Two days ago a received forwarded internal email from Ancestry.com from a nice young lady in the UK who wanted me to review her family tree since genetically it appears we may have a common great, great, grandfather.
I declined.
Three and a half years ago, after a discussion with my wife, we decided to both do an Ancestry profile – mostly to see how much Irish heritage we both had. It didn’t cost very much, and the results were rather amusing.
Since that time, I have occasionally received offers to upgrade my account or to do more detailed tests, which I have always ignored.
But now I am getting emails about matches from people I don’t know, which is matching very fine-grained information within a large database.
I suppose this isn’t a surprise, and it certainly isn’t their fault. For at least years I have been aware of some of the complexities associated with crossing the digital-DNA divide, and I should have spent more time thinking through the significance of giving my DNA information to a company whose core purpose is to monetize genetic information, and I have no doubt that when I signed up I gave consent to fairly broad use of my data.
But to what level did I give informed consent? Did I know that I would be having my genetic information matched with strangers, and then allowing these strangers to reach out to me via email 3 years out? 5 years out? 10 years out? ( Here I am not talking about the legal issue of informed consent, but rather the ethical issue of informed consent)?
Certainly, the concept of ownership of health-related data is both legally and ethically a hot topic right now, and this isn’t limited to Ancestory.com. For example, what about the GlaxoSmithKline stake in 23andMe or the UnitedHealth Group purchase of PatientsLikeMe? When people signed up years ago for these services, did they understand that years later their data would be for purchase by some of the largest healthcare companies in the world? Doubtful.
Anyway, I have no easy answers to any of this; in fact, I barely have an understanding of just a few of the important questions.
Personally, I did end up fully deleting my Ancestry account, and have been assured that this will include deleting my complete DNA data set—but I suspect the extent digital information ever really gets deleted often remains to be seen.
And I am certainly going to be even more cautious in the future sharing any of my health data in the future.
But in my heart-of-hearts I know it is too late. For me, and most Americans, the Health-Data-Rubicon has been crossed, and like it or not, perhaps under the guise of de-identification, or new ownership, or subcontracting services most of our health data is floating out there, waiting for someone to monetize it.