Peter J. Pitts, a former FDA associate commissioner, is president of the Center for Medicine in the Public Interest. He writes:
…. But Facebook isn’t the only firm that puts users’ privacy at risk. Some genetic testing companies like Invitae, 23andMe, and AncestryDNA do too — and the consequences of irresponsibly sharing DNA data are far more serious than a social-media data breach.
Lawmakers and regulators ought to demand these genetic-testing companies clearly inform consumers whether, and how, their data will be shared.
But even such disclosures aren’t sufficient. As Pitts notes:
Take Invitae. Its privacy policy states that it may use patients’ “de-identified” data for “general research purposes,” which may include “research collaborations with third parties” or “commercial collaborations with private companies.”
The problem is that the data aren’t permanently “de-identified.” The information can easily be tied back to specific people.
Read more of his opinion piece on Philly.com.
Interesting twist on this now; The New York Times is reporting that police took their old DNA and ran it against some genealogy sites and found distant relatives of the now accused Golden State Killer, Joseph James DeAngelo. They then linked it to him by finding someone of the right age in the right area. Be curious to see the EULA that people agreed to when they submitted their DNA to the site.
https://www.nytimes.com/2018/04/26/us/golden-state-killer.html
I’ve been trying to make people aware of this risk for a number of years now. As to the EULA issue, I had linked to a ThinkProgress piece on that in May of 2017. But even back in 2015, I was reporting on how many cases the DNA firms were reporting in terms of law enforcement requests.
What’s even more concerning in some respects is that law enforcement doesn’t need a warrant for these searches. They can sign up for a service, and under the terms of the service, people are basically agreeing to share their DNA with others. So, there ya go…. Ugh.