Worried that a DNA testing company can share your genetic data to anyone?
On Tuesday, 23andMe, Ancestry, and other DNA testing companies signed on to new guidelines that try to address the privacy concerns around handling your genetic data.
The guidelines call for the testing companies to prohibit sharing your identifiable DNA data with third-parties. This includes your employer, insurance companies, education institutions and government agencies. Any transfer of “individual-level” information must require consent from the DNA’s owner.
“We worked to help codify the principles published yesterday and have committed to following them,” a 23andMe spokesman told PCMag.
The Best DNA Testing Kits
The company issued its support after reaching a controversial deal to let pharmaceutical giant GlaxoSmithKline use the company’s genetic data for drug research. Only 23andMe customers who’ve opted
Perhaps to no surprise, the privacy guidelines announced on Tuesday still permit genetic testing companies to share your DNA for research purposes, but only when they’ve been upfront about it. That includes spelling out the risks, benefits, and purpose of the proposed research. Your DNA must also be “de-identified” and grouped together with the genetic data of others, which is how GlaxoSmithKline intends on accessing 23andMe’s customer data.
The guidelines also say that genetic testing companies can disclose your DNA without your consent when law enforcement comes knocking with a warrant.
How closely the DNA testing companies will follow the voluntary guidelines isn’t totally clear. But the document was drafted with the help of a nonprofit called the Future Privacy Forum, which said that other DNA testing companies such as MyHeritage, Helix, and Habit all plan to use the document to guide their practices going forward.
“In fact, many have made the changes needed or are in the process of updating their policies to reflect the principles within the Best Practices,” said the nonprofit’s CEO Jules Polonetsky in an email. He points to how companies are publishing transparency reports, which can indicate how many times law enforcement made a request for genetic data.
According to the guidelines, the companies should also offer a way for customers to not only delete their