Slashdot Mirror
Top Genetic Testing Firms Promise Not To Share Data Without Consent (washingtonpost.com)
Ancestry, 23andMe and several other top genetic testing companies pledged on Tuesday not to share users' DNA data with others without consent. "Under the new guidelines, the companies said they would obtain consumers "separate express consent" before turning over their individual genetic information to businesses and other third parties, including insurers," reports The Washington Post. "They also said they would disclose the number of law-enforcement requests they receive each year." From the report: The new commitments come roughly three months after local investigators used a DNA-comparison service to track down a man police believed to be the Golden State Killer, who allegedly raped and killed dozens of women in California in the 1970s and 1980s. Investigators identified the suspect using a decades-old DNA sample obtained from the crime scene, which they uploaded to GEDmatch, a crowdsourced database of roughly a million distinct DNA sets shared by volunteers. Investigators said they did not need a court order before using GEDmatch, sparking fresh fears that users' biological data might be too easy to access -- and could end up in the wrong hands -- without additional regulation on the fast-growing, already popular industry.
Hahaha! As though they are capable of stopping that. This data will all be stolen and sold.
Also, what's with the promises? Why isn't this a law?
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
Databrokers and companies like this rarely sell raw data. They feed the raw data into algorithms to generate thousands of scores. For example, Cambridge Analytica created a psychological profile based on raw Facebook data.
In the USA these scores are protected as a form of corporate free speech. "they are just opinions".
As long as the public debate doesn't distinguish between these two types of data, then companies will continue to be able to make claims like this which don't address the real issue. What we really need to know is: do they generate and sell derived data?
New industry. Legal framework comes after need is established, not before.
In a world where people in power consider themselves above the law, and issue legal immunity to their corporate henchmen, what would it take for the corporations to be too scared to betray their customers?
Also, what's with the promises? Why isn't this a law?
Why do you think Europe passed GDPR? I would assume the new similar California law would cover this too.
They pledged? How on Earth is this not already the law? How on Earth is this not already in their terms of service? Seriously, are these services only used by terminally naive people?
Under the new guidelines, the companies said they would obtain consumers "separate express consent" before turning over their individual genetic information to businesses and other third parties, including insurers, ...
And insurance companies will require this "separate express consent" in order to receive coverage in 3... 2... 1...
It must have been something you assimilated. . . .
Not to mention the government can just order them to share it to track you down for a parking ticket any time they wish.
Washington Post doing a bit of sensationalist journalism. Existing DNA testing companies have already been following these guidelines which are in their terms of service, and large part of them indeed are the law, or their interpretation. The reporting on these companies is weird, because every existing practice and action is always reported as brand new, never happened before. Industry self-regulating is a good idea, but of course there's additional motivation for the companies to cast doubt on those companies not involved in the guidelines. In essence they're saying "Here's what WE have been doing, and what every competitor should do, too".
It would also be pretty dumb move for them to break their promises in an industry where the whole business model is based on gaining people's trust.
Until one of them folds and the information gets bought by another company.
L'Idiot
That's going to be done for them right after the data leak.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
After literally hundreds of data leaks and personal information having become a play toy for companies to be bought and sold with impunity, after Sugarhill had to testify in front of Congress to that effect (so they can't really say that they never ever noticed anything like this), WHAT THE FUCK more do you need to establish a need?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
WHAT THE FUCK more do you need to establish a need?
Maybe some actual damages. For all the Slashdot outrage about data breaches, it isn't really something that the public cares about, and very few consumer losses can be traced to the breaches. Your card data is more likely the be lifted by the waitress at a local restaurant.
I am a customer of 23andMe, and to be honest, I couldn't care less what they do with my data. I have a hard time imagining any negative consequence. If the NSA wants my DNA sequence, they could get it elsewhere anyway. Could an insurance company use it to deny me coverage? Unlikely, since that is illegal, and I don't have any genetic problems, so an insurance company is more likely to give me a discount.
