Spitting for Science: The Truth about DNA Testing and Privacy

Originally Published August 4th, 2017 · Updated September 8th, 2018

 The PMI becomes All of US

The initiative was given a friendlier nickname, the All of Us Research Program, in 2018.  Presently, their website joinallofus.org, is open for business and accepting new participants. To reassure those concerned about privacy, the NIH created several videos like the one below to answer possible questions (transcript follows).

We are working with top privacy experts and using highly advanced security tools to keep your data safe.

We have several steps in place to protect your data. First, the data we collect from you will be stored on
computers with extra security protection. A special team will have clearance to process and track your data.

We will limit who is allowed to see information that could directly identify you like your name or social security number. In the unlikely event of a data breach, we will notify you.

You are our partner and your privacy will always be our top priority.

After watching this video, I have even more questions.

Why does the NIH need participants’ social security numbers?

What sort of extra security protection do these government computers have?

Why should we believe a government DNA database is inherently safer than one managed by a private entity?

In addition to real names and social security numbers, the NIH is seeking one million participants who will grant full access to all medical records past, present, and future.

Per the All of Us website:

We will request your [electronic health record] from all of your health care providers.

Your EHR tells about the health problems for which you have received care. It also tells about basic health information. This may come from regular visits, like annual check-ups … For example, if you see a doctor for diabetes, your EHR would have information about your treatment for diabetes.1


A million people sounds like a lot, but the aforementioned Combined DNA Index System (CODIS) already contains data from over 12.5 million convicted felons.2 The government has been collecting DNA from newborns since 2000. Averaging about 4 million births per year in the US, over nearly 18 years, that would total about 70 million infant DNA samples.3 Add those all together and we get about 82 million samples taken. That’s 1 in 4 people.

Most of these samples are obtained without consent.

“These newborn screening DNA databases make a complete mockery of informed consent. What people also don’t know…is that this is the one test that is not done by the hospital or a third party on behalf of the hospital.… It is done by the state department of public health.”

– Jeremy Gruber, president of the Council for Responsible Genetics

Several years ago, CNN published an illuminating article entitled The Government Has Your Baby’s DNA. It shares the story of a woman named Annie Brown, whose daughter Isabel tested positive for a gene that might cause cystic fibrosis. Though it could be a page right from the Gattaca screenplay, the story that follows is real-life.

Brown says she first lost trust when she learned that Isabel had received genetic testing in the first place without consent from her or her husband. “I don’t have a problem with the testing, but I wish they’d asked us first,” she says.

Since health insurance paid for Isabel’s genetic screening, her positive test for a cystic fibrosis gene is now on the record with her insurance company, and the Browns are concerned this could hurt her in the future.

“It’s really a black mark against her, and there’s nothing we can do to get it off there,” Brown says. “And let’s say in the future they can test for a gene for schizophrenia or manic-depression and your baby tests positive — that would be on there, too.”

Brown says if the hospital had first asked her permission to test Isabel, now 10 months old, she might have chosen to pay for it out of pocket so the results wouldn’t be known to the insurance company.4

If the government already has over 82 million samples, why do they need the Precision Medicine Initiative?

To answer that question, we must first follow the history of a little company called 23andMe. Founded by Anne Wojcicki, Linda Avey, and Paul Cusenza in 2006, 23andMe launched its Personal Genome Service® in 2007. Over the past decade, the company has collected more than 5 million samples, with over 80% of participants answering health-related questions.5

23andme has a business model and history that many may find unsavory. They offer consumers affordable home DNA saliva collection “spit” kits for $99 and provide ancestry info and/or a list of potential genetic markers for disease. At the same time, they are selling this collected data to other companies and using it for research purposes.

23andme CEO Anne Wojcicki is the ex-wife of Google co-Founder Sergey Brin. It’s not unreasonable to see the ties to Google, a company routinely criticized for harvesting user data, as a red flag.6 Also, 23andme has repeatedly defied the FDA and outright ignored the government agency’s requests for several months.

They sell the data?

Yes, they do sell the data, but not as individual specimens. Per their official privacy statement, “We will not sell, lease, or rent your individual-level information (i.e., information about a single individual’s genotypes, diseases or other traits/characteristics) to any third-party or to a third-party for research purposes without your explicit consent.”7 They also provide customers with a raw DNA file, which contains all the data stored on each of the 23 chromosomes (300,000 lines when viewed in excel). The same data can be obtained from a company that doesn’t sell aggregate data, like Sure Genomics, for $2,500.8

Who buys the data? Pharmaceutical companies. It’s no secret GlaxoSmithKline and Pfizer have both partnered with 23andme.9, but this collaboration isn’t necessarily a bad thing. After all, testing costs are offset by the willingness of participants to share their data, so an individual’s data that would be otherwise prohibitively expensive and difficult to obtain is now affordable and as easy as spitting in a tube.

But what about 23andme’s connection to Google?

Many articles have been written, warning about the so-called dangers of using 23andme. In reality, Sergei Brin’s expertise has probably helped 23andme obtain such a large database of DNA with accompanying health history profiles. Strong ties to Google isn’t necessarily a bad thing either.

And the FDA? What would motivate Wojcicki to evade the government agency? Maybe it has something to do with the following quote:

“One of the big drivers for me is that health care is a very elitist system. As much as we try to make it free and democratic for all, the reality is that it’s expensive and not all therapies are accessible to all people. So I have been very focused on making sure that we democratize genetic information so it’s available to everyone.” – Anne Wojcicki

What a monster.

It might help to take a few steps back and explain exactly why Wojcicki and the FDA have been at odds. The short story is that 23andme wanted to encourage people to participate in both the “spit kit” and the questionnaire portion of the data collection process. To entice participants, they promised their reports would tell users if they were at high risk for a number of nasty diseases. For just $199, the average person could learn if she carried specific gene mutations that might put her at risk of developing breast cancer, Parkinson’s disease, or a number of other conditions.

This report was generated by comparing participant genetic information to thousands of genetic studies and suggesting the customer consult a genetic counselor if the risks appeared to indicate a likelihood of developing a serious illness. The FDA stepped in and told Wojcicki and her colleagues that selling this information directly to consumers (even with a slew of disclaimers and warnings) was akin to practicing medicine without a license.

Page 2 of 3

  1. https://www.joinallofus.org/en/sharing-your-electronic-health-record
  2. https://www.fbi.gov/services/laboratory/biometric-analysis/codis/ndis-statistics
  3. http://www.newsweek.com/2014/08/01/whos-keeping-your-data-safe-dna-banks-261136.html
  4. http://www.cnn.com/2010/HEALTH/02/04/baby.dna.government/index.html
  5. https://mediacenter.23andme.com/company/about-us/
  6. http://www.salon.com/2014/02/05/4_ways_google_is_destroying_privacy_and_collecting_your_data_partner/
  7. https://www.23andme.com/about/privacy/#Full
  8. http://www.suregenomics.com/
  9. https://www.huffingtonpost.com/entry/dna-testing-pharmaceutical-giant_us_5b59ecf8e4b0fd5c73cce6b7

Be the first to comment

Leave a Reply

Your email address will not be published.