This post has been updated to include a response from BGI.
BGI is conducting additional analyses using genetic data collected through its non-invasive prenatal genetic test, which has been taken by millions of women across the world, according to Reuters.
It adds that BGI developed its prenatal genetic test called NIFTY — which tests for 84 different genetic conditions, like Down syndrome — in collaboration with Chinese military, and that some 8 million women have taken the test.
Reuters reports that the company is using leftover testing samples for population genetics research, including studies of mental health risk and viral susceptibility. In an in-depth report, it says the company collects genetic information about the mother as well as personal information such as height, weight, the country where she lives, and medical history — though not her name — and this data may be stored in the China National GeneBank in Shenzhen. Reuters notes that it found no evidence the company violated patient privacy agreements or regulations but did find that women taking the test did not realize their data might be sent to China.
Reuters notes that other companies selling similar prenatal tests also reuse data for research purposes but adds that those firms do not have the scale of BGI or its government and military ties. The US, it adds, has warned that China's collection of genetic data may pose national and economic security risks, in addition to privacy risks.
China's Ministry of Foreign Affairs tells Reuters that its report represents "groundless accusations and smears" of US agencies.
In a statement after the Reuters report came out, BGI disputes some of the claims made. It, for instance, says that BGI developed its prenatal genetic test by itself, not in partnership with the Chinese military, and says that data collected from women outside China is not stored in China's gene bank, but at BGI's Hong Kong lab and is destroyed after five years. The company further says its data privacy standards meet that of national and international requirements, including the GDPR in the European Union.