I asked 23andMe if there was any way to delete my genetic data from their site after the Equifax hack news. From their response:
"23andMe and our third party genotyping laboratory will retain Genetic Information, date of birth, and sex as required for compliance with applicable legal obligations, including the U.S. Federal Clinical Laboratory Improvement Amendments of 1988 (CLIA), California Business and Professional Code Section 1265, and College of American Pathologists (CAP) accreditation requirements.
23andMe will also retain limited information related to your account and data deletion request, including but not limited to, your email address, account deletion request identifier, and record of legal agreements for a limited period of time as required by contractual obligations, and/or as necessary for the establishment, exercise or defense of legal claims and for audit and compliance purposes.
We recommend that you review our full Privacy Statement for more information about deleting your data before submitting your request."
So basically, once your in their system, you can't get out.
I believe there are services that will do whole genome seq for you for under $10k(and I assume won’t keep your data). You could then use Promethease for analysis.
I’m unaware of any way you could do self-DNA testing at home unless you wanted to spend $100k+ on equipment, reagents, etc. The Nanopore might be relevant but I haven’t looked into it much.
This may be true, but I don't see how it applies to this story. You need to explicitly opt in for your data to be used for research. So if you have asked for your data to be deleted it would obviously not be used for this kind of work.
Other than your DOB and sex, can you just provide a fake name/email and go from there? Only people I want to share my genetic info with is my family, and they know how to contact me.
I just fudged most of my data when I signed up. Things like gender and race I put in correctly since I assume it could affect the results, but birthday slightly off, and any contact information completely off (throwaway email address, fake name, etc).
No way in hell I trust any company in the US with my genetic data if it can be tied to me. Only reason I did the kit in the first place was at my girlfriend’s insistence.
I don't want to spread FUD but why would ANYONE in their right mind give their DNA to a company in Silicon Valley that is explicitely using Google as a model for Data privacy ? (The founder of 23AndMe is the ex-wife of Google founder).
Even worse, people are actually PAYING quite a lot to get the privilege of having that company playing with your most private data.
This field needs to be heavily regulated. In 20 years we will be able to extract all type of crazy information from DNA and it might be our biggest liability if it is shared across private companies.
This will truly be the dystopian future, in which every business will make a decision based on your public DNA profile.
As everything in Silicon Valley, they are hiding behind the fact that it can be used to make "The world a better place" and cure sone diseases. It should be clear what the end goal is though.
> why would ANYONE in their right mind give their DNA to a company in Silicon Valley that is explicitely using Google as a model for Data privacy ? (The founder of 23AndMe is the ex-wife of Google founder).
I don't think a former personal relationship indicates the respective companies operate the same way.
> Even worse, people are actually PAYING quite a lot to get the privilege of having that company playing with your most private data.
Paying for something is a good thing. Historically in the Valley, companies for whose services you do not pay money tend to abuse your data as they use it as a source to earn money. I think in general, companies take more care of your data if the contract is explicit: I pay you money for this service, and expect corresponding controls over my privacy. Now, I'm not saying it's the case at all companies, just that I think the trend you mention is reversed.
> This field needs to be heavily regulated.
I agree. We absolutely should have better laws, and people should be able to delete their data without question (and not have remnants stored). In the EU, that wouldn't fly.
> In 20 years we will be able to extract all type of crazy information from DNA and it might be our biggest liability if it is shared across private companies. This will truly be the dystopian future, in which every business will make a decision based on your public DNA profile.
I really doubt this. I've been genotyped by 23andMe and the most interesting information I've seen from their health reports are a handful of disease probabilities and some fairly useless-to-me traits (like, for instance, a probabilistic view of my hair color). Even if you jump into the fray with something like Promethease or look at data on SNPedia, each SNP only has a handful of studies and there's little to no research on hundreds of thousands of SNPs. Only a few sets have been analyzed for specific purposes like Alzheimer's and rare diseases, and those are indeed rare.
