In late July 2018, the famous home DNA testing company 23andMe signed a deal with the global pharmaceutical giant GlaxoSmithKline (GSK). As a result, 23andMe is now $300 million richer while GSK has gained access to 23andMe’s database including the genetic information of over 5 million people. GSK will use the acquired data to develop drugs based on human genetics.
While Peter Pitts, the president of the Center for Medicine in the Public Interest, was one of the few to publicly express concern about the privacy-related issues surrounding this partnership, his interview with TIME magazine has caused many to think about the potential risks, possibly including the people behind 23andMe.
A mere week after the deal was announced and Pitts’ interview was published, 23andMe and a number of its competitors promise to comply with the new privacy guidelines developed by the Future of Privacy Forum.
No Data Sharing Without Users’ Express Consent
The aforementioned new guidelines are known as Privacy Best Practices for Consumer Genetic Testing Services. They focus on the collection, retention, sharing, and use of genetic data generated and provided by personal genomic testing and consumer genetic testing services.
The Privacy Best Practices for Consumer Genetic Testing Services document itself is about 20 pages long. However, its influence on the privacy policies of 23andMe, Helix, MyHeritage, and other similar services can be summed up in just a couple of simple sentences.
Namely, 23andMe and its competitors promise that they will not share their users’ genetic information with third parties without the users’ express consent. On top of that, they guarantee that they will be completely transparent in terms of the ways user data is collected, shared, and used. The new guidelines further allow users to view, edit, and delete their genetic data and state that their data may not be shared with entities such as insurance companies, law enforcement agencies, and employers without their consent.
As Peter Pitts eloquently stated, genetic information provided by these types of services is never 100% safe and when this information is shared among different organizations, the risk of the data being misused and intercepted by malicious third parties is even greater. In light of these facts, it may be interesting to note that about 80% of 23andMe users have already consented to have their data shared with GSK for research purposes, according to the statistics provided by the DNA testing company.
While reading terms and conditions and privacy policies is not in the human nature, the importance of knowing how your genetic data is handled and shared cannot be overemphasized. We are glad to see that 23andMe is giving its users the right to choose whether their data will be shared with GSK and other third parties and we warmly advise all 23andMe users to take advantage of this right.