Online DNA testing kits: entertaining yet invasive

Online DNA testing kits: entertaining yet invasive

In the realm of recreational genetic testing, a growing trend that promises insights into one's ancestry and health, the French data protection authority, CNIL, plays a significant role. This role is centred around ensuring that the genetic data privacy rights of users are upheld in accordance with the General Data Protection Regulation (GDPR) and national health data protections.

Genetic Data Classified as Sensitive Personal Data

Genetic data from recreational tests is classified as health data, a type of sensitive personal data under GDPR and French law. This classification triggers stronger protection requirements for processing, storing, and sharing such data.

CNIL's Regulatory Role

CNIL enforces compliance with GDPR principles like informed consent, data minimization, purpose limitation, and data security for genetic testing companies operating in France. Providers hosting or processing genetic data must also comply with additional frameworks such as the HDS certification, which ensures high standards of security and confidentiality for health data hosting in France.

Potential Issues and Concerns

Despite the promises of these tests, there are concerns about the accuracy of results due to the lack of transparency in the methods used. The interpretation of genetic data depends on computers, increasing the potential for errors and misinterpretations.

Moreover, the transmission of data to third parties and the purposes of these transmissions are often vague in the general sales conditions and contractual documents. Estimates suggest between 100,000 and one million French people have already bought an online DNA kit, yet advertising and influencer campaigns for these tests were distributed to French people between 2018 and 2022, despite it being strictly forbidden to advertise this type of service.

CNIL's Actions

In March 2024, the CNIL called for vigilance regarding the use of recreational genetic tests on the internet. Users can file a complaint with the CNIL if their data has been sold without their consent. The CNIL can impose fines of up to 20 million euros or 4% of turnover for breaching the GDPR if it acts illegally.

Partnerships and Research

Partnerships between genetic testing companies and other organizations for research purposes have been observed. DNA composition comes from 50% of the mother and 50% of the father, leading to potential differences in genetic heritage among children tested. DNA is not changeable and is shared with close relatives, making it important to consider the implications of giving DNA to genetic testing companies, which is akin to entrusting family DNA (descendants, ascendants, and close family).

Genetic Data Privacy Implications

The genetic heritage of ancestors can also differ among children tested, and the potential abuses of genetic testing include health insurance companies increasing fees for policyholders with a high risk of dying before 50. Given these concerns, it is crucial for users to be aware of the potential risks and to take steps to protect their genetic data privacy.

[1]: CNIL Practical Recommendations and Regulatory Guidance on AI Models and Genetic Data Privacy: https://www.cnil.fr/en/practical-recommendations-and-regulatory-guidance-ai-models-and-genetic-data-privacy [3]: HDS Certification for Health Data Hosting in France: https://www.cnil.fr/en/hds-certification-health-data-hosting-france

1. Genetic data obtained from recreational tests is categorized as health data, a type of sensitive personal data under GDPR and French law.
2. The French data protection authority, CNIL, is responsible for ensuring the privacy rights of users regarding their genetic data are respected in accordance with GDPR and national health data protections.
3. CNIL enforces compliance with GDPR principles like informed consent, data minimization, purpose limitation, and data security for genetic testing companies operating in France.
4. Providers hosting or processing genetic data must also comply with additional frameworks such as the HDS certification, ensuring high standards of security and confidentiality for health data hosting in France.
5. There are concerns about the accuracy of results from recreational genetic tests due to the lack of transparency in the methods used.
6. The potential for errors and misinterpretations increases as genetic data is dependent on computers for interpretation.
7. Transmissions of data to third parties and the purposes of these transmissions are often unclear in the general sales conditions and contractual documents.
8. Between 100,000 to one million French people have already purchased online DNA kits, yet advertising and influencer campaigns for these tests were distributed to French people between 2018 and 2022, which is strictly forbidden.
9. In March 2024, the CNIL called for vigilance regarding the use of recreational genetic tests on the internet.
10. Users can file a complaint with the CNIL if their genetic data has been sold without their consent.
11. The CNIL can impose fines of up to 20 million euros or 4% of turnover for breaching GDPR if it acts illegally.
12. Partnerships between genetic testing companies and other organizations for research purposes have been observed.
13. DNA composition comes from 50% of the mother and 50% of the father, leading to potential differences in genetic heritage among children tested.
14. DNA is not changeable and is shared with close relatives, making it important to consider the implications of giving DNA to genetic testing companies.
15. The genetic heritage of ancestors can also differ among children tested.
16. Potential abuses of genetic testing include health insurance companies increasing fees for policyholders with a high risk of dying before 50.
17. Users should be aware of the potential risks and take steps to protect their genetic data privacy.
18. CNIL provides practical recommendations and regulatory guidance on AI models and genetic data privacy on its website.
19. The HDS Certification for Health Data Hosting in France is another framework genetic testing companies must comply with, as per CNIL.
20. Despite the promises of these tests, their accuracy is still a significant concern due to the lack of transparency in methods used.
21. Excessive data transmission to third parties and unclear purposes for these transmissions are major issues that haven't been adequately addressed in the general sales conditions and contractual documents.
22. The CNIL has published guidelines and recommendations for AI models and genetic data privacy, offering insights on best practices for businesses operating in this area.
23. Genetic data is essential in various aspects of health and wellness, including chronic diseases, cancer, respiratory conditions, digestive health, eye health, hearing, and mental health.
24. Adequate fitness and exercise, autoimmune disorders, skin care, therapies, and treatments, nutrition, cardiovascular health, and neurological disorders can also be impacted by one's genetic makeup.
25. Taking good care of one's skin is essential for overall health and wellness, and the choice of skin-care products can significantly impact skin conditions.
26. The potential for errors and misinterpretations of genetic data raises questions about predications related to diet, physical fitness, and even mental health.
27. Users should be mindful of the potential implications of sharing their genetic data and educate themselves on the latest research and developments in genetic testing, cybersecurity, and privacy laws to protect themselves and their families.

Read also: