The science of how our genes affect our health, our looks and our personality is still pretty mysterious. Even more mysterious: What happens to your DNA after you spit in a test tube and send it to 23andMe or Ancestry to decode your DNA for a not-insignificant fee.
On Sunday, New York Democrat Sen. Chuck Schumer called for more federal scrutiny of the privacy practices of consumer DNA testing companies.
“Here’s what many consumers don’t realize, that their sensitive information can end up in the hands of unknown third-party companies,” Schumer said during a press conference. “There are no prohibitions, and many companies say that they can still sell your information to other companies.”
“Now, this is sensitive information, and what those companies can do with all that data, our sensitive and deepest information, your genetics, is not clear and in some cases not fair and not right,” he added.
Schumer is right. Your genetic code contains extremely sensitive information. Embedded in your genetic data is personal information about your health, personality, and family history. When you spit in a test tube in hopes of finding out whether you’ve got any Viking ancestry, you’re giving up unfettered access to information about what makes you, you.
And, as Gizmodo has previously reported, the breadth of rights you are giving away to your DNA when you spit in that vial is kind of crazy. It’s all there in the fine print: Testing companies can claim ownership of your DNA, allow third parties to access it, and make your DNA vulnerable to hackers.
There’s no evidence to suggest that DNA testing companies have done anything nefarious with anyone’s DNA. But a company wouldn’t even have to for your information to get exposed. 23andMe, for example, sell anonymized data from your genetic code to its research partners, to help put all that genetic data to use looking for cures to diseases. That’s a use most people probably wouldn’t mind. But that research partner could in turn share your anonymized data in a research journal, and it’s possible someone might identify it. Most DNA companies also share genetic data with other third parties for business purposes. The more your information gets shared, the more vulnerable it is to accidental leaks or hacking.
The Food and Drug Administration does regulate consumer DNA tests when the tests are related to health, like the 23andMe tests for disease markers. But that’s as far as any regulation of the consumer testing market goes. Consumer genetic testing firms are not typically bound by HIPAA, which means the flow of your data is basically unregulated.
Schumer said he’s calling on the Federal Trade Commission to “take a serious look at this relatively new kind of service and ensure that these companies can have clear, fair privacy policies.” The companies, he said, are not necessarily “nefarious” but “they are brand new, and they need safeguards.”
Schumer doesn’t call for anything specific, other than that the FTC ensures that DNA testing companies are communicating clearly what might happen to your DNA after you hand it over. But his statement is significant because so far the FTC has largely shied away from stepping in when it comes to consumer DNA tests. It’s the first time the privacy practices of DNA testing companies has gotten attention from Congress.
Schumer’s remarks appear to have been prompted by the massive marketing push by many consumer DNA companies for Black Friday and Cyber Monday. Ancestry, 23andMe, Helix and others were all offering tests at steeply discounted prices. (You might have even noticed advertisements for some of these services on Gizmodo Dot Com.)
“The last gift any of us want to give away this holiday season is our most personal and sensitive information,” he said.
His primary concern, he said, was that the companies can sell and share data without informed consent.
To be fair, 23andMe, Ancestry and others all do disclose most of the things that might happen if you take their test—but only if you actually read all the fine print.
Update: This story has been updated to clarify what information 23andMe sells to research partners.