Ancestry, 23andMe and other leading companies in genetic testing agree on new privacy policies

Ancestry, 23andMe, Habit, Helix and MyHeritage have subscribed to the new voluntary guidelines aimed at better protecting the privacy of the people who send their DNA to these companies for analysis; Here is an Ancestry DNA analysis kit

Leading genetic testing companies have announced that they agreed on a set of mutual guidelines to better protect the privacy of users who submit their DNA for testing.

Ancestry, 23andMe, Habit, Helix and MyHeritage have joined the policy drafted with the help of The Future of Privacy Forum, a non-profit organization in support of "promoting responsible data practices in support of emerging technologies," according to Gizmodo

The guidelines, titled Recommended Privacy Practices for Consumer Genetic Testing Services and published on Tuesday, deal with scenarios in which anonymous genetic information and personal identification of users could be shared with authorities (without a court order) and other third parties. .

The new voluntary policies call for separate consent from users before sharing "individual level information" with other companies and greater transparency about the number of requests for data received and complied with by the police.

This particular issue caught the attention of the nation with the arrest in April of Joseph DeAngelo, 72, who is suspected of being the so-called "Golden State Assassin".

DeAngelo was arrested after decades-old DNA from a crime scene matched DNA that had been sent by a relative to a site used by geneologists called GEDmatch.

Ancestry, 23andMe, Habit, Helix and MyHeritage have subscribed to the new voluntary guidelines aimed at better protecting the privacy of the people who send their DNA to these companies for analysis; Here is an Ancestry DNA analysis kit

Ancestry, 23andMe, Habit, Helix and MyHeritage have subscribed to the new voluntary guidelines aimed at better protecting the privacy of the people who send their DNA to these companies for analysis; Here is an Ancestry DNA analysis kit

The new guidelines were in the process of being drafted months before DeAngelo was arrested, Future of Privacy Forum CEO Jules Polonetsky told the Washington Post.

"I do not think the average consumer has addressed the range of problems they should think about when they make the decision to share [DNA] data, "she said.

Among other things, the policy focuses on publicizing the frequency with which the police request data from DNA analysis companies and the frequency with which companies comply.

"Companies must provide a public report that describes applications for the application of the genetic data law," says the policy.

"Such reports should be made at least once a year."

Ancestry and 23andMe shared some of this information with Gizmodo, revealing that the police sent Ancestry & # 39; 34 valid applications for compliance with the law & # 39; in 2017, and that Ancestry provided information in 31 of those cases.

23andMe reported that he has received five requests from the police so far this year and that he has not shared information with the police in accordance with any of those requests.

Privacy concerns related to DNA testing caught the attention of the nation with the April arrest of suspect "Golden State Assassin" Joseph DeAngelo, who is seen here at his court appearance in Sacramento. on April 27; His arrest was possible thanks to a public DNA database

Privacy concerns related to DNA testing caught the attention of the nation with the April arrest of suspect "Golden State Assassin" Joseph DeAngelo, who is seen here at his court appearance in Sacramento. on April 27; His arrest was possible thanks to a public DNA database

Privacy concerns related to DNA testing caught the attention of the nation with the April arrest of suspect "Golden State Assassin" Joseph DeAngelo, who is seen here at his court appearance in Sacramento. on April 27; His arrest was possible thanks to a public DNA database

The guidelines, titled Recommended Privacy Practices for Consumer Genetic Testing Services and published on Tuesday, deal with scenarios in which anonymous genetic information and personal identification of users could be shared with law enforcement and other third parties.

The guidelines, titled Recommended Privacy Practices for Consumer Genetic Testing Services and published on Tuesday, deal with scenarios in which anonymous genetic information and personal identification of users could be shared with law enforcement and other third parties.

The guidelines, titled Recommended Privacy Practices for Consumer Genetic Testing Services and published on Tuesday, deal with scenarios in which anonymous genetic information and personal identification of users could be shared with law enforcement and other third parties.

New voluntary policies call for separate consent from users before sharing "individual level information" with other companies and more transparency about the number of requests for data received and complied with by the police

New voluntary policies call for separate consent from users before sharing "individual level information" with other companies and more transparency about the number of requests for data received and complied with by the police

New voluntary policies call for separate consent from users before sharing "individual level information" with other companies and more transparency about the number of requests for data received and complied with by the police

The policy also requires that consent be given separately before a person's individual information (ie, genetic data and / or personal information about an individual) can be delivered to third parties that are not suppliers or service providers that are needed to perform the DNA test

However, this additional consent may not be necessary in cases where the police have obtained an order requiring the submission of such data.

