated database—using snippets of DNA not relevant to our health— would be better for safeguarding people’s overall privacy than the current wild west we have now. (In the European Union, though, the newly enshrined General Data Protection Regulation is poised to create strict rules around how our genetic data is handled by companies.)
Leaving privacy aside, there are other ethical concerns around how DNA is used. In July, 23andMe also announced it had entered into a four-year partnership with pharmaceutical giant GlaxoSmithKline to potentially develop new drugs and treatments, which will include the sharing of anonymized, de-identified customer DNA. There’s certainly a world of good that can be accomplished by further studying our genetics, and the company says it lets customers choose whether to share their data with GlaxoSmithKline or for future research purposes (if you decide your mind later, though, you’re out of luck). But it might leave a sour taste in your mouth to know that you’ll never see a penny of the profits your DNA helped make possible—at least, it would for me.
Speaking of science, 23andMe has obtained FDA clearance for some of its genetic tests, which aim to identify predispositions to certain health conditions or how likely you are to tolerate some medications. But even these tests aren’t meant to replace the role of a doctor for actually diagnosing your health problems.
These are all valid reasons to avoid the genealogy bargain and politely turn down the opportunity to swab your cheek after family Christmas dinner. But for experts like Clayton, there’s also a more practical one.
“I think the biggest risk people face by putting their identified genetic information out there is that other people are going to call them up—people who think they’re your relatives or something. Of course, that’s why a lot of people put their information up there in the first place. They want to find relatives or learn more about their ancestry. But some people might not like that so much,” she said. “Suppose my sister decided to put her information out there—that could lead to people calling me!”
If there’s anything people can sympathize with, it’s the abject fear and annoyance of having to talk to relatives they’d rather avoid. We get enough of that during the holidays as it is.
Correction: An earlier version of this article wrongly attributed the apprehension of the alleged Golden State Killer to San Diego police. He was brought in by Sacramento police. We regret the error and thank commenter Griffin for pointing it out. Update at 2:45 p.m. ET: Added additional contextual information regarding 23andMe’s research efforts and its responses to law enforcement requests for data.