In addition, genetic testing companies are not covered by the Health Insurance Portability and Accountability Act (HIPAA). This act usually applies the rule that doctors and health insurance agencies cannot share your personal medical records with the first removal of all personally identifiable information.
And, while the genetic information Non-Discrimination Act (GINA) protects you from drug exclusion based on your genetic information, this law does not apply to long-term care plans, life insurance or disability insurance. These companies are essentially free to discriminate against you based on the genetic variants that you can bring. In essence, this could make you incurable.
What Kind of Information Does Your DNA Contain?
Your DNA is absolutely unique to you. Unless you have an identical twin, no one else on Earth shares your only genetic code. Even identical twins can have minor mutations that make their DNA unique, although it is difficult to measure. This genetic code indicates every aspect of your body. In fact, as we learn more and more about DNA, it will be easier and easier to identify many personal traits – such as eye color, height, hair color, and other traits.
In addition, genetic information alone is mostly useless for researchers. In order for it to be of any value, it must contain certain personal information. For example, while the company can delete your name from the data, It still contains information about what diseases you have, where you are born, and other information about your life that researchers can use to better understand the genetic code.
How Hard is it to Identify You Based on Your DNA?
Unfortunately, the answer to this question is: incredibly easy. For example, if an amateur genetics enthusiast has also obtained a minor sample of your DNA, they could easily identify you or your family in a genetic database simply by taking the sample test. In addition, several databases of genetic ancestors are free to use, such as GEDmatch.
This passionate amateur could simply process your genetic sample and find matches directed to a distant family member who has already sent their DNA to the database. Then, using social media and a phone book, they could find you, your address, your phone number, your employer and other information. Although this would technically be against the rules that genetic testing companies have, there is almost no way for them to apply these rules.
Only this is a good reason not to undertake genetic testing. However, random genetic enthusiasts are the least of your worries.
Do DNA Companies Share Results with Third Parties?
Almost all genetic testing companies sell aggregated genetic data. DNA testing companies often share their databases with insurance companies, drug development companies and law enforcement agencies. These entities are not trying to help you in any way. At best, you are excluded from life insurance based on the genetic variants you carry. At worst, you’re involved in a crime because law enforcement used the database to identify you or a family member. Nor is it a desirable result.
In addition, it became clear that several companies allow law enforcement to access their database without a search warrant. FamilyTreeDNA was recently found giving the FBI access to the entire database. While this was intended to help find criminals, it is also highly fallible. If only a partial DNA profile had been found at the scene of a crime, it could lead to you or a family member falsely accused of a crime.
For the moment, the sharing of this genetic information is entirely legal. HIPAA and GINA do nothing to stop the genetic data transfer. Law enforcement is increasingly using these genetic databases as a tool to find suspects. Similarly, any life insurance company that wants to maximize its profits would be totally within the limits of the law if it were to exclude you from coverage based on your genetic profile.
Some companies, such as 23andMe and Ancestry, refuse to work with law enforcement without a search warrant. But this is certainly not a deterrent to serious criminal investigations. In addition, these companies have no qualms about selling your aggregated data to drug development and insurance companies, and this actually makes a big revenue stream for these companies.
Famous DNA Privacy Lawsuits
One of the most relevant DNA privacy cases is in the Maryland Supreme Court v. King case. In its decision, the Supreme Court upheld the practice of obtaining DNA from an arrested suspect and testing DNA against a database. The court found that this practice did not constitute a breach of the Fourth Amendment.
This more or less opened the door to law enforcement using genetic databases to find and identify potential suspects. However, this does not answer the question of whether law enforcement can search the databases without a warrant or a suspect. While the trial for the Golden State killer is about to begin, the use of genetic databases against a criminal is sure to get to the higher courts. Although, it may take a decade or more to come to a conclusion.
But the super rich are already fighting with genetic information. With the Peerenboom V. Perlmutter lawsuit, we may find out more about what the law considers your property. Apparently, Peerenboom stole Perlmutter’s genetic data without their consent. Traditionally, genetic information and DNA are not something that can be “possessed”. This can change, however, if the court pronounces itself in favor of Perlmutter.
For the moment, there are no laws or court rulings that protect your genetic data and prevent companies, law enforcement or individuals from using it against you.
What Can You Do to Protect Yourself?
Second, instead of trying to beat them, you could join them. Many smaller companies now allow you to check your genetic data, and sell it to whoever you want. Nebula Genomics, for example, stores DNA data on a blockchain platform. This allows you to keep ownership of your data while selling to the same agencies to which companies like 23andMe are still selling your data. Even if this allows companies to access your data, at least they pay you.
Unfortunately, since more than 10 million people are already in genetic databases, this genetic data problem is unlikely to disappear. With this many people, almost every person in the United States can be identified, or at least one member of their extended family. In other words, the days of genetic privacy are over. Welcome to Gattaca.