I do worry about my data with them, but when I think about the worst-case scenario - you will not get insured (or have high rates) because you have {some genetic condition}.. it seems just as likely that they will simply require my DNA to apply for insurance. (or get my DNA from a blood test within their system, etc.).
The obvious solution is with legislation for transparency and better health care system.
One aspect to this tangle is knowledge asymmetry: One of the traditional justifications for insurers poking around is to guard against an applicant that conceals important factors as a kind of fraud.
But what about the reverse? There's something intuitively unjust about the customer not knowing why they're being charged a higher rate, especially if it means the company believes there's a potential danger (enough that it affects the bottom-line) but conceals it.
So yeah, I think "transparency" is a robust principle to follow here, especially if anyone is arguing market competition is going to curb the worst abuses.
The paradox is that the better insurance companies are at pricing risk, the more irrelevant their business becomes. If they can predict your disease with 100% reliability, and charge you based on that, then what is the point of buying insurance if you are going to be charged either nothing or the full cost of the treatment, just like if you were not insured.
Except of course in the US, with scammy hospitals charging over-inflated prices to uninsured patients, while only insurers can access realistic prices.
Currently, due to the Affordable Care Act aka Obamacare, health insurance companies are prohibited from setting rates based on individual risk (except they can charge higher premiums to tobacco users). Before the law, ensures would typically put applicants through a health screening that would determine their rate. People with pre-existing medical conditions could be denied coverage or charged higher rates. Women routinely paid higher premiums than men.
The analogy I have used in the past is this fear is like thinking that health insurance companies were more likely to buy the old Marlboro Miles database rather than just making detailing your smoking history a required part of the application process.
If these companies have the legal clearance to use DNA data, why would they be satisfied only having secondhand access to that data for a relatively small subset of the population? They'll obviously want that data for everyone.
Yes. Behavioral data is in most cases far more useful to them than DNA. No need to go all the way of using the non-coding SNPs in a genealogical test to infer your coding DNA, to infer your propensity for smoking, when they can just find out if you smoke instead.
It’s much ‘better’ for them to use it as an anti-fraud measure later when someone makes a claim, not early on when people are paying them money.
‘You said on your application you don’t smoke, but on x data dump it shows you do. Por que?’ Or just deny your claim for that reason, and make you fight it.
> you will not get insured (or have high rates) because you have {some genetic condition}..
s/insured/hired
Wait until we have DNA detectors wired up to collect the DNA we exhale and rapid sequencers that handle what might be below the limit of detection today.
Maybe that's fifty years down the road, but it's coming.
Gattaca was a prescient premonition, it was just a hundred years ahead of its time.
Either you or me are deeply wrong about how genotypes relate to phenotype.
While some DNA characteristics can be statistically linked with some costly health conditions, the connection to "being a good hire" seems totally imaginary to me, has always been and will always be.
For what it's worth, public posts and comments on internet are probably a much better indicator of whether someone is going to be an obedient employee, and this dystopia is technically doable right now, and certainly many are working on it already.
Yes, I can imagine those dystopias - my point was that I don't imagine my choice to try 23andMe in 2019 is what dooms me - while others are saved by not making that choice.
Why would that matter at hiring time? If the person develops a health issue during employment they’ll just fire them. Unlike insurance where there they’d have to spend money.
Things like financial and medical data should be required to have an audit log that you can see, in real-time and subscribe to updates for, including extraction into "anonymised" formats, along with a description of that process, format and a justification for why it is robust against deanonymisation. If data is handled well, there is nothing to fear here. Fiddly, perhaps. Expensive, probably. But personal data processing should be risky and expensive.
Deliberately extracting personal data into un-audited environments without good reason (eg printing a label for shipping), should be punished with GDPR-style global turnover-based penalties and jail for those responsible.
> Deliberately extracting personal data into un-audited environments without good reason (eg printing a label for shipping), should be punished with GDPR-style global turnover-based penalties and jail for those responsible.
There already are, but only for Europeans through the GDPR.
Can one even truly delete their DNA from 23andMe? Wouldn't deleting someone's DNA require deleting not only the existing record, but also the record from all historical back-ups too? What is to say 23andMe just doesn't flip a bit in their database and claim one's DNA is (soft) deleted?
The only truly reliable way to do this is to have a per-customer encryption key used to encrypt ALL data for that customer. Then you can simply delete the key to delete the customer data.
Is there any intrinsic value whatsoever in the DNA or SNPs themselves? Or is it just the link between your name and your DNA that is so concerning?
It seems like you could do lots of useful things without having a name attached to any particular sample. There must be some kind of differential privacy approach here that would work well.
I started doing a relevant project https://github.com/barisozmen/securegenomics . Because I believe 23andMe event will result in people to be more wary of sharing their genetic data, and we need ways to make people able to contribute in genetic research without exposing their data.
Homomorphic encryption, presumably? It's not impossible. But I also think it's overkill. Also, I don't know of good open source software that lets me do the kind of analysis I want even on non-encrypted data.
Readit News
The obvious solution is with legislation for transparency and better health care system.
But what about the reverse? There's something intuitively unjust about the customer not knowing why they're being charged a higher rate, especially if it means the company believes there's a potential danger (enough that it affects the bottom-line) but conceals it.
So yeah, I think "transparency" is a robust principle to follow here, especially if anyone is arguing market competition is going to curb the worst abuses.
Except of course in the US, with scammy hospitals charging over-inflated prices to uninsured patients, while only insurers can access realistic prices.
If these companies have the legal clearance to use DNA data, why would they be satisfied only having secondhand access to that data for a relatively small subset of the population? They'll obviously want that data for everyone.
‘You said on your application you don’t smoke, but on x data dump it shows you do. Por que?’ Or just deny your claim for that reason, and make you fight it.
Deleted Comment
Deleted Comment
s/insured/hired
Wait until we have DNA detectors wired up to collect the DNA we exhale and rapid sequencers that handle what might be below the limit of detection today.
Maybe that's fifty years down the road, but it's coming.
Gattaca was a prescient premonition, it was just a hundred years ahead of its time.
While some DNA characteristics can be statistically linked with some costly health conditions, the connection to "being a good hire" seems totally imaginary to me, has always been and will always be.
For what it's worth, public posts and comments on internet are probably a much better indicator of whether someone is going to be an obedient employee, and this dystopia is technically doable right now, and certainly many are working on it already.
Good luck blue cross.
Deliberately extracting personal data into un-audited environments without good reason (eg printing a label for shipping), should be punished with GDPR-style global turnover-based penalties and jail for those responsible.
There already are, but only for Europeans through the GDPR.
Deleted Comment
It seems like you could do lots of useful things without having a name attached to any particular sample. There must be some kind of differential privacy approach here that would work well.
How are scientists able to work on encrypted genomes?
That being said, scientists can implement their own protocols, and use whatever technique they want. For example: https://github.com/securegenomics/protocol-alzheimers-sensit....
It's that our platform makes federated computing + homomorphic encryption analysis easy, but protocols are customizable.
Deleted Comment
Is the best way to hasten the next bankruptcy to not delete your data?