Deoxyribonucleic acid, or DNA, is the biological blueprint unique to nearly every cell in the body. Genetic data, often collected through simple saliva samples for direct-to-consumer testing or via medical providers, holds a vast amount of personal information. Concerns have grown as millions of people have submitted their samples, creating massive centralized databases. Understanding how this sensitive information can be used is essential as these genetic databases continue to expand.
Direct Consumer Applications
The primary motivations for individuals to submit their DNA sample fall into two main categories: health and genealogy. Many consumers seek a deeper understanding of their personal health risks, receiving reports that detail their genetic predisposition to certain diseases. For example, tests can screen for variants associated with an increased risk of developing conditions like Parkinson’s disease, Alzheimer’s disease, or specific hereditary cancers, such as those linked to the BRCA1 and BRCA2 genes.
Consumers also utilize these services for insights into carrier status, valuable for family planning, and for general wellness reports that analyze how their genetics might affect metabolism or reaction to certain medications. Genealogical mapping provides ancestry breakdowns detailing geographic origins. This service also allows for relative matching, connecting users with others in the database who share significant portions of their genetic code.
Secondary Uses and Data Aggregation
Beyond the personal reports customers pay for, the massive scale of consumer genetic data has created valuable secondary applications for third parties. One major use is the licensing of aggregated, often anonymized, data to pharmaceutical and biotechnology companies. These firms use these large datasets, which can number in the millions of profiles, to accelerate drug discovery and develop new therapies by identifying genetic markers for diseases. The company is typically selling access to the collective genetic trends of the user base, not individual, identified results.
Another significant secondary application is investigative genetic genealogy, increasingly adopted by law enforcement. Authorities can compare DNA evidence from a crime scene with profiles uploaded to public-facing genealogy databases. This process, often called “familial searching,” identifies distant relatives of a suspect, allowing investigators to construct family trees that eventually narrow down the search to an individual. This technique was notably used to solve high-profile cold cases.
Privacy Risks and Genetic Discrimination
The storage of vast amounts of highly sensitive DNA data creates a unique set of privacy risks, especially concerning data security. Genetic databases have become targets for cyberattacks, as evidenced by major data breaches where personal information, including ancestry and health profiles, was accessed by unauthorized actors. Genetic data is considered to have long-term value on the dark web because, unlike a credit card number, a person’s DNA is a permanent identifier that cannot be changed.
Access to a person’s genetic profile raises the potential for genetic discrimination. The Genetic Information Nondiscrimination Act (GINA) provides protections against the use of genetic information in health insurance and employment decisions.
However, GINA does not extend to other critical areas, leaving individuals unprotected when applying for life insurance, disability insurance, or long-term care insurance. Insurers in these sectors may legally request genetic test results or use existing genetic information to adjust premiums or deny coverage based on a perceived future health risk. This lack of comprehensive protection is a major concern for individuals considering genetic testing.
Legal Frameworks and Individual Control
The legal landscape governing genetic data is a mix of federal law, state statutes, and company policies. The federal GINA law prohibits most employers from using genetic information in hiring, firing, or promotion decisions and prevents health insurers from using it to determine eligibility or premiums.
Some states have enacted their own, often stronger, genetic privacy laws that grant consumers specific rights regarding their genetic data. Practical control over one’s genetic information begins with carefully reviewing the consent forms and privacy policies provided by testing companies. Individuals typically have the option to opt out of having their data used for third-party research or to prevent their profile from being matched with law enforcement requests. Most companies also provide a mechanism to request the permanent deletion of their genetic data and the physical destruction of their biological sample.