[Balgair]

Are they still saying that by submitting a sample to them, that they then own your genome and can sell it to whoever they want? I'd love to get mine sequenced and check it out a bit, but not if they are going to sell it off to a million shady companies whenever they go bankrupt (maybe 50+ years, but still)

[caio1982]

"We will not sell, lease, or rent your individual-level information (i.e., information about a single individual's genotypes, diseases or other traits/characteristics) to any third-party or to a third-party for research purposes without your explicit consent."

And...

"Unless you choose to store your sample with 23andMe (called consent to "bio-banking", which can be found here and changed in your settings), your saliva samples and DNA are destroyed after the laboratory completes its work, unless the laboratory's legal and regulatory requirements require it to maintain physical samples."

Also: https://www.23andme.com/en-int/legal/biobanking/

[alexbecker]

The "individual-level information" limitation is a huge weasel. 23andMe can and does share "anonymized" aggregations of its clients' genetic information [0]. Anonymization is not a property of a dataset though; it's a property of a dataset and the state of the world, and even if (and this is a big if) the dataset is truly anonymized right now, it won't always be.

[0] "23andMe says that it is also able to share anonymous and pooled data about their self-reported health traits without asking." - https://www.forbes.com/sites/matthewherper/2015/01/06/surpri...

[marchenko]

Well said. Genetic data is by nature personally identifiable, and genomic disaggregation techniques can be expected to improve. Data troves like 23 and Me are an attractive target for DNA dragnets - at present, their SNP data is not CODIS-compatible (although it is theoretically possible that the SNAP data could be queried against a physical sample assayed for the same SNPs), but the physical samples are very valuable and customers should inspect their sample retention terms very closely.

[decebalus1]

Yeah, for now but in general, that's useless. They have the leverage to change the policy whenever they want as long as they notify the customers at the login screen and via email. And hey, they can change the policy to not even notify anyone. And of course, they can be bought out and the customer data is part of the company value so there's that.

Unless they provide an anonymous way of consuming their product I would never. ever. EVER. give a for-profit company my genetic data (and it's debatable who owns that data because last time I checked lawmakers don't really give a shit about information ownership unless it's about Hollywood) and have them tie it to my name. Fuck that!

[astrange]

Not only your genes worthless, since everyone has genes, but you leave them everywhere, like when you get a haircut.

Might be important if you were planning on a life of crime, or if you owe someone child support. But for the moment there's no good way to use them to make money off you.

[marchenko]

There's a big difference between leaving your DNA on a cup and storing it in an easily-queried database. To collect your DNA from a cup , an interested party has to have an a priori interest in you specifically. To get it from a database (or databank, if 23 and Me is retaining physical samples, as their terms indicate they might), the interested party just has to have an a posteriori interest in "people's DNA", and hoover yours (and by probabilistic inference, your relatives') up along with everyone else's.

In the US, the protections against insurance companies using your genetic data against you are about as deeply entrenched as the protections against letting ISPs sell your internet history, and subject to much more intensive lobbying. Other countries have no protections at all - Canada's current bill is strongly opposed by the Trudeau government. Remember, even though most of these genetic risk scores are incredibly weak predictors, it is only necessary for insurers to believe they improve their actuarial models slightly to have a huge effect on differential insurance costs.

[decebalus1]

> Might be important if you were planning on a life of crime

I'm very sad reading statements like this on hackernews.

Is that really an argument when it comes to privacy? Especially these days?

'crime' is a generic term which can change depending on who's in charge of the country.

[astrange]

I mean, personally I think everyone should be prepared to start a life of crime. But hiding your genes is like trying to hide what you look like - basically impossible. Privacy is about not being able to associate people's actions with them, not hiding that people exist in the first place.

[lomnakkus]

"unless the laboratory's legal and regulatory [...]"

That [...] could hide a lot of shady stuff being done via NSLs (etc.).

EDIT: There is a very interesting issue here, though, namely how the findings by 23andme are presented to their customers. There's good research that shows that presenting relative probabilities[2] (as opposed to just picking a sample size and doing everything in numbers relative to that) is very hard to understand for the general public (and even for statisticians unless they're paying close attention!). The Base Rate Fallacy is basically a consequence of presentation. Hopefully, 23andme are doing this responsibly, but I honestly don't know.

