The direct to consumer genetic testing industry is here to stay, but sales have cooled recently, in part due to privacy concerns. How easy is to use a genetics product and then scrub your data to maintain privacy? I went on a mission to find out by attempting to delete accounts for many of the biggest providers in the DNA testing world.
Why are people concerned about privacy on DNA test sites?
Genetic testing companies who cooperate with law enforcement often allow their databases to be searched on an ongoing basis to find hits for unsolved crimes. This means millions of Americans every year are de facto investigated for crimes they didn’t commit, simply because they chose to seek health or ancestry information from popular DNA test kit providers. Further, there is a suspicion that our DNA test results could be vulnerable to other types of searches and intrusions we may not yet know about.
As a geneticist and head of research at a company that processes genetic data for customers in search of better nutrition, and as a consumer of these DNA tests myself, privacy issues are top of mind for us at Gene Food.
Rather than waiting for a customer to ask for their genetic data to be deleted, our policy is to delete genetic data (both from 23andme uploads as well as from our test kits) after the nutrition plan results have been processed. The only exception is when customers ask that we keep their data “on file” to provide updates when we add a new gene to our scoring algorithm and database.
Our software deletes 23andme and Ancestry uploads after one week, and the servers at our lab in San Diego remove customer data after a three month waiting period so our users have the chance to download their raw data for use on other platforms or with their physician.
However, I think the genetics industry must be more transparent about how and why data is used inside of companies in order to win back the trust of the average customer. Ordering a test kit one time doesn’t mean you want a company to have your data for all time, and it certainly doesn’t mean you approve of an acquiring company taking over your data when companies change hands.
My Heritage DNA
Did I upload: NoEase of deletion: EasyHow to delete: My Heritage Link
My Heritage DNA was the site that motivated me to start the process of purging my old genetic data from companies I’d used in the past, or in the case of My Heritage, companies I’d never used in the past, but who acquired sites I uploaded data to.
And this is the scary thing about the genetic testing industry – your genetic data can end up on sites you never used when those sites acquire companies you did.
Last year My Heritage DNA acquired both Promothease and SNPedia for an undisclosed sum. Although I’d never used My Heritage, I started receiving regular email updates from the company, some excitedly announcing “new DNA relatives.” Those emails nagged at me. Despite the fact the company had sent some legalese email saying they now had the right to all the data from Promothease, including mine, karmically this seemed like a significant violation.
Deleting My Heritage went on the to-do list, but that’s a big list and I assumed it would be a nightmare to purge the account. When I finally got around to deleting the account, I was pleasantly surprised. As I found with many sites on this list, deleting my account was as simple as navigating to Account —> Settings and then choosing to delete the account. Now, one could ask whether it’s reasonable to assume that the files were actually deleted, but for my own peace of mind I am going to assume My Heritage does the right thing and actually scrubs the DNA.
Promothease
Did I upload: YesEase of deletion: Moderate How to delete: Promothease link
Unlike My Heritage which houses simple instructions on their site for deleting an account, Promothease has their deletion policy buried in the privacy policy. You could argue that since My Heritage acquired Promothease and imported all its files, deleting data from My Heritage should also auto-delete from Promothease, but now that’s not the case. It appears relatively easy to delete DNA from Promothease by navigating the usual path of Account ——> Settings, but once you “pull the trigger” and officially delete, there isn’t a confirmation screen or email confirming you’ve fully removed your account.
LiveWello
Did I upload: YesEase of deletion: ModerateHow to delete: LiveWello link
LiveWello is another site where deletion appears relatively easy by visiting the account settings, but confirmation of deletion is lacking.
23andme
Did I purchase: YesEase of deletion: EasyHow to delete: 23andme link
While some sites on this list have value for ongoing research, 23andme provides information only on the genetic markers it deems scientifically valid for reporting to its customers. A rigorous scientific review process is welcome in the field of genetics, but 23andme has also famously denied any significance for MTHFR variants, which even for accounting for the importance of MTHFR genes being oversold, which they are, still seems dubious in light of the emerging research on this pathway.
I don’t find most updates beyond what was included in version 4 (when I bought) particularly useful. That, and the DNA relatives feature can be creepy as the emails roll in reporting ostensibly distant relatives who are the Twitter equivalent of an egg profile (no photos, detailed profile descriptions, etc.). The 23andme Ancestry product seems to cast a wide net, and since the vast majority of people participating haven’t taken the time to fill out their profiles, it feels like you’re being matched with anonymous bots for relatives. Further, the 23andme database is open to criminal investigation and a big part of their business is sharing data with pharmaceutical companies. This was an easy delete decision for me once I’d downloaded my raw data.
Found My Fitness
Did I upload: YesEase of deletion: DifficultHow to delete: Unknown
First, we are big fans of Rhonda Patrick’s, the researcher and founder in charge at Found My Fitness (“FMF”). She is a leader in the field of nutrigenomics and we respect her work. However, I did upload data in 2018 for both an APOE and PPAR report from FMF and see no record of that transaction, or any way to delete my data from her system once I login. FMF, like Gene Food, is not a venture backed company and so the inability to delete data is probably best attributed to budgeting issues with coding the interface, but nevertheless, it’s not clear where my data went or how I can purge it from the system.
DNA Fit
Did I upload: YesEase of deletion: Difficult How to delete: DNA Fit link
Full disclosure: DNA Fit is a Gene Food competitor. Although we are not nearly as well funded, we believe our product offerings are far better than what DNA Fit has to offer, but of course we are biased in our own favor. In terms of privacy, DNA Fit’s policy is to require users to email them direct at which point data will be deleted within “one month.” There is no option within the existing user interface to delete an account.
Not sure what to eat?
Gene Food uses a proprietary algorithm to divide people into one of twenty diet types based on genetics. We score for fat metabolism, histamine clearance, carbohydrate tolerance, and more. Where do you fit?
From where I’m sitting, if you use a smart phone, your privacy is in much greater danger than if you use genetic testing for healthy, ancestry, or nutrition insights. Having said that, those who are hesitant to have their genetics tested often have reasonable concerns.
For example, there is no uniform standard for how genetic data gets stored and when it should be deleted, so in most cases you’re left to the whims of various privacy policies. HIPAA probably isn’t enough because data security should come at a minimum. My data changing hands from Promothease to My Heritage probably doesn’t violate HIPAA, but it doesn’t necessarily pass the smell test either.
However, when you go and start the process of manually deleting accounts from popular DNA sites, and assuming you take them at face value for having actually scrubbed the data when a request is made, it’s relatively easy to close down the big ones, like 23andme.
For many of the smaller players, the process of getting rid of data is far murkier.
So, yes, buyer beware, but let’s also recognize that most companies in this space are operating in good faith.
Dr. Aaron Gardner, BSc, MRes, PhD
Dr. Aaron Gardner, BSc, MRes, PhD is a life-scientist with a strong background in genetics and medical research, and the developing fields of personalized medicine and nutrition. Read his full bio here.
The very latest on genetics, nutrition and supplements delivered to your inbox!
At Gene Food, we are committed to providing our readers accurate, evidence based content.
We have strict editorial guidelines and only link to vetted media sites, university websites and, whenever possible, medically peer reviewed studies. You can find all the references for this post organized at the bottom of this piece. All citations used have been vetted by our research team headed by Dr. Aaron Gardner.
If you feel there are inaccuracies in any of our written work, we invite you to use the contact form on our Contact page to tell us how we could improve.