Imagine a world where private companies have access to everything that makes you you, uploaded onto something as accessible as a thumb-drive. Imagine being reduced to gigabytes in the cloud, or words on a computer file. Picture your DNA being sold off to advertisers all over the country, so they can tailor ads on Facebook and Instagram that are perfect for you. In this fictitious universe, you may have a genetic condition, and Johnny Johnson, CSOM ’25, already knows about it, and has sent an ad your way selling the exact medicine you need. Deep in the bowels of Facebook HQ, Mark Zuckerberg is cackling maniacally as he engineers an army of clones used from DNA he got from Ancestry.com.
I am here to tell you that this world does not exist. Keep imagining.
When was the last time you thoroughly read a user license agreement or consent form before clicking “I agree?” For me, and for most people, the answer is probably “never.” For all we know, Apple could have “I sell my soul to Tim Cook” in line 45, and many of us are haphazardly consenting.
This phenomenon underlies the recent debate and widespread unease over AncestryDNA and 23andMe’s use of their customers' genetic material. If you are among the few who read either of these companies’ privacy settings, you may notice that by clicking "agree," you are giving them permission to use your information for all kinds of purposes. Ancestry lays out a detailed chart going over exactly who they allow to access your information, primarily divided between “Service Providers,” “Research Partners,” and even law enforcement. Of these, the description of their service providers sounds like the most problematic aspect of the company. Here, Ancestry explains that they “use other companies to help us provide the Services to you” and inform the customer that these companies may have some of their personal information in their systems. Among the laboratories and storage facilities that are to be expected on this list, Ancestry also includes “cloud services infrastructure providers” and “vendors that assist us in marketing.” Both Ancestry and 23andMe mention that “aggregate data,” stripped of your personal information like name and financial details, can be distributed to marketing companies and research partners even without explicit user consent, unless the customer decides to delete his or her data.
The thought of your genetic information—the very thing that makes you a unique human individual—being parceled out to unknown, distant corporate bureaucrats is unsettling, to say the least. However, the hysteria surrounding this discussion stems largely from an unspoken acknowledgement that we all didn’t read the terms and conditions, and now we're afraid that we've unknowingly sold our genes to the real life equivalent of Monty Burns from the Simpsons. Senator Chuck Schumer, for example, warned that many people don’t realize that “their sensitive information can end up in the hands of unknown third-party companies.” People speak about this fact as though Ancestry, 23andMe, and companies like them are somehow being secretive about this fact, when in reality, they are very upfront about telling you that they’re selling your DNA.
“Selling to who?” you may ask, and the answer is complicated. In terms of research partners, who receive a much more personal, detailed summary of your information, Ancestry and 23andMe both offer lists of the research companies or publications they work with. All of these research partners require explicit, informed consent from the customer to access any of his or her personal information, and it is easy for a customer to opt out of research and still build their family tree on whatever site they’re using. What is much less clear is exactly who is getting the aggregate information, used for marketing and “cloud services infrastructure,” whatever that means, but like I said before, this information is anonymized, impersonal, and very vague.
Of course, as Senator Schumer notes, it is possible that Ancestry and 23andMe are lying to us and being intentionally obscure about who they give our information to. In all honesty, some portion of customers’ genetic information is likely going to insurance companies to illegally discriminate against people with preexisting conditions. There is always the strong possibility that corporations are not being entirely honest, but here, I think it is important to remember a key point: if you are uncomfortable with how these companies use your information, or you don’t trust who they’re giving it to, then don’t use them.
If you do, there are a number of positive outcomes to sharing your DNA. If a person agrees to lend their DNA to the scientific community for example, Ancestry’s description lists that researchers may use the information to develop gene therapies or predict medical conditions, potentially making important advancements in treating serious diseases. 23andMe made headlines recently when law enforcement used information obtained by warrant from the company to catch the Golden State Killer, believed to be responsible for 13 murders in the ‘70s and ‘80s.
Despite this considerable potential for good, there are significant risks to having an enormous databank online of everyone’s DNA, but I would argue that information being sold to companies for nefarious purposes is not of chief concern. My main concern, and the reason I have yet to buy AncestryDNA, is the very real possibility of these databases being hacked, and my genetic information being leaked. This could prove to be even more disastrous than the rampant insecurities in credit information because, as one Forbes article puts it, “you cannot change your DNA.” If security measures aren’t reviewed and approved quickly, it will be not intentionally, but by technological mishap, that our chromosomes fall into the hands of the Monty Burns and Mark Zuckerburgs of the world—and then the clone army will rise.