Originally published by the Harvard Law Petrie-Flom Centre
Written by Rachele Hendricks-Sturrup

“Any idea we had about privacy is over,” says Dr. Julia Creet, leading international scholar in Cultural Memory Studies, Professor of English at York University, and author of the upcoming book, The Genealogical Sublime. In 2017, Dr. Creet received a York Research Leader Award in part for her investigative work and documentary entitled, “Data Mining the Deceased: Ancestry and the Business of Family,” which received critical acclaim and is streaming on demand in the U.S., Canada, and abroad. Dr. Creet also received a York President’s Research Impact Award in 2019 for her research on digital privacy, data mining, genealogy, and memory.

Dr. Creet’s work builds on Bill of Health’s key ethical and legal discussions around the direct-to-consumer (DTC) genetic testing and health data privacy. Dr. Rachele Hendricks-Sturrup, genetics and privacy scholar and research fellow at Harvard Pilgrim Health Care Institute and health policy counsel at the Future of Privacy Forum, recently sat down with Dr. Creet to discuss emerging issues and concerns about genetic privacy (or a perceived lack thereof) in an increasing information and genealogical age. The following interview has been edited for length and clarity.


Dr. Rachele Hendricks-Sturrup: Regarding genealogical recording in the era on increasing DTC genetic testing, you’ve mentioned in your upcoming book, “Any idea we had about privacy is over.” Tell us a little more about your thoughts here.

Dr. Julia Creet: I made the statement that any idea we had about privacy is over in response to a number of troubling trends in genetic genealogy. DTC genetic tests have revealed long-held family secrets, biological parents and siblings of adoptees, and the identities of sperm and egg donors. In each case, the question of the right of the searcher trumped the rights of those who wanted their privacy protected. In a few cases, sperm donors have sued for invasion of privacy. What these cases show is that even if we think we are protected by the privacy provisions of donor agreements or closed adoptions, genetic tests can leap over those privacy barriers. Many genealogists have declared that there will be no more family secrets in the future. So, family privacy is a thing of the past, which may or may not be a good thing. On a larger scale, law enforcement use of DTC genetic testing databases has demonstrated that data uploaded for one purpose can be used in the future for a completely unanticipated purpose. Without the ability to predict future uses of this information, we cannot put a privacy policy in place that will anticipate all the unforeseen future uses. I think the most telling cases in the last few weeks are the recent warrant that allowed law enforcement access to the GEDmatch database even though most users had opted out of having their results included in searches, and the rather frightening report for Peter Ney about the ease of malware intrusions on genetic genealogy databases.

Dr. Rachele Hendricks-Sturrup: Some research stakeholders, like the Personal Genome Project (PGP), have argued that privacy, confidentiality, and anonymity are “impossible to guarantee” in research contexts like the PGP, where public sharing of genetic data is an explicit goal. In your opinion, does this also apply to the existing genealogy research projects you mention in your new book? Might you elaborate? 

Dr. Julia Creet: Absolutely. The least secure database is the public genealogy database GEDmatch because the explicit goal of users is to connect with as many people as possible. More importantly, consumers don’t recognize that they are compromising the privacy of all of their family members as well given the links between the genetic data and the genealogical information. Genetic data on its own doesn’t identify individuals unless explicitly linked; DNA data linked with genealogical information is much more difficult to de-identify given that the combination of family trees with DNA data make the links between genetic cousins–as many as 800. Law enforcement was drawn to this database precisely because the database had fewer privacy provisions and linked people in ways that most other genomic databases don’t. I believe it is one of the least secure genetic databases.

Dr. Rachele Hendricks-Sturrup: GEDmatch has received and continues to receive a great deal of media attention around issues involving law enforcement and consumer privacy. When DTC genetic testing consumers upload their genetic data to genealogy websites like GEDmatch, do the consumers’ ownership and control over their genetic data erode?

Dr. Julia Creet: So in early December, 2019, GEDmatch announced that it was acquired by Verogen. Inc., an independent forensic genomics company. Verogen swears that it will protect consumer privacy but now the database will be mined by a company that sells information directly to the police (and presumably other companies such as Parabon). Once again, DTC genomic genealogy information has been commodified in the interests of an industry that has nothing to do with the original purpose for which that data was collected. And, as is the case with all these database sales (for example, Ancestry.com’s acquisition of Sorenson Genetics), genealogists who contributed to the database will now have to pay for access to their own information. As Dan Taggart, one of the founders of Ancestry.com told me, “Ownership of genealogical information is a grey area”—as ownership goes so does privacy.

Dr. Rachele Hendricks-Sturrup: Thank you very much for giving us your thoughts on these issues. Very insightful and certainly thought-provoking. Is there anything else you would like to share?

Dr. Julia Creet: Well, yes. One recent story and event has made me even more uncomfortable lately: Google’s “Project Nightingale.” What I don’t see is anyone making the connection (and call me paranoid, but I don’t see why Google wouldn’t connect these databases) between the health records that Google is acquiring and the genetic genealogy datasets to which they already have access. Ancestry’s largest biotech partner is Calico, a Google-owned company; 23andme is a Google subsidiary. So, Google has access to the largest genetic genealogy datasets in the world and is now approaching the privacy breach that Iceland’s supreme court ruled against in the case of DeCODE when the company wanted to analyze the country’s medical records along with DNA data and the genealogical information. Again, combined, the information is tremendously valuable for medical research, yet poses huge privacy risks. The Iceland court ruled against the notion of “presumed consent.” It doesn’t look like Google or Ascension has any concerns about presuming the consent of any of the patients whose records have been swept up in “Project Nightingale.”

Dr. Rachele Hendricks-Sturrup: Actually, it is interesting that you brought up Project Nightingale. Google and Ascension provided public statements about how they are handling the data for this project. What do you make of this? Is this enough to reassure the public that Project Nightingale is meant to serve the public good? 

Dr. Julia Creet: I think the reason I find project “Nightingale” dubious as a collaboration in the interests of the public good is that in Canada all management of electronic health records is provided by Canada Health Infoway, an independent, non-profit organization, funded by the federal government. Google refuses to disclose the financials of the deal, which we have to assume is fairly lucrative given that they are also dealing with some of the highest-end private providers, e.g., Cleveland Health. The idea that medical records can be commodified by health providers is anathema to Canadians. Google swears that they will not cross-reference the Nightingale database with any of the other health sector databases that they store. Obviously, they know that this is a sensitive privacy issue. Project Nightingale is with Ascension, a faith-based Catholic health care company. Since Ascension works with “the poor and the vulnerable,” Google claims that it too is working on behalf of “disadvantaged communities.”  It all seems above board, but will they treat the records of some of the most vulnerable Americans the same as those of America’s richest citizens? One would hope so.