Skip to main content

23andMyIdentity: Genetic Testing Privacy

23andMyIdentity: Genetic Testing Privacy

DeleteMe

April 13, 2023

Reading time: 8 minutes

23andMe might be one of the more popular direct-to-consumer genetic testing companies on the internet, but it’s by no means the only one. 

In the last few years, more online genetic testing companies have popped up for various purposes, from discovering ancestry information to figuring out potential health risks and even identifying whether you and your partner are “genetically compatible.” The uses may differ, but one thing remains a big concern: your privacy.

While at-home genetic tests can provide exciting and helpful information, consumer privacy may be compromised along the way. 

The reason why is that these tests often ask for more personal information than necessary, including health information and data about family members. In reality, all they need is a way to contact you and connect you to the test you send them.

As a result, reading these companies’ privacy policies and using online safety procedures when registering for an online genetic test to protect your identity, location, and personal information is the best way to take the test safely. 

Genetic Testing Privacy Policies

We read the privacy policies and FAQs from 23andMe and some competitors, including XCode, MapMyGenome, GenePartner, Pathway Genomics, AncestryDNA, MyHeritage, and iGENEA. If you choose to take a genetic test from any genetic testing services, we encourage you to read the privacy policy for your own benefit.

Still, we know that privacy policies can be tricky to navigate and sometimes hide information. 

In fact, some of the policies we read seemed a bit vague in areas–claiming that they collect or use the genetic information for what they deem “necessary for legitimate business purposes.” One company even wrote that they could use a customer’s genetic data for research purposes or for a third party without the customer’s consent. Now, do you see why it’s imperative to read those privacy policies carefully?

Many of the companies remind you in their privacy policy that if law enforcement comes knocking for your information, they are required to hand over your genetic profile and everything connected to it–all of your personal information. 

If you don’t give the service your real personal information in the first place, it would be extremely difficult to link the genetic information back to you. 

Some companies caution that “there can be no guarantee of privacy,” even given their encrypted information and secure systems–another reason not to share data with them.

One company based outside of the United States even coaxed customers into participating in research by first noting that a consent form was necessary for the procedure to begin. The consent form allowed the company to use the customer’s genetic information and results for research. The privacy policy made it seem as if the customers had a choice in the matter: “With your consent, the delinked data….will be part of our research database. This will help you serve the Indian community better and contribute to health science.” While customers of 23andMe have the choice to opt out of research, this company made research necessary for participation in the genetic testing procedure.

Privacy Concerns and Privacy Laws Around Personal and DNA Data

When it comes to the use of genetic information, there are few privacy protections available.

For example, the Health Insurance Portability and Accountability Act (HIPAA) and the Genetic Information Nondiscrimination Act of 2008 (GINA) are two federal laws that deal with genetic information privacy.

However, even though HIPAA applies to the results of genetic tests administered by your healthcare provider, it does not extend to direct-to-consumer (DTC) genetic testing companies. Similarly, while GINA safeguards individuals from being discriminated against by health insurance companies and employers, it doesn’t cover other third parties or other kinds of insurance companies.

Just a handful of state laws provide better DNA data privacy. For example, in 2021, California passed the Genetic Information Privacy Act (GIPA), a genetic privacy bill. The bill establishes requirements for collecting, using, and disclosing consumer DNA data from direct-to-consumer genetic testing services.

This lack of legal protection creates a potential for a multitude of privacy risks, particularly because DNA data can’t be de-identified.

Keep Your Personal Information to Yourself

Most genetic testing companies’ privacy practices are risky to consumer privacy.

As a result, the best thing you can do when using one of these services is to provide as little real information about yourself as possible during the entire process. 

The only reasons that genetic testing companies need your personal information (i.e., name, phone number, home address, email address, etc.) are to:

  • Send you the testing kit 
  • Link your genetic test to your profile so that you can receive your test results.

As long as you provide a way for the company to contact you–through email and telephone number forwarding–you can choose not to provide your real personal information. 

