Privacy & Security 4 min. read

Used an at-home DNA kit? The privacy concerns you need to know

Used an at-home DNA kit? The privacy concerns you need to know

You buy an at-home DNA testing kit to learn more about your ancestry. You take the test and send in your saliva sample. A short while later, you learn new details about where you are from and who you are connected to. Maybe you find new relatives and begin to form friendships. Or you discover what medical conditions you may be susceptible to.

What you likely never thought about was how that DNA data is being used. As it turns out, it’s likely been turned over to the FBI, and also sold to major corporations—including pharmaceutical makers such as GlaxoSmithKline, which paid 23andme almost $300 million to access its database.

How does DNA data help FBI agents track down criminals?

By uploading DNA collected from a crime scene to genealogy databases, detectives have been able to locate third or fourth cousins of suspected serial killers and violent criminals. This info can then be used to catch the actual criminal, even if his or her DNA is not in the database. The process was used recently to solve the infamous and long-standing Golden Gate Killer case.

Many of us have used DNA testing kits to learn more about our ancestry and medical traits, myself included, and using my DNA information to potentially help law enforcement locate criminals is something that, on the surface, I have no problem with. What’s troubling, however, is the lack of transparency. There isn’t an obvious opt-in that explains how your DNA data will be used — and who will ultimately have access.

I’d wager most are not aware of how their DNA is being used. It’s not that the concept of using DNA to catch criminals is wrong, it’s that we as consumers are unaware that our private DNA information is being shared without our knowledge. What’s more, even if I provide consent for a company to share my DNA matches with the FBI, my DNA relatives might not. By me sharing my personal data, that, in turn, shares theirs.

For example, I have DNA matches with 41 distant cousins in California. If I allowed the FBI to access and use my information, then I am giving the FBI consent to link those 41 distant cousins of mine—who I have never met. Their information is then used by the FBI to construct a genealogical tree. My ‘relatives’ would have no idea that their DNA is now in an FBI database.

Here is a photo of my distant cousins throughout the globe, highlighting how quickly the web of DNA can spread:


Catching criminals at the expense of privacy—and the privacy of distance relatives around the globe—is, therefore, a moral dilemma.

There’s little doubt that by sharing DNA data to catch a dangerous criminal, like in the Golden Gate Killer case, that it’s a trade worth making. But how else could that DNA data be used? What happens if the database is breached? There is potentially more to this than just ‘catching a criminal’.

How your DNA can be used against you

When DNA kit makers sell your data to the highest bidder, whether anonymized or not, you’re participating in the behavior that has led to massive price hikes in the health care industry. The cost of medication is rising year over year, sometimes so dramatically that people can’t afford the medication they need.

So when these healthcare companies say they want your data for some philanthropic endeavor, and are willing to invest hundreds of millions of dollars to get it, it’s difficult to look past the fact that these companies are primarily looking to use your data to patent new medications and make billions of dollars in the process. Whether that’s something you’re OK with is up to you.

What’s more, the data you provide could be used by insurance companies to hike your prices or even flat out deny you coverage based on your susceptibility to a certain medical condition. While the US has laws that prevent discrimination based on genetics, it’s still possible to be denied life insurance, for example. And laws change all the time, meaning what is forbidden today could be permissible tomorrow.

Further, your genetic data not only indicates what diseases you may be susceptible to, but it provides insight into your close family members as well. Once again, the web of DNA collected can spread far and wide.

What’s clear is that DNA kit companies need to be more transparent with their customers. If you decide to buy a family DNA kit, then you should be told precisely what happens with that data. And it should be apparently clear how you opt-in and opt-out. There are pros and cons to data collection, so it’s not a clear-cut topic. But as with most privacy concerns today, the first step is better transparency.

Get the latest stories and tips from Hotspot Shield in your inbox