23andMe received clearance last week from the US Food and Drug Administration to market its Bloom syndrome test, as GenomeWeb has reported, noting that carrier tests may soon no longer be subject to premarket approval.
In addition to its genetic testing plans, 23andMe also offers its access to its database for research — it has announced deals with Genentech, Pfizer, and others — and the New York Times has asked a panel of experts this week to weigh in on the resulting questions regarding anonymity and privacy.
"Should commercial companies share genetic information for research purposes? Is it an invasion of privacy or is the potential for scientific breakthrough more important?" the Times asks.
Ifeoma Ajunwa, an assistant professor of law at the University of the District of Columbia, notes that researchers have been able to take anonymous DNA and some demographic data like age and state of residence to track down donors, while other researchers have reported that it's even possible to fabricate DNA-based evidence. "Thus, even if the data 23andMe shares with Genentech is anonymized, there is no certain safeguard of the privacy of 23andMe's clients, and there is the possibility for foul play," she says.
Similarly, Marcy Darnovsky from the Center for Genetics and Society notes that once genetic data is sold, the person to whom it came from no longer has any control over it. Instead, she suggests that genetic databases be designed as charitable trusts in which donors have some say over its governance.
Stanford Genetics' Somalee Datta adds that a platform should be able to be built that allows for the sharing of data, but also the maintenance of privacy. "A technology platform can be built that supports institutional and governmental policies and streamlines patient consent process or even lets patients monetize their data, while simultaneously allowing for distributed analysis methods already prevalent in Big Data analytics," she says. "This would let researchers harness data across hospital systems using algorithms, without the data ever leaving hospital's boundaries."
Meanwhile, Frank Pasquale, a law professor at the University of Maryland, says that companies like 23andMe should insure against data breaches so that the user doesn't bear the brunt alone.