You mean "How the 23andMe marketing department put the best spin possible on a massive FDA compliance failure by getting tech sites to write personality-driven fluff pieces, putting the CEO in the best possible light."
A number of changes to their terms of service over the last few days indicate that the change in their business model may have come at the cost of user data protection. See recent change diluting privacy protections enjoyed by their users.
23andMe will never release your individual-level Genetic Information and/or Self-Reported Information to any third party without asking for and receiving your explicit consent to do so
I would not imagine 23andMe handing out a table with people's names in one column and their genetic info in next. And their terms and conditions clearly say that.
However, with the changes cited, they are lowering the level of protection they used to offer in order for their client companies to not be able to deconvolute data in order to build that table.
Users are informed of the changes, that is what matters.
That can be assumed to be true of any statement made in such a policy, regardless of whether it's there or not. No company can credibly claim that they will defy the law on your behalf.
The first exception that comes to mind is tarsnap. Who does not only offer that promise, but offers code and reasoning for why it is impossible for them to compromise your data even if law enforcement comes calling!
Lavabit also comes to mind. While they could have technically compromised their customers, when law enforcement came calling (after Snowden famously used them), the owner chose to shut down instead of complying with the requests of law enforcement.
I actually wonder about any potential adverse effects it might have.
For some time now I've wanted to try such service for kicks and giggles but the thought of getting a result like you have some gene which makes it more likely for you to get toe cancer by 700% which will pester me for the rest of my life even if it has very low scientific value always bugged me enough not too.
Sure if i was going to die I would rather know about it sooner than later, but I never thought that filling my head with the potentialities of mortality was warranted.
Then you are lucky. You could have been told you have brca, huntingtons, or several other horrible genetic disease. A negative test is often the best result!
It'd be nice if they offered some sort of backup. I fear I'm going to lose access to all my health reports when they switch over to the parenting-centric model.
You can download your genotype SNP data as a backup. I don't know about the health reports (are they so voluminous that you cannot open up each in a tab and then save them all as a batch of HTML files?) but there's a partial replacement in the form of the Promethease service which will take a SNP export and try to summarize any interesting hits.
If I scraped it myself, there'd be over 400 pages. Looks like they don't do async fetches for the main pages until you use the risk indicator (e.g. to try different age ranges to see when you're most likely to have a health problem).
So, as long as they don't ban your account for scraping, you could probably write a script to get most of it. I see personalized data in the view-source, which is a good sign (it means they server-render the personalized bit).
They have a lot of customers. Many of my software engineering friends, myself included, are well aware of the privacy implications and got a kit anyway.
- I like my genome is contributing to science. Not just privatized science, but anyone that wants to use the API.
- I like I'm able to find what I'm at risk for. For all the knowns now, and more once we continue to unravel the mysteries of the genome.
- I like the ability to use d3.js to make neat visualizations on my data and open source my work.
All of these pros outweigh the potential privacy issue for me. It comes down to: do I really care if someone steals my genome data? Even in the future, worst case scenario if you could spit out a clone using my genetic data, ultimately I'm not sure I really care.
I'm typically an open kind of guy, though. (Indeed, all my open source work is public domain) Thought I'd share an alternative opinion.
Just so we're clear, we're talking here about a private company with an API, not a non-profit, foundation or anything that would indicate that they are working for the public interest. The FDA banned them from advertising their kits because there was no scientific proof that these kits are able to tell customers if they are at risk for something.
So basically you've given away your genome data because you like making neat visualisations.
They might be a for profit company, but they haven't actually made a profit.
I don't understand the mentality of your post. On the one hand, you seem to think that profit and public interest are mutually exclusive. They aren't. They are overlapping concerns, as in two circles on a venn diagram partially overlapping.
On a personal level, you make an admonishing statement that the parent gave away their data for "neat" visualizations. I infer from this that you are saying they are giving away more than they got. The opposite of this would be profit (getting more than you gave). So you don't like 23andme because they want to get more than they give, and you admonish the parent because they gave more than they got.
The FDA banned them from advertising, not because there was no scientific proof, but because they didn't know how to present the data in the way the FDA could understand.
Regulatory agencies have their own lingo and methods and they are obscure, requiring the use of people who's sole job is to be the adapter between the regulators and everyone else.
23andme made a mistake likely out of ignorance regarding just how difficult it is to navigate regulatory waters. The FDA didn't grant them rights to marketing because they did anything new technically. It was because they are doing new things bureaucratically.
You are really grasping at straws to defend this company. I will do both of us a favor and skip the mental gymnastics about giving, getting and profit.
But... the FDA didn't "understand" 23andme's data? And the company made an innocent mistake when it comes to presenting data? This letter from the FDA describes exactly what was and was not done and obliterates any arguments like the above: http://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2...
I work with regulating entities just like the FDA. I know what I'm talking about. I doubt you do. Especially if you think my post was so difficult to understand that it required mental gymnastics.
Getting more than you give is the very definition of profit. It doesn't mean you don't give. It's a relative term. It is possible for both parties of an exchange to profit, from each party's point of view.
The letter you posted was the last in a series, where the FDA, after numerous attempts to explain what they needed, gave up and pulled the plug. It's like a divorce, there are often many attempts at reconciliation before the plug is pulled, but if communication isn't working for whatever reason, the papers are served. And usually pretty easy to understand at that point.
And if you donated blood recently "they"(evil quotation marks!) might actually have it already, not sure about the US but in many places these days when you donate blood they ask you if you want to be added to the bone marrow donor list which means that they genotype (at the least) your sample if you agree to it, in some place i think it's even by default these days.
>> Many of my software engineering friends, myself included, are well aware of the privacy implications and got a kit anyway.
No you are not. Nobody is "aware" what 23 can do with your information just yet.
This is much different than signing up for a Facebook account. I bet 23 didnt figure the way to make serious money on this just yet. I mean after all they wont stop on $99 per client (minus costs).
There are countless examples, but one anecdote I can throw you is a couple I know, both of whom have one parent who was adopted, and thus are ignorant of about half their collective genetic heritage. They were getting ready to have children, and wanted to make sure they weren't prone to any “surprises”.
Google is successful because it’s useful. These tests are useful. blah blah
Is this comment a joke? What are they going to do with your gnome that you're worried about? Considering, on average, dozens of companies have your social, bank account information and other really important data why is it your gnome that crosses the line?
If you're waiting for a non-profit to do this you're going to be waiting for a while. This is expensive and difficult.
* You also consent to your personal information, including sensitive information, being transferred in the event of a business transition such as a merger, acquisition by another company, or other transaction or proceeding. In such a case, your information would be used as set out in any pre-existing Privacy Statement.
* [...] As stated in any applicable Consent Document, however, Genetic Information and/or Self-Reported Information that you have previously provided and for which you have given consent to use in 23andMe Research cannot be removed from ongoing or completed studies that use the information. Our contracted genotyping laboratory may also retain your Genetic Information as required by local law and we may retain backup copies for a limited period of time pursuant to our data protection policies. [...]
