The distinction isn't super important, but 23andMe doesn't have your whole genome, just some specific locations from it. Roughly 750k base pairs or so.
The Genetic Information Nondiscrimination Act makes it illegal to adjust health (but not life) insurance premiums or discriminate for employment based on genetic information. Couples who do genetic testing before having kids have the same protections and they're very effective.
To the best of my knowledge use of genetic data is illegal in the USA and several other countries. It has been operational banned (self-imposed) by the life insurance industries in the UK and Australia. This was a hit topic in the late 1990s. Here we are 25 years later with few if any known abuses by the life insurance industry. They have MUCH bigger fish to fry: Do you smoke? What is your income, age, and sex, and perhaps your blood pressure and blood chemistry. Each of those is worth 10X your genotype.
And let me flip this situation: are there any laws that prevent advertisers from looking at genetic data to target cohorts? If I were an unethical advertiser, I'd want to advertise to customers with less risk aversion, higher neuroticism, higher sense of FOMO. You could do some truly sickening stuff. Target higher mortality groups, certain personality types, cross reference with familial mortality data and have a field day...
There are untold ways this could be abused that I'm almost certain the law doesn't fully protect against.
Don't think your reply is arguing in good faith (unless parent was edited) when you basically ignored the implied examples of that comment and made 3 strawmen points
I'm not sure if there are any current laws that prevent this, but there are quite a few laws that would prevent an advertising company from getting this information. Like most things, if we're going by a company that doesn't work within the law, we're already going to lose.
What's to stop someone within an advertisement company from reaching out to someone in healthcare IT, and offering a large amount of money for this information? Trying to link this physical data to an online presence is probably not worth the risk and amount of money and time (at this current point in time).
All my searching currently shows that there are only laws to protect against using genetics in employment and insurance, within the US. It doesn't look like there are any other protections in the US, other than unrelated laws like HIPAA compliance. I wouldn't even try to pretend to be able to figure out other countries' laws around this (and probably don't understand US law any further than not being able to find information easily available with search tools).
> What's to stop someone within an advertisement company from reaching out to someone in healthcare IT, and offering a large amount of money for this information? Trying to link this physical data to an online presence is probably not worth the risk and amount of money and time (at this current point in time).
HIPAA works because it comes with personal liability. Anyone who sells/leaks/loses HIPAA data gets hit with a $1000 or so fine per person. So if you sell 100 patients' data, you're personally on the hook for $100,000. Your employer pays another cool $10,000/person on top.
More of these laws should come with personal liability. HIPAA is the only one I've ever seen people take seriously.
HIPAA isn’t really a personal privacy regulation at all ...
Like other privacy regulation, it’s there to protect the industry and their business/commercial interests.
Barriers to access mean less controversy, fewer lawsuits, fewer investigative news stories, fewer insurance disputes.
I’d say it’s also designed to reduce contamination or adulteration of data: if every facility needs to do new testing and new evaluation then they can be sure they got the results they need, instead of taking some rando’s word for it.
HIPAA isn’t the most onerous barrier to personal access to records, but it’s a huge hassle for someone who wants it opened up for family, friends, and other entities because those forms are onerous. With good transparency in patient portals, authorized users can manage a lot on their own.
Also, good luck reading anything but textual notes, because imaging and other medical data is often always distributed in proprietary file formats that don’t simply import into Gimp!
> HIPAA isn’t really a personal privacy regulation at all ...
HIPAA as a whole is not.
The HIPAA Privacy and Security Rules, which are enforced by a different entity than the rest of HIPAA, are (the bulk of HIPAA is insurance administration rules enforced by the Centers for Medicare and Medicaid Services; the Privacy and Security Rules are personal privacy and information security rules enforced by the DHHS Office of Civil Rights.)
HIPAA is a stepping-stone to single-payer and socialized medicine.
I once joined a health sharing ministry where reviews said "it requires an Olympic-class athlete in paperwork and bureaucracy". Being "not insurance" it was completely DIY and "self-pay" and begging for reimbursements after the fact.
