clock menu more-arrow no yes mobile

Filed under:

Treating ‘genetic privacy’ like it’s just one thing keeps us from understanding people’s concerns

Privacy, confidentiality, security, control

Illustration by James Bareham / The Verge

“Genetic privacy” is a complicated concept, and a new study finds that decoding how people feel about the idea is equally complex.

Genetic data can be collected for medical purposes, like genetic testing for hereditary diseases, by the government for identification purposes, or submitted to private companies that promise to tell you more about yourself and your ancestry. But increasingly, researchers are realizing that people’s expectations for how their data might be used aren’t lining up with reality.

For a study published today in the journal PLOS One researchers analyzed 53 studies (covering over 47,000 participants) that looked at how the general public, professionals, and patients viewed genetic privacy. The results paint a complex picture, says study author Ellen Clayton, a professor of law and health policy at Vanderbilt University. If you ask people “are you worried about genetic privacy?” most will say yes. But if you ask a patient whose genetic data was collected for medical testing about a more specific situation, like “are you concerned about sharing data with third parties?” the answers can vary widely.

For example, the team found that in many cases, people who have genetic conditions are more interested in contributing to the search for a cure than having granular control over their data. Clayton also mentioned that investigators in research studies often didn’t ask about how people felt about information being shared with third parties — and when they did, people weren’t that concerned.

It’s simplistic to claim either that people “are” or “aren’t” concerned about genetic privacy when it’s an multifaceted term that can cover different (and often conflated) concepts like confidentiality, security, and control.

Confidentiality, like in doctor-patient confidentiality, is whether a particular person has an obligation to keep secret information about you. “You can tell your doctor about something and your doctor isn’t supposed to tell other people, but if you tell your best friend, all bets are off,” explains Clayton. Confidentiality with DNA can be tricky, since people who take DNA tests and upload their information to public databases are also sharing genetic information about their relatives who may not want that to be easily available. Earlier this month, two papers showed that the DNA technique that helped catch the Golden State Killer has become even more powerful and could potentially be used to identify anyone in the United States with European ancestry, just by analyzing a sample of their DNA.

Security has more to do with the methods used to keep information private, like sending sensitive medical documents through unsecured email versus keeping it on a computer that isn’t connected to the internet. This was the issue at play in June, when hackers breached 92 million accounts from the ancestry site MyHeritage (though they never reached member’s genetic information). Control is about policies regarding sharing information with third parties, such as when 23andMe shares data with pharmaceutical companies like Pfizer.

“To get insight into how people actually feel, it’s important to ask them what particular outcomes they’re worried about,” says Clayton. For future studies and surveys, she recommends that instead of asking about “genetic privacy,” researchers should break the issue into different parts. That way, we’ll all have a better idea of what people want, so we can better respect their wishes.