Can ancestry tests become a threat to our privacy?
As our technology advances and we move further into the digitalization of our everyday lives, so does the medical system. In recent years, the medical system has also joined the online domain. From receiving your blood test results via e-mail to online medical websites such as the Dutch mijngezondheid.net, the aim is to make it easier for patients and personnel to access data about patients.
Another example of a new type of medical websites is the rise of so-called ancestry sites that tell you where you come from. By just signing up, the client then can send his or her blood or usually saliva sample to be checked for his/her ancestry. After the results come, no one knows how or whether the DNA results are stored. In this article I will analyze the risk that such companies might pose to people’s privacy and wellbeing.
Ancestry tests: How do they work?
With the recent hype over finding out one’s ancestry a lot of companies have emerged, especially in the U.S. One such company is ancestry.com. Advertised under the ”Discover the family story your DNA can tell” slogan, the company offers the opportunity to order a kit where you have to give a sample of your saliva to be sent for analysis. After that, you receive the results and that’s it, as simple as that.
Ancestry.com is just one out of many sites that promise to do this. There are plenty other options such as 23andme.com or myheritage.com. But how safe are these tests? Of course, there has already been some discussion about how accurate these tests are, but the problem I would like to stress in this paper is one concerning privacy. After the person receives the results, in the form of percentages, we do not know how the data is stored or what might happen to it afterwards.
It is all about individuality
Whilst stumbling upon the ads of such companies one cannot escape the heavy emphasis that they place on individuality and identity. The activity of finding out about one's ancestry is promoted as something you should definitely do in order to find out more about yourself. This is something that will reveal how unique one is. For instance, 23andme's advertisements they place an emphasis on the idea that our DNA can tell us a lot about ourselves. The slogan "Explore your 23 pairs today" invites people to do this test in order to discover themselves. Even the direct address of "you" puts the accent on the individual.
The slogan of Ancestry.com, which I mentioned above, is not any different from 23andme's. "Discover the family story YOUR DNA can tell" has the same individual approach that stresses the importance of analyzing your DNA. DNA can tell you things that you never knew about yourself and your family. Another slogan from the same company, "Meet your genes, commit to a healthier you" has a similar ring of an invitation, including the idea that one has to do a DNA test in order to take care of their health. Thus individuality and a Foucaldian "care of the self" are at the core of this industry's agenda.
Is there any privacy in the digital era?
Before moving on to the risks such companies can pose to our privacy, I will first discuss privacy in the digital era. Does such a thing even exist? With companies such as Facebook and Google, and the post-Snowden revelations, everyone knows that we are tracked in one way or another when we are online.
Privacy first of all can be regarded as a "right or civil liberty associated with being a free person" (Lyon, 2015). According to boyd (2010), we have moved into an era of “public by default, private through effort.” This means that in the digital age it is very hard to keep information private and very easy to have something made public. This, however, does not mean that privacy is dead; as boyd (2010) explains, "privacy is not dead, but privacy is about having control over the information flows." As long as we are in control of our data and the things that happen to it, we can take care of our privacy.
After we give our DNA and receive the tests, what happens to our DNA sample and our results?
In the case of the DNA analysis, people cannot have 100% control over their data. It can be sold, hacked, or made public by accident. This raises questions regarding the safety of such tests. People still care about their privacy, and the idea of having your DNA stored and then sold may not sound so appealing. In recent years, several criminals were caught because matching DNA from their relatives was found in a genetic database, making it extremely easy to find them. One of the persons that used ancestry DNA stated: "It makes me a little nervous, not in the sense that this technology is being used to stop violent criminals, but whether law enforcement will know when to stop.” (Rodriguez, 2018)
We have heard this rhetoric for a long time already. With the implementation of CCTV everywhere we have moved into an era of surveillance capitalism where it seems that the only way to stop crimes is to lose our privacy.
"These externalized ‘historical bodies’ [referring to our digital traces] take on many textual and material forms including stored CCTV footage, government records, and databases held by tele-com companies of all of our phone calls and the physical locations that have been logged by our phones’ GPS systems." (Jones, 2017).
Add our DNA to this recipe, and we are the perfectly traceable subject. Popularizing such DNA tests means that a lot of people will voluntarily give their DNA, so governments do not even have to ask for it anymore. If your DNA will be used to track down a relative that committed a crime, you are also not going to be asked if you are ok with it or not.
Privacy issues regarding DNA tests
After we give our DNA and receive the tests, what happens to our DNA sample and our results? How will they be stored, and will they be used in the future for other purposes? These are the questions that we need to ask. We can't tell whom the data belongs to, as companies might make deals to share their data.
