Buzz
Your DNA reveals a great deal about you, and it’s highly probable that either you or someone in your family is included in one of the DNA databases currently used for criminal investigations. However, simply sending in a saliva sample doesn't automatically enroll you in a database accessible to law enforcement. The level of privacy risk depends on the company you choose to work with.
23andMe and Ancestry are among the least concerning in terms of privacy risks.
To date, police generally aren’t showing up at DNA companies asking for genetic information linked to specific individuals. The main privacy concerns arise with databases that allow users to upload their DNA and search for genetic matches. However, this does not apply to the most popular companies like 23andMe and Ancestry DNA.
Here's what happens with your data at both companies:
The company keeps it stored
You can access reports detailing the results
You can download the raw data
You can see relatives who share your DNA, if they have also submitted a sample to the same company
If you choose to participate in either company’s research program, your anonymized genetic data (not linked to your identity) can be shared with businesses and laboratories.
In theory, law enforcement could request data from either company via subpoena, but both provide transparency reports (from 23andme, Ancestry) that state they haven’t yet shared anyone’s DNA as of the end of 2018.
Both companies also give you the option to request deletion of your data and/or destruction of your sample. If you trust the company to follow their policies and avoid security breaches, these can be relatively secure platforms for submitting your data.
(The companies’ testing process is also a security measure: they require DNA to be sent in the form of two milliliters of saliva. If you’ve taken one of these tests, you’ll know that’s a lot of spit. This procedure ensures that no one sends a fraudulent swab of discarded DNA.)
Genealogy databases that accept DNA uploads are those with significant privacy concerns.
Since the Golden State Killer suspect was identified last year, law enforcement has increasingly turned to public DNA databases to help solve cold cases. Among the many databases featured in the news, most rely on GEDmatch, or occasionally FamilyTreeDNA.
Both of these are genealogy databases where users can upload their personal DNA data. For example, you could have your DNA tested at Ancestry, obtain the raw data, and then upload it to GEDmatch. This is typically done by individuals looking to trace their family roots and discover unknown relatives.
Here's what happens with your data in these databases:
You can send in a saliva sample (FamilyTreeDNA) or upload raw data (both companies)
The company stores your data
You can access reports related to your data
You can download your raw data (not needed with GEDmatch as you already possess it)
You can identify individuals whose DNA matches yours
Other users can upload their DNA and check if it matches yours
The most concerning aspect is the final part, especially regarding privacy. When law enforcement was searching for the Golden State Killer, the administrators at GEDmatch had no idea what was going on. Anyone could upload their DNA, with no special permission required.
GEDmatch's privacy policy now explicitly states that law enforcement may use the site for criminal investigations. If you aren't comfortable with that, you have the option to remove your data or simply avoid uploading it. FamilyTreeDNA goes a step further, working directly with the FBI to test forensic samples and compare them to the data they hold. (If you're a FamilyTreeDNA user, you can choose to opt out.)
It's up to you to decide.
If you're excited about the possibility of helping solve crimes or identifying cold cases, then go ahead! But if the idea of being part of a surveillance system makes you uncomfortable, you might want to stay away from databases that allow user-uploaded DNA.
We are increasingly learning about individuals through their DNA. Some companies currently anonymize the data by disconnecting it from personal identifiers like names and birthdates. However, reconstructing these details isn't always that difficult. Your DNA can reveal information about your ethnicity and even physical traits like facial structure. In the future, we might even be able to predict someone's personality based on their DNA.
While companies that prioritize privacy have done well so far in keeping data secure, as DNA analysis becomes more insightful, could it also become a more lucrative target? Could we see major data breaches in DNA databases, similar to the ones we've grown used to with passwords and credit card information?
In the end, deciding whether to explore your DNA is a deeply personal choice. Until home DNA sequencers are widely available (which isn't happening anytime soon), you can't access your DNA data without entrusting it to someone else. Each of us must determine how much of our privacy we're willing to sacrifice.