So when there is another breach, Slashdot will throw a hissy fit, everyone else will yawn, and life will go on.
Ask any credit card company whether there are damages every single time some credit card processor gets raided. Oh, wait, no, they won't tell you. Because that would tell people to stop using those cards, because the amount of credit card fraud due to cards stolen in data breaches is through the roof. Want proof? Just call your credit card company and dispute some purchases. They don't even investigate anymore. They just refund you, have you sign a shut-up paper and issue a new card.
I don't know about your country and waitresses there, and maybe if you paid them a decent salary they wouldn't be tempted, but I know that my chance to see my card being used in Generistan to buy shit that cannot be tracked is heaps higher than seeing it used to buy shoes of an internet platform.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
But not the curator when he will nedd to find some money to bail the company
when a company gets sold your data may be sold too
Hahaha! As though they are capable of stopping that. This data will all be stolen and sold.
No data has ever been "hacked," "stolen," or otherwise removed unintentionally from a data miner. "Hacked" and "stolen" are just ways of saying "we sold it and didn't want our stock price to fall."
How bureaucratic can a country be if even the effin' EU where more than a dozen countries have to get to an agreement could get a law addressing this issue done by now?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
If you don't have verifiable accountability, then promises don't mean shit anymore.
I don't know where we went wrong, exactly... because I remember when corporate promises used to count for something.
File under 'M' for 'Manic ranting'
It's illegal to deny you coverage, sure, but it's not illegal for them to charge you an insanely high premium, "just in case".
Insurance companies are the last corporations on Earth that are allowed to openly discriminate on basis of gender, age, colour, place of residence, medical history, genetics and all sorts of other factors. Compare the rates for a 21-year-old male driver's insurance to the rates of a 21-year-old female.
You: "Why does it cost more for the male drivers?"
Insurance: "Men are more aggressive drivers, we need to charge them more."
You: "That's discrimination! That's stereotyping!"
Insurance: "Tough shit. You want insurance or not? You can always take the bus if you say no."
Here comes the take it or leave it clause in the click-through in 5... 4... 3... 2... 1...
A wild clause appears:
"You agree that your data can be shared with whoever we want whenever we want"
Agree/disagree with the whole document.
Disagree? No service.
Nothing is changed or fixed, but A's are legally CYed.
Even if it was law today and strictly enforced it wouldn't matter.
Just like no one can check your credit/background/etc. without your explicit consent...and many employers require that consent in the pile of pre-hire forms you're required to sign.
Such a law would only work if it required your explicit consent AND explicitly barred any company, organization, person or entity from discriminating against you if you refuse to provide it. Until they completely bar companies (be it insurance or employment) from requiring this, it would be a law completely without teeth.
For now, it's just their current user agreement which is subject to change at a whim.
You can get rich if you own a politician, but you have to be rich to buy one in the first place.
Insight: GDPR would likely cover this. As would a lot of the other PII laws in other countries that are getting closer to being fully aligned with GDPR. The U.S. isn't there just yet (Privacy Shield? Please...) but a new law in California is close and I hear Oklahoma is about to do something similar. It's only a matter of time before every country puts a strong law on the books protecting PII.
And make no mistake - the GDPR is no joke. The regulation body is self-funded from fines levied against violators. If you do ANY business with the E.U. or nations that have laws similar to GDPR, you need to comply. Failing to do so is VERY expensive.
Is GDPR a silver bullet that solves all the issues? No, but it's probably the best compromise between being able to do business and protecting PII for every individual.
My sources are unreliable, but their information is fascinating. -- Ashleigh Brilliant
What a bunch of bullshit. All it'll take is a national security letter or just a plain old court order for that matter and they'll squeal in fear like little piggies and hand over their entire database, personally-identifiable information and all. You're nuts if you send your DNA in to any of these companies, if you do you may as well just cut out the middle-man and send it directly to the local LEOs, FBI and HLS, at least that way it'll cost you a little less in taxpayer money to have your privacy violated.