Private genetics company 23andMe has published a transparency report, revealing the number of requests for customers’ DNA the company has received from law enforcement authorities.
Last week, when we learned about authorities turning to private genetics companies to find a match for DNA found at a crime scene, concerns were raised over how often this occurs and whether laws should be made to prohibit this practice. In an email to Fusion, 23andMe’s privacy officer Kate Black stated that the genetics company had plans to publish a public transparency report on its website within the next couple of months. Just one week later, the report is up—and reportedly contains every request 23andMe has had from law enforcement agencies seeking to gain access to their genetic database.
According to the report, 23andMe has received four requests from state authorities and the FBI, covering five of its users’ accounts. That means that five users and potentially their close family members who had not even submitted their DNA, had DNA that could have been of use to authorities. However, the company claims to have been able to deny all of these requests and has not turned over any of their customers’ DNA to authorities.
Back in March of this year, authorities searched the genetic database of Sorenson Molecular Genealogy Foundation, a company owned by Ancestry.com, whose databases were publicly available online. Ancestry has since removed that database from public access; however, unlike 23andMe, the company has not made public how many requests from authorities it has received, nor has it announced any plans to do so.
When genetics companies first started selling direct-to-consumer DNA analysis, privacy groups raised concerns over what the companies were going to do once they acquired a large enough database. 23andMe as well as Ancestry seem to have just about reached this point. 23andMe now has well over a million customers and just yesterday they announced that they have regained FDA approval to sell their direct-to-consumer tests again (which was shutdown by the FDA back in 2013). Now, these large databases are not only attractive to pharmaceutical companies and insurance companies, but also clearly to the authorities.
Reports like this are normally published by large technology companies like Google, Facebook, and Verizon, Fusion reports. It’s one of the first issued by a health-tech company, but it won’t the last. 23andMe plans to send out this report on a quarterly basis.
Right now, no laws prohibit authorities from requesting information from private genetics companies, but advocates have called for laws to be put in place. For now, 23andMe’s lawyers have largely been able to fend off the authorities, but as the databases grow, this may prove harder to do.
23andMe does offer concerned customers an option to delete all their information from the company’s database.