[2]: Example: "Eating X increases risk of cancer by 50%". Well, yeah, that might change my risk of cancer from 0.01% to 0.015%, but that that's not something I should worry about. Yet, we see these headlines because they grab people's attention.

[Analemma_]

Those statements don't seem to say anything about the possibility of your data being acquired by God-knows-who in the event 23andme goes bankrupt.

[JumpCrisscross]

After the Cloudera incident, I asked them to destroy my genetic sample and data. 23andMe's certification seemed clear that my data were no longer accessible by anyone.

[chaostheory]

> unless the laboratory's legal and regulatory requirements require it to maintain physical samples.

I could be wrong but in a lot of cases in the US, labs are required to hold data for at least 2 years

[liuhenry]

What was the Cloudera incident? I couldn't find anything from Googling around.

[menacingly]

I obviously don't understand the specifics, but if they are later owned by someone else, is that new someone considered a third party?

For instance, doesn't this mean that a hypothetical future 23andMe drowning in debit could be acquired by a company who could use the data for all sorts of terrible things without ever technically selling it to a third party?

[awqrre]

Aren't they already selling your data to third parties? [0]

0. http://gizmodo.com/of-course-23andmes-business-plan-has-been...

[gotodengo]

This is what happened during the RadioShack bankruptcy iirc.

Instead of putting customer data up for sale they essentially just split off the portion of the company that held the data and put that up to be acquired.

[Balgair]

I'm pretty sure that is exactly how it will work, laws be damned.

[arthurjj]

I actually did some market research on creating a service to use 23andMe anonymously because of this worry (I'd call it 32andYou). Essentially the user could pay the service, and then the service would pay 23andMe. At higher paying plans you could pay for the swabs to be sent to a 32andYou shipping address so that 23andMe doesn't even have your mailing address.

[chrsstrm]

Preventing 23andMe from directly linking a subject's genome to a name, cc, and mailing address would be nice, but what prevents them from comparing the test results to other subjects who have submitted samples? If my genetic relatives have also been tested by 23andMe then filling in the relationship graph doesn't seem too difficult, especially if given access to other social graphs. Does 23andMe offer certified isolated analysis?

[make3]

good point, but on the short term at least, it would be pretty surprising if a sufficient amount of people took the test for that to be an actual preoccupation, lest you have reasons to think members in your family would specially likely to get the test (ie, history of genetic illnesses or a geeky uncle interested in biotech)

[chrsstrm]

Ancestry.com currently has a big marketing spend on pushing their DNA service to determine a person's ancestral origins. The FAQ [0] implies that Ancestry operates their own lab, but who knows what happens behind the scenes or where that test is outsourced to (23andMe maybe?). Of course the more likely scenario is that the Ancestry test normalizes providing a sample in exchange for information that regular people would be amazed by. If the test from Company A could tell me specifically what my ancestral makeup is (which is something Americans in general are fascinated with), what can the test from Company B tell me about my health?

I mean sure, I could be way off, but I could also totally see any of my family members taking the test out of curiosity and I don't see any of them announcing it beforehand. I totally see the genealogy use case as a gateway drug to making this more popular.

[0] https://www.ancestry.com/dna/en/legal/us/faq#about-3

[dikdik]

A friend of mine did this when he used the service. Used the office of an acquaintance as his address, a fake name, and paid with a pre-paid Visa card that he bought in cash.

[jacquesm]

And then he rounded this off by sending them a bunch of his DNA in a bottle.

[Balgair]

Is there a blog post or other written thingy that your friend has made to do this? I would love to know the step-by-step so I could repeat it.

[dikdik]

No, he just took every precaution he could to prevent his identity from being linked with the sample he sent.

[gleb]

Yes, that's exactly what they are saying. That's how they make money. And if that concerns realize that your doctor sells your EMR data, your pharmacy sells your prescription data, the labs sell your blood work data too.

https://genos.co/ will do a 75x whole exome sequencing (very good quality even for a clinical test) for $500 with a good customer experience and they don't sell your data. You can then feed the data to https://www.promethease.com/ for interpretation.

