Invasion of privacy
Accuracy aside, perhaps the most pressing issue for genetic testing today is privacy—an understandable worry for those living in the social media age. Given these tests’ ability to reveal your DNA’s deepest, darkest secrets—regardless of its validity—spitting into a vial or having blood drawn seems almost akin to handing over the keys to your identity, with little guarantee that it will be truly kept safe.
It’s not just the paranoia talking: in 2018, Israeli DTC service MyHeritage revealed that hackers had accessed the usernames and passwords of its 92 million accounts. If such data is secretly sold to insurance providers or private companies, the elevated risk of a detrimental disease becomes more than just a cause of concern. It may be the reason why insurers can surreptitiously charge you higher premiums or why employers can deny you a role.
As proven by the infamous case of the Golden State Killer, who was caught after a relative uploaded DNA data to genealogy website GEDmatch, even family members can unknowingly compromise your genetic privacy. Worryingly, if several of your relatives are already in a particular database, DNA testing providers effectively have everything they need to know about you.
To their credit, some Asian DTC companies have established practices to safeguard their findings. For instance, registration details are stripped from samples and assigned a random identifier.
Personal data and genetic data are then stored separately and segmented across multiple systems, making it more difficult for information to be pieced together. Data access is also typically limited to essential personnel, with additional consent required to share data to academic or commercial third parties.
Despite these precautions, studies have shown that individuals can still be correctly reidentified even from anonymized DNA datasets. And there’s another cause for worry: while DTC companies claim to destroy DNA samples after the completion of laboratory tests or upon account closure, it’s hard to verify if this has actually taken place.
Even then, sample destruction does not mean that it is gone forever. If your data was aggregated and used in a particular research, its remnants cannot be removed from these studies.
Across Asia, regulations surrounding genetic testing and the protection of genetic data generally remain murky. A 2020 survey of 83 DTC testing providers in China revealed a lack of privacy policies and avenues for informed consent, with much ambiguity over how genetic information was used and shared.
One company even brazenly stated their intention to reuse and share a client’s information for non-commercial purposes even without express consent. While other testing providers like CircleDNA and GeneLife actually have legal precautions in place, navigating Asia’s fragmented regulatory landscape can still be tricky.
“While these companies may be bound by contract arrangements with the test subjects, such contractual obligations will be difficult to enforce if it means that an aggrieved test subject has to bring legal action against the company in a foreign jurisdiction,” added Dr. Calvin Ho, an associate professor of law at the University of Hong Kong.