Do You Think It’s Safe to Send Your DNA to 23andMe?
Here’s The Scoop
In a shocking revelation, genomics giant 23andMe has become the latest victim of a massive data breach. But here’s the twist: it’s not the company’s servers that were hacked. Instead, the cybercriminals targeted individual user accounts, allegedly those with repeated passwords.
Once they gained access, the hackers could exploit the “DNA relatives matches” function of 23andMe to extract information about thousands of other people. This incident forces us to reconsider our notions of privacy, data security, and corporate accountability in the information age.
The unique nature of genetic databases means that anyone’s DNA data can reveal information about others who share their genetic code. When someone sends a sample to 23andMe, the company obtains genetic information about that person and their relatives, regardless of whether those relatives consented to data collection.
This breach underscores the far-reaching implications of personal data decisions. Every choice we make about our data has spillover effects on others. Individuals can face consequences ranging from financial loss to discrimination due to data practices that rely not only on their information but also on information about others.
The 23andMe case highlights the equity issues inherent in the information economy. Hackers are now selling the stolen genetic information, including lists of people with Ashkenazi Jewish ancestry. These individuals now face an increased risk of discrimination or harassment as their names and locations have been leaked.
This episode serves as a stark reminder that we need privacy laws that understand the workings of the information economy. The current practice of obtaining individual agreements for data collection fails to recognize broader interests beyond the person who agreed. In order to prevent group data harms like those caused by this hack, we need clear rules about what companies can and can’t do.
In the era of indiscriminate data collection and risky data usage, it’s high time we ensure that corporate data practices prioritize safety obligations for everyone, not just the individual.
What do you think? Let us know by participating in our poll, or join the discussion in the comment section below!