[mnw21cam]

> 75x whole exome sequencing (very good quality even for a clinical test)

You say that, but at the lab where I work, that level of quality would be a big fat fail - re-sequence the sample and get more data. They further describe their sequencing quality as "≥ 90% loci with 20x or more coverage AND ≥ 99% loci with 1x or more coverage". That's poor quality - very poor quality. We aim for 97% coverage at 20X and routinely get 98.5% They only get away with saying "Genos yields 50 times more data than comparable services" because they are comparing against 23andme, which uses a completely different test methodology.

[gleb]

Is your lab research or clinical? Genos coverage seems to be similar to GeneDx. I am told GeneDx is excellent on the clinical side. https://www.genedx.com/genedx-blog/exome-sequencing-at-gened...

Separately, can I get in touch with you somehow? I am dealing with clinical genetics as a patient right now, and would love to get some advice.

[mnw21cam]

Having a quick skim over that web page, yes it does look like they know what they are doing. However, they are still using SureSelect Whole Exome v4, when v6 has been available for quite some time now, and is so much better than v4. Their mean read depth is decent at 136X - that's about what we do. They quote a 31% pick up rate, where we have about 50%.

They talk about confirming variants using Sanger sequencing, but there is quite a bit of talk nowadays of stopping doing that, because NGS is becoming more reliable than Sanger. The problem with NGS is false positives, and the problem with Sanger is false negatives due to allelic dropout (the strand of DNA with the variant doesn't make it to the sequencer, so all you see is normal DNA). There is some concern that doing Sanger confirmation is rejecting more true positives than it is correcting false positives.

Our lab is both clinical and research. We don't do many research whole exomes any more - mostly doing whole genome instead.

You could mail me at nc74rmec@pliggle.homeip.net if you want. (Yes, that's a throwaway address.) Not sure I can advise you much though.

[tonyhb]

No, doctors, pharmacies and labs do not sell data; it's illegal under HIPAA regulations and you do not want to be caught liable under those laws.

[nradov]

HIPAA regulations explicitly allow for using de-identified data in research. https://www.hhs.gov/hipaa/for-professionals/privacy/special-...

[gleb]

https://www.bloomberg.com/news/articles/2014-12-10/they-know...

[tschwimmer]

Dang, this promethease thing is awesome. It's crazy that they're offering all this data for free.

It reminded me a bit of an RPG character sheet: +60% resistance to prostate cancer, 2x weakness to alcoholism.

[kregasaurusrex]

Is there a list of genetic services and what data they provide somewhere, maybe a comparison of sorts? My father recently passed away of arryhtmia and I'm looking for a way to determine if said condition is hereditary or not.

[marchenko]

If you have concerns about a specific trait in your family history, I would suggest speaking to a genetic counselor. Many genetic conditions are influenced by a suite of relatively rare mutations not commonly included in commercial kits. A geneticist can tell you if this condition localizes to a specific chromosomal region or set of regions and sequence those target regions in depth for a better estimate of your risk profile. Perhaps more importantly, they can tell you if it is worthwhile to do so. Some conditions are too complex to reduce to effective testing, or result from poorly-characterized private mutations, but may have associated non-genetic biomarkers that your physician can monitor if you bring the problem to his attention. If your father's condition was well characterized and you have access to his history, you can do preliminary research on SNPedia (SNPedia lists whether a SNP of interest is included in the 23andMe kit), or do a PubMed search on "genetic risk factors" /"targeted next-generation sequencing" $condition to get a sense of the state of the art.

[gleb]

Look on Promethease wiki and Reddit.

[fourstar]

I ended up canceling my account because of this reason. That and the fact that a bunch of random people started trying to hit me up because apparently we were "linked".

[unethical_ban]

You can turn off the discoverability.

[Balgair]

Yeah, that's pretty creepy. Thank you very much for the anecdote and information.

[snowpanda]

Haven't read it fully, but i think it would be on this page:

https://www.23andme.com/about/privacy/