23andMyIdentity: How to safely and privately take a genetic test

In 2013, we published a post about how to take a genetic test from company 23andMe while keeping your personal information private.

Since then, more online genetic testing companies have popped up for various purposes, from discovering ancestry information to creating custom fitness and nutrition plans and even identifying whether you and your partner are “genetically compatible.” The uses may differ, but one thing remains a big concern: your privacy.

While these genetic tests may provide exciting and helpful information, your personal information may be compromised along the way. These tests may ask for more personal information than necessary–all they need is a way to contact you and a way to connect you to the test you send them. Using online safety procedures when registering for an online genetic test to protect your identity, location and personal information is the best way to safely take the test. We want you to stay safe while taking a genetic test, and created this updated post to help protect your genetic privacy.

We read the privacy policies and FAQs from 23andMe and some competitors, including XCode, MapMyGenome, GenePartner, Pathway Genomics, AncestryDNA and iGENEA. If you choose to take a genetic test from one of these services, we encourage you to read the privacy policy for your own benefit.

                     

Still, we know that privacy policies can be tricky to navigate and sometimes hide information. Some of the policies seemed a bit vague in areas–claiming that they collect or use the genetic information for what they deem “necessary for legitimate business purposes.” One company even wrote that they could use a customer’s genetic information for research purposes or for a third party without the customer’s consent. Now, do you see why it’s imperative to read those privacy policies carefully?

Many of the companies, including 23andMe, remind you in their privacy policy that if the Feds come knocking for your information, they are required to hand over your genetic profile and everything connected to it–all of your personal information. If you don’t give the service your real personal information in the first place, it would be extremely difficult to link the genetic information back to you. Some companies caution that “there can be no guarantee of privacy,” even given their encrypted information and secure systems–another reason not to share your personal information with them.

One company, based outside of the United States, even coaxed customers into participating in research by first noting that a consent form was necessary for the procedure to begin. The consent form allowed the company to use the customer’s genetic information and results for research. The privacy policy made it seem as if the customers had a choice in the matter: “With your consent, the delinked data….will be part of our research database. This will help you serve the Indian community better and contribute to health science.” While customers of 23andMe have the choice to opt-out of research, this company makes research necessary for participation in the genetic testing procedure.

                  

As we wrote back in 2013, the best thing that you can do when using one of these services is to provide as little real information about yourself as possible during the entire process. The only reasons that these genetic testing companies need your personal information (i.e. name, phone number, home address, email address, etc.) are to 1) send you the testing kit and 2) link your genetic test to your profile so that you can receive your test results.

As long as you provide a way for the company to contact you–through email and telephone number forwarding–you can choose not to provide your real personal information. The only caveat here is that if you want a 100% safe experience that cannot be linked to you, you’ll have to choose a shipping address that you have access to but isn’t your actual home address. You could try a friend’s home address, or even a more distant connection if they are willing to receive your package.

After you handle the shipping situation, you are all set to sign up and order the test. You’ll want to turn on a VPN, or Virtual Private Network, to reroute your IP address. You can read more about VPNs in our recent blog post. This will make it appear that you are browsing from somewhere other than your current location–whether that is somewhere else in the United States or halfway across the world.

Next, you should make sure that you have a tracker blocker or private browsing mode on in your browser. Note that Private Browsing, Incognito and similar modes do not completely guarantee your private browsing experience, and do not always block ad trackers. If you decide to use Blur, you can use Blur’s automatically activated tracker blocker in combination with your VPN to protect your browsing location.

When asked for your personal information, you can make up a fake name to keep yourself protected. Then set up email and mobile phone number forwarding using Blur’s Masking services–Masked Email and Masked Phone–in order to provide a way to contact you without giving out your real information.

At this point, you’ll be asked to enter a billing and shipping address as well as payment information. By using either a prepaid debit card or a Masked Card, you can pay for the genetic test without giving out your real credit card information. For a prepaid debit card, you should use a made-up billing address, and for a Masked Card you should use Abine’s address since we handle the payments and your card will be charged by Abine. In either case, hopefully you will have a shipping address of a friend or distant connection that has agreed to let you send their package to their home.

So far, these companies have not been able to collect any of your actual private information. Some companies may ask you to complete additional questionnaires, which they claim will give you a better report because they will have more background information. But is this necessary, or is it just another link back to your identity? Based on Sarah’s experience in 2013, we believe that you can still get a lot out of the genetic test and do not need to answer these additional, and often invasive, personal questions.

When your test arrives, you can use the same Masked personal information to link your test to your previously created profile. Don’t forget your VPN and tracker blockers! Since the postage is prepaid to send back your test, you have officially completed your portion of the procedure without giving up any of your real personal information.

By spending a few more minutes to create Masked information and set up privacy parameters when purchasing a genetic testing kit, you can protect your private information and prevent it from being linked back to you in case of a data breach or another sticky situation. Even so, always be sure to read the company’s privacy policy so that you know what will happen to your genetic information and keep creating strong, unique passwords for all of your accounts.

APPENDIX: For details on 23andMe’s competitors listed in this article and links to their privacy policies in the title, read on.

Ancestry DNA: uses genetic test to tell information about family history and ethnicities, rather than health.

iGENEA: uses test for ancestry purposes. Claims that it only gives information to third parties if the customer signs a consent form, which is optional. Based in Switzerland.

GenePartner: Based in Switzerland, uses genetic test and some additional information to determine whether a couple is “genetically compatible.”

Pathway genomics: uses genetic test and background information to advise a new health and wellness plan, which may include fitness & eating advice. Acknowledges that “there can be no guarantee of privacy.” Supports the “Free the Data” Movement: “Providing broad access to genetic testing will allow the medical community to collectively diagnose disease better, faster and cheaper — offering patients more effective healthcare and reducing costs to the healthcare system.”

Map My Genome: uses genetic test and information to take steps toward a healthier life. Based in India. Requires the genetic information to be used for testing so customer MUST sign the consent form to receive the package (but they make it seem like you have a choice). A machine creates the report so that they can’t be tampered with by personnel.

Xcode: uses genetic test and background information to design a unique health and fitness plan for the consumer. Available in Australia, India and South Africa.




5 comments shared on this article:

  • Alan says:

    In addition to the privacy concerns, it should be noted that many of the claims these companies make about the usefulness of their tests are nonsense because the tests they offer have low clinical validity and/or low clinical usefulness.

    23 and Me got whacked for these sort of issues by the FDA: http://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2013/ucm376296.htm

  • Risa Latinka says:

    Very helpful article.

  • Rae says:

    I saw a few days ago that 23 and me is selling their $199 testing kits on the shelf at Target. Go to Target, pay with cash, and you have eliminated almost all of the above hassle.

    • wolf max says:

      you still have to register to get your results and receive them at an email you can access.

      they say you must ‘register with your real name’ but i doubt they have a way to validate that.
      you must register to link a name and address to the barcode on your testkit that you send them.

Leave a Reply to wolf max Cancel reply

Your email address will not be published.

Comment