Finding out exactly where the ancestors and great ancestors come from is exciting. It’s also easy and cheap thanks to the internet, where hundreds of different lifestyle genetic tests are available. In addition to genealogical research, tests in the field of nutrition and sports are also popular.
Like millions of people around the world, Alina* ordered a direct-to-consumer genetic testing kit from the MyHeritage website. She took a DNA sample from the oral mucosa with the cotton swab and returned the test. Where to, she doesn’t know exactly today. “USA or something,” she tells Watson.
What Alina was not aware of: the small sample contains the most personal information a human can pass on: the genetic code.
The result came after a few weeks. Alina found out online on her personal profile to what percentage she is from which region of the world. “That’s how I found out that maybe more of my ancestors than I thought came from the Balkans,” she explains.
A simple process, at the end of which is an AHA or WOW experience. That sounds convincing at first glance.
The process is easy if the consumer doesn’t think about what will happen to their DNA sample after the test. But when he does have to deal with it, questions such as:
In which database does the hereditary material and the information contained therein end up? And more importantly, what data protection standards apply to the highly sensitive material after it has crossed the Swiss border and left the EU area?
Alina did not answer these questions until she returned the MyHeritage test kit. During the conversation with Watson, she looks in her mailbox to see where she sent the sample back and says, “I actually sent it to the US. But the company is based in Israel. That’s confusing.”
She explains why she took the test: “I don’t know my father and I wanted to know where my ancestors came from. I’ve never had to deal with data protection. I know so many people who have taken such tests, so I wasn’t too careful. “
Alina remembers that she had to tick the boxes for which purposes her DNA could be used, but that didn’t really interest her. You just checked something. She says: “I thought I wouldn’t send them my blood and they wouldn’t be able to read all my DNA. In retrospect I have to say: I was naive.”
What Alina also didn’t know: MyHeritage was hacked in 2019 and there were over 90 million sensitive customer data for sale on the dark web. She tells Watson: “Had I known more, I probably wouldn’t have taken the test. To this day, I don’t know what country my DNA is in and I have no idea what data protection applies there. Besides, I didn’t know not that the oral mucosa contains the entire genome and that you can read genetic information from it.”
Claudia Seitz is a professor of law at the Private University in the Principality of Liechtenstein (UFL) and also teaches at the University of Basel. She is fundamentally critical of direct-to-consumer genetic tests, such as Alina’s*.
According to Seitz, it cannot be assumed that data protection is guaranteed in all cases, especially if you choose a provider based outside the EU.
She explains: “These genetic tests can carry data protection risks. Especially when it comes to the protection of privacy and the right to informational self-determination. The companies not only have data such as the name, date of birth and place of residence of the person and, depending on the test, also health data, but especially the genetic data of the consumer.”
In Switzerland, the data is generally well secured, but the question is ultimately where the data goes. “If the data is exclusively located in the EU, you have a relatively high level of data protection thanks to the European General Data Protection Regulation. This not only prescribes certain principles for data storage and processing, such as transparency, earmarking and data minimization, but also guarantees numerous rights of the individual, such as the right to information, the right to correction and the right to erasure.”
Seitz explains: “If the data collected in Switzerland or in the EU is illegally transferred to a place outside the EU that does not have a comparable high standard of data protection, unauthorized data transfer can lead to heavy fines and claims for damages. , data is no longer In addition, the question is whether and to what extent existing rights can be enforced in this case.”
The provisions on the websites often state that data protection is guaranteed and that the data will not be passed on, says Seitz. “But what if that happens or if the data collection leaks? Then, as a consumer, I have claims for damages, but I may not know where my data is,” she explains.
But are there any ways to perform safe direct-to-consumer genetic testing at all? “On principle, I would be wary of such Internet lifestyle genetic testing,” says Seitz. “Genetic data is the most sensitive data you can reveal about yourself because it contains the genetic code and thus the individual genetic profile of a person, which is unique to each person and is also known as a genetic fingerprint. Why should I disclose such data about myself for the possibly limited knowledge gain I get from it anyway?” says Seitz.
She adds: “Even though I know that my data will remain in the EU and will be deleted immediately after use, I’m not 100 percent sure if they are not used differently, for example because of a leak or something. And if they do go outside the end up in the EU, I have limited protection options, so I would be very careful.”
Although lawyers like Seitz warn against the tests, they are popular. Especially in the US. More than 7 million Americans have already undergone direct-to-consumer genetic testing.
In this regard, Seitz also points to a consequence of this development: “The data collections are growing because such tests are popular. These collections of genetic data from genetic research, or genealogy research, are already being used in the US. US law enforcement agencies are working with private companies that collect DNA information and use DNA analysis to establish kinship relationships and match DNA crime scene evidence, although this is a breakthrough in law enforcement, it is still problematic because the large collections of data are in the hands of private companies that are generally not accessible to the state.”
The data is not only of interest to law enforcement agencies. Pharmaceutical companies can also benefit from the genetic data for research and development of new drugs and therapies. American company 23andMe, which also conducts lifestyle genetic testing, signed a $300 million deal with British pharmaceutical giant GlaxoSmithKline in 2018. As a result, GlaxoSmithKline gained access to the Google-backed company’s DNA database.
Seitz: “In principle, it is crucial whether the data is anonymized or not. Anonymized data is data that cannot be related to a specific or identifiable person. If it is solely anonymous data, many laws, such as the data protection laws of Switzerland or the EU, do not apply. In general, genetic data can also be anonymized data.”
“However, a fundamental question arises here: Can this data, which contains the genetic fingerprint, be made anonymous at all, especially if more people take a genetic test in the future?” Contrasts Seitz.
*Name changed by editors.
source: watson
I’m Maxine Reitz, a journalist and news writer at 24 Instant News. I specialize in health-related topics and have written hundreds of articles on the subject. My work has been featured in leading publications such as The New York Times, The Guardian, and Healthline. As an experienced professional in the industry, I have consistently demonstrated an ability to develop compelling stories that engage readers.
