“We have evaluated the DNA of over five million people,” said Richard Scheller, the chief science officer and head of therapeutics of 23andMe. “Eighty five percent of them gave their permission to use the information for research.”
Aside from a saliva sample, 23andMe customers also have to give their consent on whether or not they want the results of their genetic test to be used for research. Much of the data has been used for various scientific studies and to develop therapeutics. Once a study is concluded the results are sent back to customers so they can see how their data was used.
Scheller looked at the crowd of people gathered for a talk before he continued, “More than half of our kits are sold in November and December, so they are probably given as gifts. People should think about if they will take the test and what the results will say.”
The results from the tests can have numerous outcomes - it can run the gamut from ancestry to diseases such as diabetes or cancer. If a test comes back positive for disease, Scheller recommends that people talk to their doctor or a genetic counselor to gain a better understanding of their situation.
Some people even upload their raw data to websites to see if they can find long-lost relatives. Law enforcement also solved the Golden State Killer case by looking through websites to find genetic matches to the killer. In a recent study, researchers set out to see how easy it is to identify someone based on genetic data one of their relatives uploaded to websites.
“It took us a day and half to identify someone,” said the lead author from Columbia University, Yaniv Erlich, who is also the chief science officer of My Heritage, a genealogy and DNA testing company. “It is time to think about protecting our genetic data.” In the paper, Erlich’s team recommend encrypting the raw data while public policy is still being developed.
Though 23andMe customers and their data are safe from law enforcement. Luckily, that is not part of their consent form.
“We have been approached by law enforcement,” said Scheller. “Our customers have not given us permission to do that, so we cannot give law enforcement access to our database.”