Science doesn't advance like the technology industry. It takes slow, methodical research to point to anything super conclusive. If we wanted a dystopia where job aptitude was determined by DNA, for example, we would need hundreds of studies and conclusive evidence that some genetic data indicates a very good match and not just a hunch. That research has to come from somewhere, continually be reproduced, and undergo the scientific process. That's all stuff that has to be paid for, which is something not a lot of people are willing to do.
> why would ANYONE in their right mind give their DNA to a company in Silicon Valley that is explicitely using Google as a model for Data privacy ?
It's more of a curiosity thing. I get a more complete view of myself, and we potentially help advance research in medicine and diseases. It's symbiotic.
> I don't want to spread FUD but why would ANYONE in their right mind give their DNA to a company in Silicon Valley that is explicitely using Google as a model for Data privacy ?
My father has Parkinson's and provided his DNA to 23AndMe using one of their free kits [1]. Companies like this represent a chance of finding a cure. There are certainly concerns with companies accumulating large amounts of genetic data, but huge data sets are required for deep learning and other AI methodologies. Sharing one's genetic data, and allowing other companies to form partnerships to gain access to that data, will likely represent a key step in identifying the cause (and hopefully potential cures) for such diseases.
>why would ANYONE in their right mind give their DNA...
I've been thinking about this a lot since you posted yesterday and I think you're doing yourself, your relatives, and your whole ethnicity a favor IF your data is used to build better drugs.
There's a huge issue with drug testing skewing against certain ethnicities, which is why some drugs are not effective for certain people. This seems like a good solution.
Make no mistake about what is happening here. GSK is buying access to all of the genetic data that 23andMe has. This is why I am wary to use any 23andMe type of service.
"The partners plan to use 23andMe’s data to jointly discover drug targets."
They will claim all kinds of protections of course, but it is only a matter of time until genetic data starts being resold.
Using genetic data to find new drugs strikes me as a very good use of this data. Medical data is essential to the process of finding new drugs and treating patients and is highly regulated.
I think you're right to be concerned about sharing of genetic data, but conflating facebook / google data sharing practices with medical data sharing is not appropriate
If the concern is that 23and me may bring the google / FB approach to personal data to healthcare then i share your concern
Edit: As people bring up the insurance risk, yes I did consider that and mention it in my post. I am personally not concerned about it and think the advantages outweigh the risk. Besides, I think insurances companies are going to have all the data soon anyway. If every time I get a blood test, they have a chance to capture my DNA, how can I stop them?
Agreed, at best it is a picture of the market for drug X at the genetic level. My biggest fear is that my close family members use this service exposing key data about me and I can't really prevent it, only encourage them not to.
You must opt in to share your data for research. Each 23andme user has a choice.
email I received from 23andme today.
"Our top priority is you, the customer, and empowering you with the options to participate in research. As always, you choose whether or not to participate in research. You can choose to opt-in or opt-out at any time."
If you're not a customer, might not want to throw around assumptions.
Exactly. It's win-win-win. Anonymous genetic data is amazingly useful for various kids of biotech applications. The more people who have it and can work on it, the better. 23andMe is a great platform for collection and providing useful insights to consumers, but the big potential is having millions of people's genetic data for drugs and science. Why would this make you wary? Use a fake name if your concern is PII.
I am always fascinated by these concerns. The data available on you today (financial history, social data, search histories) is more complete, concrete and actionable than one's genomics data. I say this as someone who works in this area.
I see a lot of people making claims about 23andme that haven't used the product, and I just wanted to inform people that in the contract you sign with them, they only share your data if you opt-in to it. They make this all very clear. You can also have them discard your sample and delete your info if you haven't opt-ed in to the research program.
Now trusting that 23andme is actually abiding by these rules is a different conversation.
23andme has made a pretty impressive recovery after the FDA issues a few years ago, although i think the jury is still out on how useful their data will be for drug discovery. I think they mostly have genotype data rather than WES, and i think their clinical data is all patient reported? The value of their engaged audience seems clearer, especially if it can help enroll clinical trials faster
It may be that GSK isn't really interested in the existing 23&me product line, but wants their name recognition and infrastructure. 23 is as close as anyone to delivering a full GWAIS product to the public, which this partnership only enhances. Combined with large capacity cheap deep sequencing by someone like BGI, this partnership would be ideal for GSK to add in-house infrastructure to do a LOT of GWAIS for all kinds of drug target ID efforts or clinical patient stratification.
