top of page
  • Writer's pictureSociety of Bioethics and Medicine

Catching Criminals with 23andMe

Written by Pooja Suganthan

Edited by Kelvin Wu

At-home DNA test kits, like 23andMe and AncestryDNA, have become household names over the past 20 years. As of October 2020, approximately 1 in 5 Americans have taken a direct-to-consumer genetic test. Ranging from $79 to $199, genetic testing kits are advertised as ways to learn more about your family tree and ethnicity. These kits are usually popular gifts for the holidays because they’re user-friendly: users collect DNA by spitting into a tube or swabbing inside their cheeks, mail the sample to the lab, and receive their results through email, mail, or over the phone. However, these DNA testing services raise privacy concerns as for-profit companies are not included in HIPAA. Individual companies can create and update their own privacy policies.

It’s your DNA, what’s the big deal? Well, your genetic sample can reveal a lot of confidential information- such as your ethnicity, relatives, and risk of genetic disorder. They can also uncover unforeseen outcomes, like hidden family members and sperm donation births.

Unlike medical information managed by doctors, hospitals, and health insurance, HIPAA does not cover DNA testing sites. This allows DNA testing companies to sell users’ DNA to third parties. This information can be difficult to delete. Ancestry’s privacy statement claims to protect users’ personal information, but it can preserve DNA samples for future testing.

Even law enforcement has tapped into the voluntary genetic code databases, but this raises ethical questions of whether third parties, such as the police, should have access to people’s DNA.

In 2018, Joseph James DeAngelo Jr., commonly known as the Golden State Killer, was arrested using genetic technology from GEDMatch, a heritage tracing company. For over 40 years, authorities were searching for a suspect who committed about 50 rapes and 12 murders in the 1970s and 1980s. The police made a GEDMAtch profile for the suspect using semen from a rape kit. They also created fake profiles on FamilyTreeDNA and MyHeritage to find matching individuals. MyHeritage helped the police find a matching relative. Their policy stated that personal information “would only be released if required by law.” The company soon revised their policy to forbid further use of their consumers’ DNA in investigations.

Some DNA testing companies defend their consumers’ DNA from law enforcement, but others state that they will provide genetic information in violent cases, unless a user has opted out of disclosing their DNA.

Sharing DNA with a wider audience should be each individual’s decision. If consumers feel comfortable sharing their genetic information, then they should be allowed to opt into sharing their DNA with third parties, but one person’s decision should not disclose relatives’ information. Although the law enforcement’s collaboration with DNA tracing companies allowed them to arrest a criminal, these practices should only be allowed if individuals grant permission to share their information. Furthermore, customers should research ancestry services before participating because they can identify companies that protect consumers’ personal information.


Post: Blog2_Post
bottom of page