As word spread last year that 23andMe was about to go bankrupt, many of their millions of customers wondered if they should delete their data. Social and conventional media were quick to offer advice, sometimes coming from experts in genetics and genomics–my field, I should note–on how to go onto the 23andMe website and delete all of your data.
In March of this year, the California attorney general issued a warning that 23andMe was “in financial distress,” and he told Californians that they ought to seriously consider deleting all their data. The Washington Post was even more direct: “Delete your DNA from 23andMe right now,” they wrote in a headline. Why? Because your privacy is at risk, they claim.
I didn’t delete mine. Now, just a few month later, 23andMe is back from bankruptcy, and the Washington Post once again told everyone “you should still delete your DNA.” I’m still not going to do that. Let me explain why there’s really nothing to worry about.
First, what exactly does 23andMe collect from its customers? Despite the near-hysterical warnings from the WashPost and other sources, 23andMe doesn’t have “your DNA.” Your genome (which contains all your DNA) has 23 pairs of chromosomes (that’s where the name 23andMe comes from), and all together they add up to about 3.1 billion letters (nucleotides) of DNA. It might be cool if 23andMe had all that, but they don’t!
Instead, when you spit into a tube and send it to 23andMe, they run what’s called a DNA “chip” on your sample. This chip identifies less than a million individual nucleotides scattered around the genome (about 640,000, actually). But for the sake of argument, let’s say they have 1 million letters of your DNA. That’s a tiny percentage: about 0.02% of your genome. So no, they don’t have your genome, but they do have a small sample of it.
What’s fascinating–and a lot of fun, for some–is that by comparing these scattered landmarks, called SNPs or “snips,” you can get a very accurate picture of how closely related two people are. For example, you share half your DNA with your parents, siblings, and children, so you should share approximately half of these SNPs. For a niece or nephew, you share about 1/4 of your SNPs, and for a first cousin, 1/8. I have multiple relatives on 23andMe, and I can see them all in the DNA Relatives section. (I have fewer there now, because several of them deleted their data.)
23andMe also tells you your genetic “risk” for dozen of traits and a few genetic diseases. However–and here’s the rub–some 25 years after the human genome was sequenced, and despite huge efforts to link genes and disease, there are almost no SNPs that tell you anything consequential about your health. If you have a genetic disease, you almost certainly already know about it, and if you don’t know, then the 23andMe data just isn’t going to reveal anything.
Okay, so now that we’ve covered that, let’s go back to this privacy claim. The WashPost says you should worry because 23andMe might not protect your data, and might even sell it to a third party without your consent. My response is: so what?
The fact is that if you’re worried about privacy, you should be far, far more concerned about all the data that various companies are hoovering up about you based on your online activity. Are you browsing the web only in private or “in cognito” mode? If not, then companies are already buying and selling tons of information about you–information that is far more revealing than a SNP chip. Do you have a Facebook, Instagram, or TikTok account? Then you can be sure that Facebook and other companies know a great deal about you.
The privacy concern about DNA is that (according to some) it’s information that you can’t change. True enough–but plenty of other private information is just as permanent, or nearly so, and you’ve already shared that far more than you might realize.
... continue reading