I've also attempted to visit independent PCPs. An independent PCP who isn't part of a major health system, when they refer you out, refers you to some other independent specialist with their own process, their own IT tooling and portal, and their own claims/billing services. Now multiply those specialists by the number of your conditions, or simply the multiplicity of organs in your body, and all the fiefdoms commanded by different medical boards.
I sincerely pity any sane family of 4 or 5, because speaing for myself as an insane family of 1, the process is mind-blowing, byzantine, and frustrating by design, and the gatekeeping is exhausting but, obviously, necessary. Dealing with doctors arguably did not drive me insane, but it certainly helps keep me that way.
Gatekeeping doesn't end with single-payer and socialization, but all this back-and-forth and multiple independent systems should ideally be coalesced into one monolithic Brazil/12 Monkeys sized system.
I pity parents with sick children the most, I suppose. I mean it's bad enough for elderly parents and adult children to handle when they don't love their parents enough. But for parents to care for a sick child enough to funnel them into endless medical appointments, drugs, invasive therapies and even experimental Herr Mengele shit because it's cheap or free, feels like cruelty and exploitation being visited on that family, rather than mercy or healing. I found the Karen Ann Quinlan case (I suppose I was too young to remember when it hit the news before Terri Schiavo) and I found Karen's parents' attitude and comments to be quite poignant. It's called a "right-to-die" milestone, but I consider that the parents advocated for her right to be free from pain and distress associated with unnecessary medical treatment.
HIPAA is a fuckin' bugaboo when you're trying to coordinate care among payors, providers, billers, HIMS admins, family and friends, because all of these parties I mention are compartmentalized and the compartmentalization is nearly as fierce as military/espionage systems, except there's usually not a guy sitting next to the curtain wielding a semiautomatic rifle.
Sure they do, but it's very hard to market illegal activities in a b2b context. How does 23andMe go about selling data allowing insurers to discriminate, without saying that's what they do?
I can think of a few things you could try, maybe. But judging from 23andMe's present state, it's clear that whatever things they tried to monetize customers' DNA info, didn't work out well for them.
> have job offers rescinded, or be targeted by scams
Can you expand on this?
I understand the insurance thing due to genetic diseases and so on, but which jobs would I be denied for based on genetic information which wouldn’t be checked anyways?
I can only come up with stuff like colorblindness but that would probably be checked anyways if it were a strict requirement for the job so keeping the DNA secret wouldn’t help.
I see most comments concentrated on employment. For a scam, think of someone that has been told they have a specific genetic disease, and that information is available in their DNA "data". As a scammer, I can start to send you information about alternative health treatments specific to your disease, that have no scientific backing to them. Since I'm a scammer, I can write anything I want to, like stating that the information is backed by FDA approval and even put statements like that in the fine print to build up my credibility. You could also try and sell fake services that wipe your released DNA information from databases online. There's a lot of potential for scams if you can link what people think is private (DNA), and their email/personal information.
When I was younger, I read a lot of ethics course material, and spent a lot of time thinking about how someone could get around existing laws or technology, and most of it boils down to most people believing what they're told with a bit of coaxing (building that credibility; social engineering). Luckily, I never went ahead using this information, and have actually turned down projects where my morals were put into question, but I think it prepared me to be more conscious of scams and shady advertising. I work for a digital advertising agency, and use an adblocker during my development work so I can see how a site is useful or mostly worthless when someone turns ad networks/tracking off. One of the benefits of working for a smaller company.
Why not do all of this without the data. Saves the scammer a lot of money up front. Scammers are pros at making up plausible stories. And yet here we are 15 years into 23andMe —- have you ever heard of a genetics scam? I have not.
Well, I have, actually. There are heir-hunter scams. You're contacted by someone claiming to be from a lost heir hunting company. These companies claim to track down the closest relatives to people who died without known heirs, in return they get a share of the inheritance. So you can't bypass them, they won't tell you who you're supposedly the heir of. They promise they're not asking for money, only a share... until they do ask for money, of course.
