23andMe to sell DNA records to drug company

Originally published at: 23andMe to sell DNA records to drug company | Boing Boing


What makes this extra nice for 23 & Me is that they can sell this data to MANY drug companies at no additional cost. Such a deal! How nice for them.


Get Out Of Here GIF by Basketball Madness


how is this even remotely legal? Oh capitalism.


I would assume there’s language in the fine print of the agreement you sign when you submit your spit to 23andMe that says they reserve the right to do whatever the fuck they want with it in the future.


I thought they needed your explicit consent for each time they shared anything. I thought this shit would be covered by HIPAA which is pretty strict.


Angry Frustration GIF by MOODMAN


I assume that since they are not a medical provider, they are under so such restrictions.


So it’s worth noting that per the article:

…approximately 80% of gene-testing customers who have agreed to share their information for research…

I just checked my account and it looks like there is at least an option to opt out of research.

But I still agree that it sucks.


Correct. HIPAA doesn’t apply here.


Not HIPAA, but it is covered by GINA.

I have no doubt that, as this information is disseminated wider and wider, corporations are going to challenge GINA, because profits.

And since the supremes are on govt insurance, they will happily screw over the rest of us. Except Thomas. He’ll do it only if there is a fancy trip or Winnebago to support the decision.


I was invited by a relative to get 23&me testing: she’s heavy into genealogy and wanted the record to help in her researches. I agreed but then when the kit came I had second thoughts and I never submitted it. I work on privacy & security issues for a living and I was just queasy about a private company holding this data, and what they might do with it, or what might happen to it (hacking, etc.). Sounds like that was a good impulse I had.


I work with data like this at a drug company, so some details:

  • It’s deidentified as required by law. There is no way within the data to connect genetic information to any specific person. I mean I guess if you got the sequence of cells from a person’s coffee mug and knew they were somewhere in the dataset you could match it up but life isn’t a bad sci-fi movie so we don’t do that. Also you’d be fired.
  • The way this data is used is to find genetic variants that suggest the cause or cure for diseases. Most common is called a GWAS (genome wide association study) where you correlate traits with genetic information. Very few traits have a “trait x gene”, especially the usual ones people talk about (height, weight, skin color) or common diseases (neudegeneration, mental health). You need a whole lot of genetic information to identify genes that may each contribute a very small amount to a particular disease.
  • Another important thing we look for are called suppressors. If your genetic profile predicts you should have a certain disease, especially those for which there IS a specific single genetic cause (CF, sickle cell), but you don’t have symptoms, it’s really useful to figure out why. That can lead to new ways to treat dieseases, basically making a drug that mimics how people with a suppressor variant avoid getting sick. This is one of the most successful ways of coming up with new medicines, much better than curing mice. Look up disease “experiments of nature.”
    Basically if you’d donate your organs to science this is a similar altruistic approach that doesn’t require you to die first. It sucks that it’s through a for-profit company but they used their marketing to generate a useful research tool. There are ways to do this non-profit like the 1000 genomes project, Count Me In, or All of Us but of course because they’re nonprofit no one’s heard of them so the data isn’t as useful.

I realized this was a possibility when I sent them my spit way back in, I don’t know, 2010 or something. At the time, it seemed like the benefits, both to humanity via the advancement of medical science and to me personally with information about health risks and such, outweighed the cost. I may not be thrilled about them exploiting that information for profit, but until they do something more sinister with it, that gamble still seems worth it. I hope they don’t prove me wrong.


you have good reason to be concerned:



and yet, exactly those databases were used to identify the golden state killer.

Investigators and prosecutors said the investigation relied on genetic information people voluntarily made public, though with little reason to suspect it might incriminate members of their families in crimes. The actual investigation was broader and more invasive, conducted without a warrant, and appeared to violate the privacy policy of at least one DNA company.

whether or not they were able to grab his exact name from a database, they were able to identify him, and that has huge implications. the particular result in this case may be a good thing, but not all of them will be.


i didn’t pay for mine – the state paid for my sub because they were trying to get a good sample of people from the northern part of the state to help advance medical tests and funding, so the first couple hundred volunteers were comped. i have no regrets, because i have learned so much about my own self from it. if it helps understand the scientific world better or advances some medical research somewhere, fantastic.


Is the sequence all that is available? Deanonymizing someone requires far, far less data than you think. Gender, Birthday (not including year, just the day) and zip code is enough to identify something like 80% of people in the US


I kind of think you left out some important context here, Rob.

“Under the new agreement, 23andMe will provide GSK with one year of access to anonymized DNA data from the approximately 80% of gene-testing customers who have agreed to share their information for research, 23andMe said in a statement Monday.”