Is there any intrinsic value whatsoever in the DNA or SNPs themselves? Or is it just the link between your name and your DNA that is so concerning?
It seems like you could do lots of useful things without having a name attached to any particular sample. There must be some kind of differential privacy approach here that would work well.
Can one even truly delete their DNA from 23andMe? Wouldn't deleting someone's DNA require deleting not only the existing record, but also the record from all historical back-ups too? What is to say 23andMe just doesn't flip a bit in their database and claim one's DNA is (soft) deleted?
The only truly reliable way to do this is to have a per-customer encryption key used to encrypt ALL data for that customer. Then you can simply delete the key to delete the customer data.
i'm curious, what's the worst-case scenario if one were to put their whole DNA data exposed publicly? would a future civilization re-make your image? or are there societal benefits?
23andMe’s new business model (Anne Wojcicki and Regeneron both had the same plan for it) is to use the data for drug development. That’s theoretically where the $$$$ is. Turns out you can use statistical association between genes and other biomarkers to discover drugs that will succeed in clinical trials.
So, I suppose, if everyone could use the data, everyone could use it to develop drugs, not just 23andMe. That’s good if you want more drugs to be developed and released… bad if you don’t.
someone could synthesize your DNA and leave it a crime scene, to use an example popularized by the consent form of the Harvard Personal Genome Project.
I signed up for 23andme to specifically make my DNA available. I believe that more DNA = more cures
Note: I'm not saying you should not delete your DNA. Do what you want over course. I'm just saying for me, I signed up, fully expected my DNA to be used to conduct research. That fact that I could get interesting graphs and some health info was just a bonus for me
I do worry about my data with them, but when I think about the worst-case scenario - you will not get insured (or have high rates) because you have {some genetic condition}.. it seems just as likely that they will simply require my DNA to apply for insurance. (or get my DNA from a blood test within their system, etc.).
The obvious solution is with legislation for transparency and better health care system.
The analogy I have used in the past is this fear is like thinking that health insurance companies were more likely to buy the old Marlboro Miles database rather than just making detailing your smoking history a required part of the application process.
If these companies have the legal clearance to use DNA data, why would they be satisfied only having secondhand access to that data for a relatively small subset of the population? They'll obviously want that data for everyone.
One aspect to this tangle is knowledge asymmetry: One of the traditional justifications for insurers poking around is to guard against an applicant that conceals important factors as a kind of fraud.
But what about the reverse? There's something intuitively unjust about the customer not knowing why they're being charged a higher rate, especially if it means the company believes there's a potential danger (enough that it affects the bottom-line) but conceals it.
So yeah, I think "transparency" is a robust principle to follow here, especially if anyone is arguing market competition is going to curb the worst abuses.
Currently, due to the Affordable Care Act aka Obamacare, health insurance companies are prohibited from setting rates based on individual risk (except they can charge higher premiums to tobacco users). Before the law, ensures would typically put applicants through a health screening that would determine their rate. People with pre-existing medical conditions could be denied coverage or charged higher rates. Women routinely paid higher premiums than men.
Things like financial and medical data should be required to have an audit log that you can see, in real-time and subscribe to updates for, including extraction into "anonymised" formats, along with a description of that process, format and a justification for why it is robust against deanonymisation. If data is handled well, there is nothing to fear here. Fiddly, perhaps. Expensive, probably. But personal data processing should be risky and expensive.
Deliberately extracting personal data into un-audited environments without good reason (eg printing a label for shipping), should be punished with GDPR-style global turnover-based penalties and jail for those responsible.
I started doing a relevant project https://github.com/barisozmen/securegenomics . Because I believe 23andMe event will result in people to be more wary of sharing their genetic data, and we need ways to make people able to contribute in genetic research without exposing their data.
Now that they have been 'sold and bought' I dont believe any of the contractual agreements have to be kept. And since the old CEO just bought the company I can only imagine the worse in terms of data to sell.
29 comments
[ 2.8 ms ] story [ 55.7 ms ] threadIt seems like you could do lots of useful things without having a name attached to any particular sample. There must be some kind of differential privacy approach here that would work well.
So, I suppose, if everyone could use the data, everyone could use it to develop drugs, not just 23andMe. That’s good if you want more drugs to be developed and released… bad if you don’t.
Note: I'm not saying you should not delete your DNA. Do what you want over course. I'm just saying for me, I signed up, fully expected my DNA to be used to conduct research. That fact that I could get interesting graphs and some health info was just a bonus for me
Is the best way to hasten the next bankruptcy to not delete your data?
The obvious solution is with legislation for transparency and better health care system.
Good luck blue cross.
If these companies have the legal clearance to use DNA data, why would they be satisfied only having secondhand access to that data for a relatively small subset of the population? They'll obviously want that data for everyone.
But what about the reverse? There's something intuitively unjust about the customer not knowing why they're being charged a higher rate, especially if it means the company believes there's a potential danger (enough that it affects the bottom-line) but conceals it.
So yeah, I think "transparency" is a robust principle to follow here, especially if anyone is arguing market competition is going to curb the worst abuses.
Deliberately extracting personal data into un-audited environments without good reason (eg printing a label for shipping), should be punished with GDPR-style global turnover-based penalties and jail for those responsible.
How are scientists able to work on encrypted genomes?
That being said, scientists can implement their own protocols, and use whatever technique they want. For example: https://github.com/securegenomics/protocol-alzheimers-sensit....
It's that our platform makes federated computing + homomorphic encryption analysis easy, but protocols are customizable.