The only caveat here is that if you want a 100% safe experience that cannot be linked to you, you’ll have to choose a shipping address that you have access to but isn’t your actual home address. You could try a friend’s home address or even a more distant connection if they are willing to receive your package.

After you handle the shipping situation, you are all set to sign up and order the test. You’ll want to turn on a VPN or Virtual Private Network to reroute your IP address. This will make it appear that you are browsing from somewhere other than your current location–whether that is somewhere else in the United States or halfway across the world.

Next, you should make sure that you have a tracker blocker or private browsing mode on in your browser. Note that Private Browsing, Incognito, and similar modes do not guarantee your private browsing experience and do not always block ad trackers. 

When asked for your personal information, you can make up a fake name to keep yourself protected. Then, use a fake email (an email that isn’t linked to you)  or set up email and mobile phone number forwarding using masked email services to provide a way to contact you without giving out your real information.

At this point, you’ll be asked to enter a billing and shipping address as well as payment information. By using either a prepaid debit card or a masked credit card, you can pay for the genetic test without giving out your real credit card information. For a prepaid debit card, you should use a made-up billing address.

So far, these companies have not been able to collect any of your actual private information. Some companies may ask you to complete additional questionnaires, which they claim will give you a better report because they will have more background information. But is this necessary, or is it just another link back to your identity? Based on our experience, you can still get a lot out of the genetic test and do not need to answer these additional and often invasive personal questions.

When your test arrives, you can use the same masked personal information to link your test to your previously created profile. Don’t forget your VPN and tracker blockers! Since the postage is prepaid to send back your test, you have officially completed your portion of the procedure without giving up any of your real personal information.

By spending a few more minutes setting up privacy parameters when purchasing a DNA testing kit, you can protect your private information and prevent it from being linked to you in case of a data breach or another sticky situation.

Even so, always be sure to read the company’s privacy policy to know what will happen to your genetic information, and keep creating strong, unique passwords for all your accounts.

Don’t Forget to Opt-Out of Genetic Testing Sites

Even if you don’t give a genetic testing company your personal information or take a test, they may still have personal data about you. 

For example, besides DNA testing, Ancestry.com genealogy service also provides sensitive information based on public records. Therefore, personal information that can be used to impersonate you can be easily accessed through genealogy databases online. There have also been instances of DNA databases being hacked.

Luckily, you can opt out of these kinds of databases. We have a whole series of guides that walk you through opting out from genealogy sites, including:

Or, we can do it for you if you subscribe to our data broker removal service. 

SHARE THIS ARTICLE
DeleteMe was created in 2010 when we realized the difficulty of navigating privacy issues in today’s interconnected and digital world. Our mission is to provide everyone with the power to control t…
DeleteMe was created in 2010 when we realized the difficulty of navigating privacy issues in today’s interconnected and digital world. Our mission is to provide everyone with the power to control t…
Hundreds of companies collect and sell your private data online. DeleteMe removes it for you.

Our privacy advisors: 

  • Continuously find and remove your sensitive data online
  • Stop companies from selling your data – all year long
  • Have removed 35M+ records
    of personal data from the web
Special Offer

Save 10% on any individual and
family privacy plan
with code: BLOG10

Want more privacy
news?
Join Incognito, our monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.

Don’t have the time?

DeleteMe is our premium privacy service that removes you from more than 750 data brokers like Whitepages, Spokeo, BeenVerified, plus many more.

Save 10% on DeleteMe when you use the code BLOG10.

Related Posts

Incognito — October 2024: Election Privacy

Welcome to the October 2024 issue of Incognito, the monthly newsletter from DeleteMe that keeps you posted on all things privacy and security. Octo…
Laura Martisiute
October 3, 2024

Incognito — September 2024: Dark Web Monitoring

Welcome to the September 2024 issue of Incognito. Here’s what we’re talking about this month: Dark web monitoring. Is it worth looking for your dat…
Laura Martisiute
August 29, 2024

Incognito — August 2024: State and Federal Privacy Laws

Welcome to the August 2024 issue of Incognito, the monthly newsletter from DeleteMe that keeps you posted on all things privacy and security. Here’…
Laura Martisiute
August 2, 2024