This scam doesn't use your actual DNA data though, just the fact that you have a profile on a DNA site.
>>> And what’s the scam angle when the DNA is known?
A person with apparent authority, telling people something about themselves, that they believed to be hidden, is a tactic for gaining psychological control. A strong-minded person should be able to withstand it under normal circumstances, but we're not all strong-minded under all circumstances. Hence the power of things like personality tests, police interrogations, and so forth.
This would be wholly illegal, but companies could screen candidates prior to extending offers to them. After they get your primary details and history, they can look you up in the gene database. They could look for a whole host of genetic markers, including but not limited to:
- Markers like ADHD and other neurodivergence and performance signals
- Disease likelihoods to reduce their insurance burden. Cardiovascular, cancer, neurodegeneration, etc.
- Markers for intelligence and tenacity. Personality type. Conversely, dishonesty, neuroticism, etc.
They could screen for literally any hypothetical condition that could in theory impact performance, risk, cost, etc. By excluding candidates with "low genetic scores", they might think they're saving margin.
There is a ton of literature beyond what 23andMe is legally allowed to report on with respect to the SNP data they collect. These studies report on a wide range of phenotypical states and behaviors that could impact job performance. The stack of research is deep.
> And what’s the scam angle when the DNA is known?
Look for any markers that indicate IQ, agreeableness, neurodegeneration, schizophrenia, personality type, etc. It gives scammers a hypothetically better hit rate.
And again, they don't need your DNA to do this. Just a relative's.
> 1.3x to 11.5x Increased risk of autoimmune thyroid disease
> 1.3x higher risk of ER+ breast cancer
> 2 - 3x higher prostate cancer risk if routinely exposed to the pesticide fonofos
> 1.5x - 2x increased risk for cervical cancer, HNSCC, and breast cancer
> 2x risk of Alzheimer's disease
> Lack of empathy? You have a SNP in the oxytocin receptor which may make you less empathetic than other people.
> Increased risk of Multiple Sclerosis.
> HLA-DRB11501 carrier; higher multiple sclerosis risk Rs3135391(C;T) is highly correlated with the HLA-DRB11501 allele. There is a 3x higher risk of multiple sclerosis associated with the (C;T) genotype.
> 1.4x higher risk of lupus increased risk of Systemic lupus erythematosus.
(And on and on...)
This is stuff that 23andme can't legally show you, and many of the studies are small and inconclusive. But many of the disease markers are noteworthy.
None of those are particularly useful on an individual level. E.g.:
- 1.42x risk of Autism
Okay, great, the population incidence is about 1 in 36, so 1.42x risk is about 1 in 25. What possible actionable use is this? It's not even particularly useful input to "should I follow up with some kind of actual assessment".
But even that and the other not-particularly-useful numeric risk multipliers are better than:
- You have a SNP in the oxytocin receptor which may make you less empathetic than other people.
At this level of specificity, you may as well be consulting a magic 8-ball.
Yes, those are tiny relative risk scores for large diverse (messy) POPULATIONS. They are absolutely NOT individual predictions. Even the most sophisticated polygenic risk score are jokes for most traits—-particularly psychosocial traits.
You want actionable information— a 30 minute interview.
A 15 min interview will give them 100X more data than a VCF file or even a 30X whole genome. The list of traits you enumerated are definitely not well predicted by a VCF file.
Question: How are they going to link the DNA to people?
Some will be easier than others, sure. I'm trying to decide how "safe" my data is, since I created a single-use gmail account, with fictitious name, and paid for it with a gift card. I was afraid that some information in there might lead to being uninsurable, so I decided to row away from the rocks. Thankfully, my genetics didn't pop up any red flags, knock on wood.
I guess if you signed up using your normal e-mail address and your real name and used your credit card, you can still take the Shaggy defense ("It wasn't me"), but I suppose at that point they could ask you to prove it. I mean, most businesses aren't obligated to do business with you, for any or no reason at all.
https://www.quora.com/How-much-of-the-genome-does-23andMe-se...