[dekhn]

Providing another company access to deidentified data is "selling your data", to argue otherwise is just semantics.

Note that selling deidentified data (genomic, health, etc) is common in the industry already and 23&Me is hardly unique in this respect.

[dahinds]

I would not argue with you on that it is "selling your data". But I also think there are meaningful differences in harm levels for different kinds of "selling your data", and fully identified data has more potential harms than de-identified data where you have to assume that an adversary is willing to violate contracts and/or the law to learn about particular individuals.

There is considerable confusion about the distinction between aggregated data and de-identified individual-level data. I would say that I don't consider sufficiently aggregated data to be "your data" in a particularly meaningful personal sense of "your", even though there are still some re-identification risks from these types of datasets.

I was contesting the statement that "The data has already been sold... [and] the damage is already done" which I still think is highly misleading.

[dekhn]

I believe we're talking about de-identified individual-level data being sold or shared (https://www.23andme.com/about/individual-data-consent/) in this thread.

I don't think 23andme has been casual or callous with people's data; they are probably a step above the average firm that handles this sort of data. The consent process is well-documented.

My complaint has always been about 23&Me has always been Anne Wojciki's naivete about the utility of genomic data for health treatment, as well as whether her company needed to work with the government (she wrote a useful retrospective that helped shed light: https://hbr.org/2020/09/23andmes-ceo-on-the-struggle-to-get-...).

Most of us who worked in genomics at the time were sort of dumbfounded by her approach and wanted to know what magic she had that let her get as far as she did with the company and its product.

I don't have any problem with the family history side of the product; that's how my dad found out that he had a number of unexpected children (IVF through donated sperm) who were able to connect with him years after their conception. And I really wish disease genetics had turned out to be far more straightforward as I've long been fascinated with how complex phenotypes arise from genomes.

[dahinds]

The top-of-thread linked to an article that was specifically about aggregated data sharing, not individual-level data sharing. The consent document you're linking to did not exist when that article was written; our general research consent only covers aggregated data sharing. It was only in 2018 that we added the second-level consent for individual-level data sharing.

I think we've generally been pretty careful to present only scientifically well supported results, which has not helped the perceived utility of our health product. There are certainly valid arguments to be had about the business model.

[robwwilliams]

Thank you, thank you. Great comment.