Consumers’ desire to find out where they come from have handed international genetic testing companies a cash cow.
Overseas companies like 23andMe and AncestryDNA are raking in huge profits charging for direct to consumer testing kits – but their real commodity is you.
US-based 23andMe has a database of over 2 million testers and has entered in genetic-data-sharing partnerships with multiple drug companies, according to its website.
Chief executive Anne Wojcicki was asked in a televised interview how important partnering with drug companies was as a “revenue driver” for the company, to which she replied it was the “long-term core business model”.
* DNA testing laws could be set for an overhaul
* Genealogical DNA: to test or not to test?
Shared data is “anonymised” and “aggregated” so it can not be reasonably identified, according to privacy statements for AncestryDNA and 23andMe. But studies have shown that individual DNA sequences can be used to trace back to “identifiable linkages” by using public databases.
Privacy Commission spokesman Charles Mabbett said: “Consumers need to be aware that handing over their biometric information does present a higher than average risk to them in the event their information is stolen or shared to third parties.”
Mabbett said there have been no enquiries or complaints about commercial DNA testing, and the commission is unaware of any legal proceedings that have compelled companies to share genetic information.
There have been cases of both overseas. In a murder investigation in the United States, a court order compelled Ancestry.com to test a 1996 rape kit against their database that ended up identifying a familial match. The suspect identified was ordered to give DNA that was later found not to match.
The commission has had enquiries about DNA testing in the context of a crime, which is an issue covered by different legislation, Mabbett said.
Biometric information is a special category of personal information because of the risks of identity theft that it poses.
A huge breach of biometric data has already happened in the US. The US Office of Personnel Management, a federal agency that overseas government security clearances was hacked in 2009, The data that hackers took included the fingerprints of 5.6 million people.
Victoria University law professor Samuel Becher said: “[Direct to consumer genetic testing companies] are playing on people’s eagerness to feel unique and receive individualised, tailored treatment – that’s a strong human desire and firms exploit it.”
Becher noted the contract and terms and conditions of AncestryDNA were not very consumer-friendly and seemed “one-sided.
“A few clauses seem imbalanced and unfair … for instance the firm’s vast power to change the contract at any time for any reason … wide discretion regarding how they inform consumers about said changes, and consumers are assumed to accept such changes by merely using the website,” he said.
“Policy makers don’t seem to fully acknowledge the need to examine these industries and to consider proper regulation and protections.”
President of the New Zealand Society of Genealogists Michelle Patient said the “new sense of oneself” that DNA testing could provide was “indescribable”.
Patient has given talks around New Zealand, Australia and the UK about the tests.
“A handful of people have wondered about their privacy, after an explanation covering the various ways the companies protect your information almost everyone goes ahead.”
Ancestry.com and 23andMe have been contacted for comment.