Maybe GSK has decided to target patients very precisely as standard practice in all future drug trials. This makes a lot of sense if you want a new drug to maximize efficacy or minimize toxicity by cherry picking your high responders and low intoxicants, thereby easily avoiding all folks who don't benefit from it, even if no-go patients are in the majority. But it also assumes such cherry labels will be available to physicians and insurers soon, presumably as de rigeur medical practice for the general public. Streamlining a product like 23's might make this initiative fly economically.
Done early in a drug trial, like phase II, you might be able to use deep genome data to tune up or rescue a new drug that looks promising but not quite promising enough to continue to phase III. Deep genomic analysis is a very promising way to stratify patients who will benefit from those who won't.
This looks to me like GSK has just bought into GWAIS in a big way for thousands or more patients, esp in clinical trials. This partnership can only help both companies, since I don't see a major pharma ever trying to take over 23's existing boutique geek navel-gazer business.
I find it seriously scary how 23andMe markets itself.
Externally, they're a family company helping you understand your family history and equipping you to anticipate health problems so you can prepare for them.
Internally, in presentations to venture capitalists and in job interviews with engineers like me, the picture is quite different. They're building a genetic database and plotting world domination from a thousand different angles that most people could never have even imagined.
This stuff is straight out of a dystopian sci-fi novel.
23andMe is very similar to Google in this regard. We never imagined Google would have so much access to data, we never thought of the consequences. Now Google wields an absolutely unfathomable level of power over everyone in the world, and all anybody can really do is trust them not to abuse it.
And also trust that all future generations and governments that inherit Google will never abuse it.
23andMe is one of those companies, but we aren't just talking about your searches and communications, we're talking about genetics and humanity and life itself on a very fundamental level.
The ethical and moral dilemmas haven't been brought to light yet in a meaningful way, but it's inevitable, and they're some seriously next-level moral dilemmas. Even for Silicon Valley.
According to the National Institute of Health, Many drugs that are currently available are “one size fits all,” but they don't work the same way for everyone. It can be difficult to predict who will benefit from a medication, who will not respond at all, and who will experience negative side effects (called adverse drug reactions). Adverse drug reactions are a
significant cause of hospitalizations and deaths in the United States. With the knowledge gained from the Human Genome Project, researchers are learning how inherited differences in genes affect the body’s response to medications. These genetic differences will be used to predict whether a medication will be effective for a particular person and to help prevent adverse drug reactions.
I personally wouldn’t use their services for fear insurance companies obtain the data. Not just now but at any point in your life (through bankruptcy, change of ownership , etc.)
The genetically 'unhealthy' will flock for insurance which will increase premia and discourage the genetically 'healthy' from doing so.
You cannot run a commercially viable life insurance in a situation where there isn't 'ultimate good faith'.
One way or another testing will become compulsory for insurance.
Is anyone able to assess the quality of information security at GSK? I would expect reasonably protective InfoSec from 23&Me because of their close ties to Google, but GSK feels like a company too large to care, and without enough hackers at the top to be worried.
I was taken aback by 23&Me’s anti-deletion contract, but with good security, I only have them to fear. If someone less scrupulous can access it, then I depend on their own security and that cascade tends to end up on haveibeenpwned.
I have more faith in a company such as GSK that takes data and privacy seriously than a company like 23&Me running mostly by silicon valley Kids that "Go fast and break things".
It's interesting that the ads target elderly people. It takes a relatively smaller number of elder customers to get at least partial DNA sequences for a larger swath of the population.
