The Hidden Danger of Do-It-Yourself Genetic Tests

"Genetic tests, here! Get your genetic tests!"

No one would've expected to hear that refrain at an NFL game -- at least not until this fall.

Biotech firm Orig3n planned to distribute "free" genetic tests at a Baltimore Ravens game as part of a September promotion dubbed "DNA Day." The Ravens ultimately postponed the event, questioning whether Orig3n needed to secure federal approval before distributing the tests.

Their caution was justified. DNA kits sold by companies like Orig3n, AncestryDNA, and 23andme appear to be fun and harmless. But these companies put people's privacy at unprecedented risk.

These firms share people's sensitive genetic data far and wide -- and often sell it for profit. Corporations and governments can easily obtain and identify DNA samples to harm individuals and their relatives.

Congress must now establish rigorous protections that protect citizens from genetic discrimination and privacy violations.

An increasing number of Americans order genetic tests to discover their heritage or see if they're at risk for certain diseases. Today, direct-to-consumer genetic testing represents a roughly $100 million market. By 2022, it will grow to $340 million.

Many testing firms supplement those revenues by selling data to pharmaceutical companies and any willing buyers.

NHGRI_researcher_uses_a_pipette_to_remove_DNA_from_a_micro_test_tube An NHGRI researcher uses a pipette to remove DNA from a micro test tube, 29 July 2004. National Institutes of Health

In 2015, 23andme sold some customers' test results to Genentech for $10 million. Orig3n retains the right to sell customers' genetic information to third parties.

The privacy agreement for AncestryDNA -- the testing arm of genealogy site Ancestry.com -- grants the company "perpetual, royalty-free, worldwide, transferable license to use your DNA."  

Other companies donate customers' data. Invitae has provided more than 22,000 genetic samples to ClinVar, a public research database. Ambry Genetics, which a Japanese technology firm just acquired for $1 billion,  has publicized more than 11,000 patients' data.  

Of course, these companies claim that people "consented" to this data sharing by signing "user agreements". But when was the last time any of us read through a user agreement and understood it? "User agreements" that no reasonable person can understand should be litigated as fraudulent contracts.

Genetic testing companies strip out some identifying information like names, addresses, and social security numbers before sharing or selling the data. But there's no such thing as anonymous genetic data. Each person's DNA is unique to her -- just like a fingerprint.

Scientists can identify individual genetic donors by cross-referencing anonymous DNA samples against public records. One MIT scientist picked five samples at random from a genetic database and identified the donors -- and 50 of their family members -- in mere hours.  

Human resources departments can use this same technique to discriminate against potential hires who may have hereditary health conditions. Life insurers can use it to screen out people likelier to die prematurely, even though almost no genetic test can prove definitively you will get a specific disease

Corporations have already tried to use genetic data to discriminate against potential hires. The U.S. Equal Employment Opportunity Commission recently sued utility company Consolidated Edison for requiring job applicants to submit their and their family's genetic information.  

Governments may also try to use genetic data for nefarious purposes. Orig3n's head of strategy is a former Department of Defense official. The company conveniently omits this fact -- and all other information about its leaders, board members, and data-sharing partners -- from its website.

The FBI worries that the Chinese are buying up U.S. genomics firms -- and hacking genetic databases -- to build biological weapons capable of targeting specific ethnicities or individuals.

James Clapper, the former director of national intelligence, recently named genetically engineered bioweapons as one of the nation's top security threats.

Law enforcement agencies could also use genetic data to infringe on citizens' privacy. Police already collect DNA samples from people they arrest. That information stays in a database forever.   

Craig Venter, one of the nation's leading geneticists, is developing a computer program that can predict peoples' facial features based solely on their DNA. The surveillance applications of such a technology are frightening.

Congress must develop rigorous protections for genetic information. Europe offers a model. The European Union grants patients certain rights, such as the "right to erasure," which means people can choose to have their genetic information removed from databases.

But in the United States, we have no right to know the names of the 1.2 million health data brokers or government agencies that hold our genetic data.

Until Americans enjoy an equally comprehensive set of safeguards -- ones that detail who can access and share genetic data -- NFL fans might want to stick to hot dogs and beer. At the very least, people should think twice before buying genetic tests from companies that share and sell customers' data.

Deborah C. Peel is founder and president of Patient Privacy Rights, a non-profit human and civil rights organization.