author photo
By Bruce Sussman
Mon | Jul 30, 2018 | 6:17 AM PDT

The TV commercials for DNA testing companies make it sound like getting your DNA results helps fill a missing puzzle piece in your life.

You will finally understand who you are and be able to read the story your genes tell about you.

But you are not the only one interested in the story your genes tell.

Big Pharma partners with DNA testing company

In fact, one of the world's 10 largest pharmaceutical companies, GlaxoSmithKline (revenue approximately $40 billion), just signed an exclusive agreement with DNA testing company 23andMe.

23andMe agreed to share databases of genetic information it has collected from its 5 million customers around the world with the pharmaceutical giant.

DNA testing privacy risks

SecureWorld interviewed privacy watchdog Rebecca Herold about this new partnership. Herold, who runs the "The Privacy Professor" consultancy, had plenty to say.


In fact, if she had a commercial to counter DNA testing companies, it would probably include her saying exactly what she told us:

"If customers knew that these DNA collection businesses were charging THEM to then turn around and make HUGE amounts of money off of selling that data, and that there is a wide range of other entities that could use that data to negatively impact their lives, would they still be eager to get those DNA tests?"

That's a good question.

In this case, GlaxoSmithKline is making a $300 million investment in the DNA testing company to be able to use "23andMe’s rich database and proprietary statistical analytics to fuel drug target discovery, with the goal of jointly discovering novel targets that can progress into development," for the next four years.

That's according to a report issued by the companies.

Who owns your DNA test results?

The Privacy Professor says one of the biggest DNA privacy testing risks is that DNA testing companies end up owning or at least co-owning your extremely personal DNA information. 

Few customers even read the consent agreements, she says, partly because there are so many. In the case of 23andMe, Herold found this is the list of consent forms and informational documents you'd have to read to know your rights—a dozen forms!


And The Outline caught on to how contradictory 23andMe customer documents are, anyway. Look at this nugget:

“What happens if you do NOT consent to 23andMe Research?” reads one section of the company’s infuriatingly contradictory Privacy Statement. “If you choose not to complete a Consent Document or any additional agreement with 23andMe, your Personal Information will not be used for 23andMe Research. However, your Genetic Information and Self-Reported Information may still be used by us and shared with our third party service providers as outlined in this Privacy Statement.”

Who are the third parties receiving your DNA test information?

23andMe clearly states it can share certain information with "third party service providers." Which kinds of providers are these?

One thing Herold feels confident about is this: That list of companies wanting your DNA test results is growing. And so is the potential for serious consequences for test takers.

"And all the organizations that will want to use the results of all this growing DNA research and testing so they can use for their own business purposes, which will have an impact on the costs and availability of their associated business services and products. Life insurance. Health insurance. Mortgage companies. Law enforcement. Political action committees (PACs). Government services agencies. Schools. Any business that has employees. Consider all the decisions and actions these entities will, or will not, take based upon those DNA analyses."

In fact, we're already seeing this. Reuters has just confirmed that Canada's immigration agency, the Canada Border Services Agency, is using DNA test results and ancestry websites to establish the nationalities of immigrants and potentially deport them.

"CBSA spokesman Jayden Robertson said the agency uses DNA testing to determine identity of 'longer-term detainees' when other techniques have been exhausted. DNA testing assists the CBSA in determining identity by providing indicators of nationality thereby enabling us to focus further lines of investigation on particular countries.”

23andMe issued a statement and FAQ about this partnership with big pharma. The headline reads: "Multi-year collaboration expected to identify novel drug targets, tackle new subsets of disease and enable rapid progression of clinical programs."

It will be interesting to see what kind of impact sharing genetic results on 5 million people can have on healthcare and on privacy.

We know Rebecca Herold will be watching and likely talking about it in her keynote at SecureWorld Dallas this fall. 

"This points out the growing need to have some type of investigation or review, at a minimum, from the FTC and any other applicable regulatory oversight groups, to look into these data sharing activities. These DNA testing businesses are not covered by HIPAA, and there are no other regulations that govern what the DNA ancestry testing sites can and cannot do with the DNA and resulting data."