My personal conspiracy theory is all these biometric recognition (such as face) and DNA sequencing services are serving to compile a vast human identification database. With all the Intagraming, live streaming, voice listeners, etc. it becomes much easier to have mass surveillance. Someone is wanted by the FBI? Well, maybe he'll show up in a friend's daughter's Instagram selfie, or random tourist snapping pix, or Alexa listening into his friend's home. No more need for painstaking installation of covert surveillance to get the perp. Furthermore, with access and analysis of someone's online posts, this opens up the possibility to detect future crime. I bet there is big government money now for startups that can correlate a person across all these data sources.
Plus, this doesn't have to be in the government's hands. Dark web sellers have access to all this and more with all the data breaches. Such data can be used to compile lucrative targets for blackmailing or kidnapping, along with a pattern of life to make them easy to pick up.
This is an attempt to catolog every human being on this planet for surveillance.
I'm sure you know how an ex-cop turned out to be the infamous golden state killer.
While it's wonderful that these cold cases are now being solved, it also raises a strong privacy issue and also moral one.
If criminals know they will be caught eventually thanks to genealogy and DNA cataloging, wouldn't this drive them to get rid of the DNA altogether and escalate their crime?
[+] [-] dayvid|7 years ago|reply
"23andMe and our third party genotyping laboratory will retain Genetic Information, date of birth, and sex as required for compliance with applicable legal obligations, including the U.S. Federal Clinical Laboratory Improvement Amendments of 1988 (CLIA), California Business and Professional Code Section 1265, and College of American Pathologists (CAP) accreditation requirements.
23andMe will also retain limited information related to your account and data deletion request, including but not limited to, your email address, account deletion request identifier, and record of legal agreements for a limited period of time as required by contractual obligations, and/or as necessary for the establishment, exercise or defense of legal claims and for audit and compliance purposes.
We recommend that you review our full Privacy Statement for more information about deleting your data before submitting your request."
So basically, once your in their system, you can't get out.
And you're paying them money for this.
Any way to do self-DNA testing?
[+] [-] breck|7 years ago|reply
I’m unaware of any way you could do self-DNA testing at home unless you wanted to spend $100k+ on equipment, reagents, etc. The Nanopore might be relevant but I haven’t looked into it much.
[+] [-] DangerousPie|7 years ago|reply
[+] [-] Severian|7 years ago|reply
[+] [-] this_user|7 years ago|reply
[+] [-] OkGoDoIt|7 years ago|reply
No way in hell I trust any company in the US with my genetic data if it can be tied to me. Only reason I did the kit in the first place was at my girlfriend’s insistence.
[+] [-] ironjunkie|7 years ago|reply
Even worse, people are actually PAYING quite a lot to get the privilege of having that company playing with your most private data.
This field needs to be heavily regulated. In 20 years we will be able to extract all type of crazy information from DNA and it might be our biggest liability if it is shared across private companies. This will truly be the dystopian future, in which every business will make a decision based on your public DNA profile.
As everything in Silicon Valley, they are hiding behind the fact that it can be used to make "The world a better place" and cure sone diseases. It should be clear what the end goal is though.
[+] [-] sarabande|7 years ago|reply
I don't think a former personal relationship indicates the respective companies operate the same way.
> Even worse, people are actually PAYING quite a lot to get the privilege of having that company playing with your most private data.
Paying for something is a good thing. Historically in the Valley, companies for whose services you do not pay money tend to abuse your data as they use it as a source to earn money. I think in general, companies take more care of your data if the contract is explicit: I pay you money for this service, and expect corresponding controls over my privacy. Now, I'm not saying it's the case at all companies, just that I think the trend you mention is reversed.
> This field needs to be heavily regulated.
I agree. We absolutely should have better laws, and people should be able to delete their data without question (and not have remnants stored). In the EU, that wouldn't fly.
Disclaimer: I worked at 23andMe.
[+] [-] Shank|7 years ago|reply
I really doubt this. I've been genotyped by 23andMe and the most interesting information I've seen from their health reports are a handful of disease probabilities and some fairly useless-to-me traits (like, for instance, a probabilistic view of my hair color). Even if you jump into the fray with something like Promethease or look at data on SNPedia, each SNP only has a handful of studies and there's little to no research on hundreds of thousands of SNPs. Only a few sets have been analyzed for specific purposes like Alzheimer's and rare diseases, and those are indeed rare.