We already are aware of the fact that self-tracking apps that monitor people’s health habits might influence the price health insurance for consumers. If the insurance companies see that we smoke, the prices might go higher. But what if the same can be said about DNA tests? They can simply be used to raise the prices of health insurance. For example, most of these DNA tests also promise to give insight into the possible diseases one might get in the future. If health insurance companies buy this data, it will be easy for them to target personalized health insurance offers where, for instance, a person that is prone to heart disease might have increased heart care prices.
In an article posted on the Irish Times, Karlin Lilington, a journalist known for her focus on technology, made a statement: "Do not buy online DNA ancestry tests. You are the real product." (Lilington, 2018). As Lilington puts it:
The data we produce is thus very valuable for big companies.
Think about the services we get from big companies such as Google and Facebook. It all comes with a price, and this price is our privacy. Numerous scandals involving Facebook have raised questions as to whether our privacy is violated or not by the platform. It is well known that access to our data collected from Facebook and Google is sold, which means that users provide a sort of labor to Facebook, for which they do not get paid, but are just offered services in return.
In the case of DNA tests, the client pays for this service in exchange for the results. However, as Lilington also pointed out, these companies can adopt the same business tactics as giants like Google. People therefore do not only pay to have a DNA test, but this might also come with an additional price: a violation of their rights.
DNA as data
In the ancestry.com terms and conditions, it is stated that ancestry.com "does not claim any ownership rights in the DNA submitted for testing" but by submitting a sample you effectively "grant AncestryDNA ... a royalty-free, worldwide, sublicensable, transferable license to host, transfer, process, analyze, distribute, and communicate your Genetic Information for the purposes of providing you products and services." As they claim that the DNA is used only to provide services to the client, we still do not know how this company decides what to do with this data. For example, it is unclear whether it can be deleted upon request. Even if it is only stored by the company, that still means it can be hacked and then used in the disadvantage of the people whose data is exposed. "Now that even our DNA is being digitized and stored in the infinite online filing cabinet of the World Wide Web, we must confront a reality in which our own genetic makeup can be hacked, stolen or used against us." (Ryan, 2019) Any stored data, including medical data, is at risk of being misused.
The problem seems to be that our DNA becomes data. When it becomes data, it can be sold, manipulated, hacked and used against us. There is an ongoing discussion about datafication and dataism, two ideologies that praise the objectivity of data (van Dijck, 2014). Datafication simply put is a technological trend that turns many aspects of our lives into data. Dataism, on the other hand, is a mindset that praises big data and how information flows represent a revolution in our society.
A problem with these ideologies is that they ignore the fact that data collected about a person depersonalizes that person: because the data is "objective" (as they claim), it is forgotten that this data actually belongs to a real human, and not a machine. As talking about 'data' makes it seem impersonal, the idea that data is objective is used as an excuse to sell data. According to van Dijck, "the ideology of dataism shows characteristics of a widespread belief in the objective quantification and potential tracking of all kinds of human behavior and sociality through online media technologies." (van Dijck, 2014).
In the case of DNA tests, the data is regarded in the same manner. However, as I have mentioned earlier, there is also a strong accent on individuality, which is in this context also understandable in the sense that these results are very different from other people's results. However, this also means that because they are so unique, it is very easy to find out who they belong to. In terms of privacy, this is even worse than having your likes and comments stored by Facebook.
Ancestry tests as a privacy risk
It seems that ancestry sites that analyse people’s DNA could become a major risk to people’s privacy in the future. They are marketed as a way of discovering yourself and your past, but behind these nice slogans there is the risk of our DNA falling into the wrong hands. People's medical data needs to be heavily protected because if it is hacked, sold or misused it can seriously endanger one’s wellbeing.
As a privacy risk, this is more severe than having our likes stored by Facebook. If information about our DNA is sold to health insurance companies, our basic rights, including rights to healthcare, might be at stake. As this article’s aim was to raise awareness and contribute to the already existing discussion on this topic, there are no straightforward conclusions regarding the safety of these services. Further research needs to be done in order to guarantee their functioning and trustworthiness.
References
boyd, d. (2010). Privacy, publicity, and visibility. Microsoft Tech Fest. Redmond, March 4.
Jones, R.H. (2017). Surveillant landscapes. Linguistic Landscapes 3 (2), 149-186.
Lillington, K. (2018). Don't buy online DNA ancestry tests. You are the real product.
Lyon, D. (2015). Surveillance after Snowden. Cambridge: Polity.
Rodriguez, M. (2018). You Discovered Your Genetic History. Is It Worth the Privacy Risk?
Ryan, J. (2019). What AncestryDNA taught me about DNA, privacy and the complex world of genetic testing.
van Dijck, J. (2014). Datafication, dataism and dataveillance: Big Data between scientific paradigm and ideology. Surveillance & Society 12(2), 197-208.