Genomic Data, Privacy, and the Unknown Future

Imagine a world where you could pay to find out what your DNA says about the likelihood that you drive for leisure, or how fast you tend to walk. Well, that world already exists. For around $300, you can discover your genetic probability for everything from your addiction likelihood, to your “probability for older age of first sexual intercourse.” As strange as it sounds, this is a real service that I paid for, backed by real data and real studies—like the Mills et al. paper that identified 371 genetic variants linked to age at first sex and birth, many associated with externalizing behavior.  

Last summer I sent in a cheek swab to Nebula Genomics, and 4 months later, I received a full mutation analysis of my genome along with some other information about ancestry and microbiome. I was ecstatic about getting the results, and in all honesty didn’t care if I found out anything negative. I’ve since made changes to my vitamins, supplements, and lifestyle choices. The SNP rs11723621_G convinced me to start taking vitamin D supplements, while the RORA gene convinced me to wear blue light glasses while sitting down at my computer for long periods of time. There were a host of other cool results to sort through, some useful, but mostly just novelties. Regardless, this is a big step in personal genetic testing.

Recently I learned that genetic testing for personal use has been around longer than many people realize. Companies like Ancestry.com and 23andMe made direct-to-consumer (DTC) testing mainstream in the early 2010s, but the idea itself dates back to the 1990s. At the time though, a handful of small startups—such as Genelex, which offered DTC paternity tests—struggled against high sequencing costs and limited funding (I should make the unfortunate disclaimer that my use of the em dash was not ChatGPT). Today, companies like Nebula Genomics are able to sequence a whole genome for less than the cost of a single microarray back then, leading us potentially into a new era of affordable commercial genomic testing and analysis services. But this potential comes with some serious risks. 

As scientists, it’s easy to get swept up in the novelty of personal genomics like I did, but behind the fun and curiosity lies concerns about what happens to your genomic data when you hand it over, and who really owns it. When you send in your saliva, you’re giving a private company the blueprint of your biological identity, and potentially that of your future generations. Most DTC companies promise encryption, anonymity, and strict data control policies, but in reality, things aren’t always that straightforward. For example, Nebula Genomics has outsourced their sequencing to multiple other companies in the past. Some of these partners like G42 in the UAE, and BGI group in China, are based in countries that don’t have the same laws regarding data security or government access as the U.S. As a result, my data and many other peoples’ data is likely being stored in a warehouse somewhere abroad. We guard our passwords and credit card numbers so intently, yet there is so little in place to protect our genomic sequences. The uncomfortable truth is that once your DNA is out there, it’s likely out there for good. 

An argument that people have made against me on this issue before is, “What are people going to do with your data? Who cares about your genome?” It’s a fair question, and on the surface, it might seem harmless. After all, most of us aren’t celebrities or politicians, and there isn’t any technology currently that can hack your DNA. But the key word here is “currently.” Unlike our passwords which we are so invested in protecting, our DNA cannot be changed or reset. Genes that identify me could be linked to one of my great-great-great-great grandkids, they are a permanent identifier that ties together your family’s past, present, and future. So while we can’t predict how genomic data will be valued, regulated, or exploited in the future, it would be unwise of us to disregard the threat of it just because the technology doesn’t currently exist. Who knows, in 100 years bioweapons could exist that work selectively based on a person’s specific DNA sequence. It all sounds farfetched now, but if you told someone in 1925 that you could play music or call someone across the globe at the touch of a glass screen, they would most likely refer you to a psychiatrist.

Here in the US, we are coming along with our policies such as GINA, which is designed to prevent genetic discrimination, but we can’t regulate data held overseas, and as I said before, once your DNA is out there, it’s likely out there for good. Even with protections like GINA, the reality is that laws lag behind technology. International partners, cloud storage providers, and future innovations in genetics or AI could create situations we haven’t yet imagined. This means that we should approach personal genomics with greater awareness and caution. Sending in a cheek swab isn’t just a fun experiment, it’s a decision to share the most intimate blueprint of yourself, and possibly your family, with the world. As for me, if I had the choice to go back and undo it, it’s hard to say, but I definitely would have done more research on who would have access to my data. With all that being said, shoot me an email if you’d like to see any of my genomic results… unless it’s about my predicted income score, in which case I’d like to speak to George Church about his company’s measurement choices.