Science doesn't advance like the technology industry. It takes slow, methodical research to point to anything super conclusive. If we wanted a dystopia where job aptitude was determined by DNA, for example, we would need hundreds of studies and conclusive evidence that some genetic data indicates a very good match and not just a hunch. That research has to come from somewhere, continually be reproduced, and undergo the scientific process. That's all stuff that has to be paid for, which is something not a lot of people are willing to do.
> why would ANYONE in their right mind give their DNA to a company in Silicon Valley that is explicitely using Google as a model for Data privacy ?
It's more of a curiosity thing. I get a more complete view of myself, and we potentially help advance research in medicine and diseases. It's symbiotic.
[+] [-] teekno|7 years ago|reply
My father has Parkinson's and provided his DNA to 23AndMe using one of their free kits [1]. Companies like this represent a chance of finding a cure. There are certainly concerns with companies accumulating large amounts of genetic data, but huge data sets are required for deep learning and other AI methodologies. Sharing one's genetic data, and allowing other companies to form partnerships to gain access to that data, will likely represent a key step in identifying the cause (and hopefully potential cures) for such diseases.
[1] https://www.23andme.com/pd/
[+] [-] maxerickson|7 years ago|reply
I mean, it doesn't take very long before it's worth collecting a sample without your permission.
[+] [-] therealdrag0|7 years ago|reply
[+] [-] CamelCaseName|7 years ago|reply
I've been thinking about this a lot since you posted yesterday and I think you're doing yourself, your relatives, and your whole ethnicity a favor IF your data is used to build better drugs.
There's a huge issue with drug testing skewing against certain ethnicities, which is why some drugs are not effective for certain people. This seems like a good solution.
[+] [-] sschueller|7 years ago|reply
[+] [-] TrainedMonkey|7 years ago|reply
"The partners plan to use 23andMe’s data to jointly discover drug targets."
They will claim all kinds of protections of course, but it is only a matter of time until genetic data starts being resold.
[+] [-] aaavl2821|7 years ago|reply
I think you're right to be concerned about sharing of genetic data, but conflating facebook / google data sharing practices with medical data sharing is not appropriate
If the concern is that 23and me may bring the google / FB approach to personal data to healthcare then i share your concern
[+] [-] mcculley|7 years ago|reply
Edit: As people bring up the insurance risk, yes I did consider that and mention it in my post. I am personally not concerned about it and think the advantages outweigh the risk. Besides, I think insurances companies are going to have all the data soon anyway. If every time I get a blood test, they have a chance to capture my DNA, how can I stop them?
[+] [-] snarf21|7 years ago|reply
[+] [-] koolba|7 years ago|reply
“Based on your genetic profile you’re 27% more likely to develop ________, talk to your doctor about how GSK’s _________ can help”
[+] [-] meow81|7 years ago|reply
email I received from 23andme today. "Our top priority is you, the customer, and empowering you with the options to participate in research. As always, you choose whether or not to participate in research. You can choose to opt-in or opt-out at any time."
If you're not a customer, might not want to throw around assumptions.
[+] [-] hkmurakami|7 years ago|reply
[+] [-] sbinthree|7 years ago|reply
[+] [-] bmmayer1|7 years ago|reply
Or hacked.
[+] [-] chrisbaglieri|7 years ago|reply
[+] [-] rch|7 years ago|reply
[+] [-] dekhn|7 years ago|reply
[+] [-] reaperducer|7 years ago|reply
Or stolen. Or both.
[+] [-] jryan49|7 years ago|reply
[+] [-] jryan49|7 years ago|reply
Now trusting that 23andme is actually abiding by these rules is a different conversation.
