Turmoil at 23andMe, a company offering popular at-home DNA testing, has upset the industry. Following the resignation of every independent member of the company’s board of directors, its chief executive, Anne Wojcicki, expressed openness to selling the company and its database of around 15 million customers, raising concerns about the misuse of genetic data.Although Wojcicki has since said she is focused on taking 23andMe private, the data-sharing risks raised by DNA testing and matching companies are already here. A class-action lawsuit filed in August alleges that the operator of GEDmatch.com, a genealogy site that claims to have a database of more than 1 million members, has been sharing users’ information with Facebook. This revelation should alarm us all.GEDmatch stands apart from companies such as 23andMe. It’s an open, crowdsourced database that anyone can search. Founded in 2010, it emerged as a tool for genealogy enthusiasts to upload DNA results and connect with relatives. It gained notoriety when law enforcement officials announced in 2018 that they had used the service to identify the Golden State Killer.Initially, the site’s users consented to share DNA to solve only cases of murder and rape. However, GEDMatch co-founder Curtis Rogers unilaterally made an exception to the policy for an assault case. The resulting backlash led to Rogers and his partner making users unsearchable to law enforcement by default; they could opt in to searches if they chose. But later that year, the line between hobbyist’s tool and crime-solving platform blurred further when Verogen, a for-profit forensic sequencing company with government ties, acquired GEDmatch. (Verogen has since been acquired by the multinational company Qiagen.) And last year, reports surfaced that a loophole gave law enforcement agencies access to GEDmatch users who did not consent to those searches.The August lawsuit alleges that GEDmatch has been secretly sharing users’ genetic information using Meta Pixel, a tracking code embedded in websites, essentially wiretapping users’ interactions. If the allegations are true, that means Facebook could see whether you have taken a genetic test — and could track links you click on to learn more about your DNA, such as, “Are your parents related?” or a comparison tool detailing chromosome matches, or a tool to explore DNA segments linked to physical traits and medical information.The implications of genetic data breaches are staggering: This information can reveal sensitive information about a person’s health and other characteristics. In the wrong hands, it carries ...
