This is false. 23andMe shares data with invested parent organisations regardless of consent, and is not required to disclose the fact because they're legally not 3rd parties.
Is there something specifically missing from that? it seems like you're suggesting they are doing somethign which is not covered here, or they're trying to be "sneaky", but I don't think that's the case. They have always made it fairly clear what the long game is, and "collect genetic information and share it with legitimate researchers to enable drug discovery" was a major part of it.
I see a lot of folks suggesting 23&Me is being sneaky, or underhanded, or going out of its way to cloak these sorts of exchanges. I do not agree with those interpretations.
Note: I am generally sympathetic to the idea of widely sharing genomic information and believe that good consent forms are transparent. This form is closer to what I'd like to see from a wider range of less ethical organizations.
This looks pretty good to me. First, it appears to be opt-in:
> Giving consent by checking the appropriate box below means that you agree to let 23andMe researchers use your Genetic & Self-Reported Information for 23andMe Research, as described above.
And they have a reasonable policy if you decide you want to opt out:
> At any time, you may choose to change your consent status to either take part in 23andMe Research or to withdraw all or some of your Genetic & Self-Reported Information from 23andMe Research. Your consent status is located in the 23andMe "Settings" page. ...
Choosing not to give consent or withdrawing from 23andMe Research will not affect your access to your Genetic Information or to the Personal Genome Service.
There's a pretty significant difference between "when you use their service you can opt-in to have your data added to the dataset" and "buried in the EULA is a clause saying they own your genes."
It appears some people in this thread use a rather creative version of "opt in" [1]. There is nothing "opt" about what has been described here, nor about Microsoft telemetry (it was opt-out last time I checked).
6. Do I have any alternatives? Can I withdraw from this study?
Your alternative is not to participate in the 23andMe Research study. If you choose not to give consent for 23andMe Research, your Genetic & Self-Reported Information may still be used for other purposes, as described in our Privacy Statement. If you do give consent to participate in this study, you may choose not to take 23andMe Research surveys or use other 23andMe Research features.
At any time, you may choose to change your consent status to either take part in 23andMe Research or to withdraw all or some of your Genetic & Self-Reported Information from 23andMe Research. Your consent status is located in the 23andMe "Settings" page (if you experience problems changing your consent status, write to the Human Protections Administrator at hpa@23andme.com). If you withdraw all or some of your Genetic & Self-Reported Information, 23andMe will prevent that information from being used in new 23andMe Research initiated after 30 days from receipt of your request (it may take up to 30 days to withdraw your information after you withdraw your consent). Any research on your data that has been performed or published prior to this date will not be reversed, undone, or withdrawn.
Choosing not to give consent or withdrawing from 23andMe Research will not affect your access to your Genetic Information or to the Personal Genome Service.
You may also discontinue participation by closing your Personal Genome Service account, as described in the Terms of Service. Requests for account closure can be made directly within your Account Settings.
> Your alternative is not to participate in the 23andMe Research study. If you choose not to give consent for 23andMe Research, your Genetic & Self-Reported Information may still be used for other purposes, as described in our Privacy Statement
Seems to imply that if you do not give your consent for whatever "23andMe Research" is, then they will still use the data for other purposes. So in other words if you do not opt in they will still use they data. That's not a normal definition of "opt in".
However, I don't know what is in the privacy statement. What are they able to do with the data if you don't opt-in?
I don't use Windows 10, but I from what I understand Microsoft had to make it GDPR compliant. I'm not sure they succeeded entirely with that (last time I checked, the German government did not find it GDPR compliant. Regardless, at the very least it was an improvement [which isn't an excuse]).
I think a clearer phrasing of that is "Consent is not freely given unless it's explicit". I'm fine with giving consent as long as I'm clear on what that is. General consent for using a service, to me, doesn't include using my data and/or information outside of what's needed to provide that service.
In this case it totally is. Your free to not use 23andMe if you don't consent. I do think, however, it shouldn't be buried in the EULA but communicated clearly.
> Your free to not use 23andMe if you don't consent
That is not how consent works.
If I am selling you an apple, but thereby you give me consent to use its genetics for research, and without that we do not do business, then there is nothing optional about it; no opt-in, no opt-out.
Opt-in is when the flag is disabled by default, and you can enable it if you want to, and use the product regardless of your choice.
Opt-out is when the flag is enabled by default, and you can disable it if you want to, and use the product regardless of your choice.
> In the United Kingdom, it is generally held that an organisation holding a 'controlling stake' in a company (a holding of over 51% of the stock) is in effect the de facto parent company of the firm, having overriding material influence over the held company's operations, even if no formal full takeover has been enacted.
Who do you think does most of the pharmaceutical research? According to some quickly googleable info, private funding for pharmaceuticals is about 5 times that of public NIH research [0]. And before we assume that it all goes into the executive pay, turns out that private pharma in the US reinvests more of its revenues back into research and development than any other industry in the US (according to the same source).
As for who pays for research, you're right that pharma companies now pay for over half of US biomed research, something that's been true for about a decade. I don't know how that "5 times" figure was calculated, but my figures show the government currently finances about 1/3 of biomed research, including almost all basic research.
Of course, pharma benefits from that research, too, and looking only at spends understates the value of those contributions. One recent study found that
"NIH funding contributed to published research associated with every one of the 210 new drugs approved by the Food and Drug Administration from 2010–2016."
What does that have to do with obtaining HIPPA/DNA data the way they did?
What does big pharma reinvesting more of its revenue back into R&D have anything to do with obtaining peoples DNA through any means but directly from the owners of the DNA?
Big Pharma also spends more in lobbying efforts than any other industry...in fact double the next industry (tech)...in fact they spend in lobbying what the #2 and #3 industries (tech and insurance) spend together. Were you aware big pharma lobbying goes towards R&D tax credits for themselves?
>Is there not a difference between using your data for research...and selling it to a pharmaceutical company attempting to develop a commercial drug?
No...? Precluding companies from coming up with cures for diseases based on researching this data seems to defeat one of the major points of medical research.
>Precluding companies from coming up with cures for diseases based on researching this data seems to defeat one of the major points of medical research.
Since when is privacy violations a major point of medical research? Did these pharma companies get your DNA through a 3rd party without your knowledge?
See https://news.ycombinator.com/reply?id=21815295&goto=item%3Fi...