[+] [-] aaavl2821|7 years ago|reply
[+] [-] randcraw|7 years ago|reply
Maybe GSK has decided to target patients very precisely as standard practice in all future drug trials. This makes a lot of sense if you want a new drug to maximize efficacy or minimize toxicity by cherry picking your high responders and low intoxicants, thereby easily avoiding all folks who don't benefit from it, even if no-go patients are in the majority. But it also assumes such cherry labels will be available to physicians and insurers soon, presumably as de rigeur medical practice for the general public. Streamlining a product like 23's might make this initiative fly economically.
Done early in a drug trial, like phase II, you might be able to use deep genome data to tune up or rescue a new drug that looks promising but not quite promising enough to continue to phase III. Deep genomic analysis is a very promising way to stratify patients who will benefit from those who won't.
This looks to me like GSK has just bought into GWAIS in a big way for thousands or more patients, esp in clinical trials. This partnership can only help both companies, since I don't see a major pharma ever trying to take over 23's existing boutique geek navel-gazer business.
[+] [-] throwaway0255|7 years ago|reply
Externally, they're a family company helping you understand your family history and equipping you to anticipate health problems so you can prepare for them.
Internally, in presentations to venture capitalists and in job interviews with engineers like me, the picture is quite different. They're building a genetic database and plotting world domination from a thousand different angles that most people could never have even imagined.
This stuff is straight out of a dystopian sci-fi novel.
23andMe is very similar to Google in this regard. We never imagined Google would have so much access to data, we never thought of the consequences. Now Google wields an absolutely unfathomable level of power over everyone in the world, and all anybody can really do is trust them not to abuse it.
And also trust that all future generations and governments that inherit Google will never abuse it.
23andMe is one of those companies, but we aren't just talking about your searches and communications, we're talking about genetics and humanity and life itself on a very fundamental level.
The ethical and moral dilemmas haven't been brought to light yet in a meaningful way, but it's inevitable, and they're some seriously next-level moral dilemmas. Even for Silicon Valley.
[+] [-] kough|7 years ago|reply
[+] [-] noja|7 years ago|reply
[+] [-] citochrome|7 years ago|reply
[+] [-] doke01|7 years ago|reply
[+] [-] ourmandave|7 years ago|reply
Something about affiliates (and companies buying their way in) can't use your data without express written permission.
Probably want to call the European Union on how to get the wording right and not watered down by lobbyists.
[+] [-] Friedduck|7 years ago|reply
[+] [-] barking|7 years ago|reply
[+] [-] bertil|7 years ago|reply
I was taken aback by 23&Me’s anti-deletion contract, but with good security, I only have them to fear. If someone less scrupulous can access it, then I depend on their own security and that cascade tends to end up on haveibeenpwned.
[+] [-] paxy|7 years ago|reply
[+] [-] ironjunkie|7 years ago|reply
[+] [-] amelius|7 years ago|reply
[+] [-] azujus|7 years ago|reply
[+] [-] yters|7 years ago|reply
My personal conspiracy theory is all these biometric recognition (such as face) and DNA sequencing services are serving to compile a vast human identification database. With all the Intagraming, live streaming, voice listeners, etc. it becomes much easier to have mass surveillance. Someone is wanted by the FBI? Well, maybe he'll show up in a friend's daughter's Instagram selfie, or random tourist snapping pix, or Alexa listening into his friend's home. No more need for painstaking installation of covert surveillance to get the perp. Furthermore, with access and analysis of someone's online posts, this opens up the possibility to detect future crime. I bet there is big government money now for startups that can correlate a person across all these data sources.
Plus, this doesn't have to be in the government's hands. Dark web sellers have access to all this and more with all the data breaches. Such data can be used to compile lucrative targets for blackmailing or kidnapping, along with a pattern of life to make them easy to pick up.
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] amelius|7 years ago|reply
[+] [-] antpls|7 years ago|reply
[deleted]
[+] [-] pwaai|7 years ago|reply
I'm sure you know how an ex-cop turned out to be the infamous golden state killer.
While it's wonderful that these cold cases are now being solved, it also raises a strong privacy issue and also moral one.
If criminals know they will be caught eventually thanks to genealogy and DNA cataloging, wouldn't this drive them to get rid of the DNA altogether and escalate their crime?