The policy says: "Genetic data may be disclosed to law enforcement entities without the consent of the Consumer when required by a valid legal process."

However, the guidelines require a notice, when possible, in such a case.

"When possible, companies will try to notify consumers about the appearance of personal information releases to requests from authorities."

However, the main services that have subscribed to the new more protective policies are different from GEDmatch, which was used to locate DeAngelo.

GEDmatch is a free database, from multiple sources, of approximately one million sets of raw and different DNAs shared by volunteers. The site does not accept DNA, performs its own analysis and then sends users a detailed report, which includes coincidences with their relatives.

Investigators loaded the DNA of a suspected crime scene & # 39; Golden State Killer & # 39; to the site, and then they were able to search the database for other sets of DNA that matched, to varying degrees.

A relative of DNA apparently raised from DeAngelo to that site and could identify with that data, researchers matched the DNA of the crime scene with that relative and investigated the known relatives of that person, eventually reaching DeAngelo.

From there, authorities collected DNA samples from the car's handle on DeAngelo's driver's side, as well as an article that was discarded outside of DeAngelo's home, which they said matched the DNA of the crime scene.

While Ancestry, 23andMe, Habit, Helix and MyHeritage have said they agree with these standards of practice for the time being, it is important to note that the guidelines are not legally binding; Here is a 23andMe DNA test kit

While Ancestry, 23andMe, Habit, Helix and MyHeritage have said they agree with these standards of practice for the time being, it is important to note that the guidelines are not legally binding; Here is a 23andMe DNA test kit

While Ancestry, 23andMe, Habit, Helix and MyHeritage have said they agree with these standards of practice for the time being, it is important to note that the guidelines are not legally binding; Here is a 23andMe DNA test kit

Curtis Rogers, who operates the GEDmatch site, shared the following message to his users when the news was released in April, according to NPR:

"We understand that the GEDmatch database was used to help identify the Golden State Killer, although no law enforcement or any other person approached us about this case or about DNA, it has always been GEDmatch's policy to inform users that the database could be used for other uses, as stated in the Site Policy, "he wrote.

"While the database was created for genealogical research, it is important that GEDmatch participants understand the possible uses of their DNA, including the identification of relatives who have committed crimes or who were victims of crimes. not genealogical of your DNA, you should not load your DNA into the database and / or delete DNA that has already been loaded. & # 39;

Rogers said at the time that GEDmatch does not deliver data & # 39; absolutely.

"This was done without our knowledge, and it has been overwhelming," Rogers said in April.

While Ancestry, 23andMe, Habit, Helix and MyHeritage have said that they agree with these standards of practice at this time, it is important to keep in mind that the guidelines are not legally binding.

"In general, I think there should be greater transparency requirements and legally binding rules for all around the transfer and use of super confidential data like this," said Justin Brookman, director of consumer privacy and technology policy at Consumers. Union.

For those interested in how their DNA and identifiable personal data can be used, the guidelines also require procedures to eliminate the data already sent.

"Unless otherwise required by law, companies must provide consumers with clear and prominent methods to eliminate their genetic data and account and destroy their biological sample, and describe any relevant limitations," the policy reads.

While this may not be possible in all scenarios, for example, when a user has already given their informed consent to share data for research purposes, many of the leading gene testing companies already have such procedures for other scenarios.

Users who have already sent their DNA to 23andMe and decided to share their data to make research purchases may have already shared their data with GlaxoSmithKline (GSK), a British pharmaceutical company based in Brentford, London.

23andMe entered into a partnership with GSK that was announced on July 25, and aims to develop new prescription drugs and identify and recruit patients for clinical trials.

Currently there are more than five million users in the 23andMe database, says the company.

"Our top priority is our client and train each individual with the options to participate in the research," said executive director Anne Wojcicki in a separate statement, also published on July 25.

"As always, customers choose to participate or not in the investigation." Customers can choose to register or unsubscribe at any time & # 39;

(function() {
var _fbq = window._fbq || (window._fbq = []);
if (!_fbq.loaded) {
var fbds = document.createElement(‘script’);
fbds.async = true;
fbds.src = “http://connect.facebook.net/en_US/fbds.js”;
var s = document.getElementsByTagName(‘script’)[0];
s.parentNode.insertBefore(fbds, s);
_fbq.loaded = true;
}
_fbq.push([‘addPixelId’, ‘1401367413466420’]);
})();
window._fbq = window._fbq || [];
window._fbq.push([“track”, “PixelInitialized”, {}]);
.