The At-Home DNA Testing Fad Is Over, But Companies Still Have Your Data
For the past few years, it seemed like everyone and their mom was buying an at-home DNA testing kit. Millions of people bought tests from 23andMe, Ancestry, and other companies to learn about their heritage, connect with long-lost relatives, and discover their risk of certain medical conditions. People ordered them in droves for holiday and birthday gifts, and others bought 23andMe tests at Walgreens, CVS, and Walmart while getting their prescriptions filled.
But now, the enthusiasm for consumer DNA tests is waning. Sales of DNA kits have slowed, and in January, 23andMe said it was laying off 100 employees, about 14% of its workforce. This week, Ancestry announced it is also letting go of 100 people, around 6% of its employees. “Over the last 18 months, we have seen a slowdown in consumer demand across the entire DNA category,” Ancestry president and CEO Margo Georgiadis said in a blog post.
The post alluded to privacy as one reason for the slowdown. “Future growth will require a continued focus on building consumer trust and innovative new offerings that deliver even greater value to people,” said Georgiadis. In an interview with CNBC, 23andMe CEO Anne Wojcicki also acknowledged that privacy could be a factor.
Concerns around what companies can do with customers’ DNA and who they share it with have mounted in recent years, especially after law enforcement officials announced in 2018 that they had used an online DNA database to identify a suspect in the decades-old Golden State Killer case. Detectives uploaded the suspected killer’s DNA profile to GEDmatch, a free genealogical service where users upload their raw genetic data from DNA testing companies. The website was originally created to help adoptees find their birth parents but is increasingly being used to help crack cold cases. Though 23andMe and Ancestry don’t directly share customers’ data with law enforcement and said they will fight search warrants, there’s increasing pressure from police for them to do so.
And if you’ve opted to allow your DNA to be used for research, it could be shared with other scientists and organizations outside of the company that conducted your DNA analysis.
Even if you haven’t used an at-home DNA test, your genetic data could be at risk.
Adding to privacy concerns, the Pentagon recently warned members of the military against purchasing DNA kits like 23andMe and Ancestry, saying in a December memo that these tests “could expose personal and genetic information, and potentially create unintended security consequences.”
Questions about security may also be affecting sales. In 2018, DNA testing company MyHeritage revealed that a data breach in 2017 exposed the email addresses and encrypted passwords of 92 million users. At the time, the company said it stored other data, including users’ DNA data, in a separate system that was not affected by the breach. Genome sequencing firm Veritas Genetics also reported a breach that included customer information but not DNA data last November; it has since ended its service for U.S. customers.
Even if you haven’t used an at-home DNA test, your genetic data could be at risk. A 2018 study led by Yaniv Erlich, the chief science officer at MyHeritage, found that about 60% of people in the U.S. with European ancestry — including those that have not undergone genetic testing themselves — can be identified through their DNA using data from open genetic genealogy databases like GEDmatch. Once one or more of a person’s relatives are found on a database, their identity can be determined through their family lineages, combined with demographic information available elsewhere on the internet, such as their approximate age or area of residence.
People may no longer be buying DNA kits en masse, but DNA testing companies still have their users’ genetic data, which in itself is hugely valuable. 23andMe is using users’ DNA profiles and self-reported health data to develop its own drugs and form drug discovery partnerships with pharmaceutical companies like GlaxoSmithKline. And removing your DNA from companies’ databases isn’t as easy as you might think. You can delete your profile from sites like 23andMe and Ancestry, but if you’ve contributed your data for research, you can only remove it from future studies, not ones in progress.
If DNA testing companies want to win over new customers, they’ll first have to address the privacy issue. But even if they do, they will also need to figure out how to get users to come back to a service that, in most instances, is a one-time experience. Most people pay for a DNA test once and might only check back when the company adds a new feature, and this is why it may seem as though the DNA testing market has hit a saturation point. People who were interested in mapping their family trees or learning their ancestry likely have already bought DNA kits, and those who haven’t may still not see the value in them. “The DNA market is at an inflection point now that most early adopters have entered the category,” Georgiadis said in the blog post.
Ancestry is investing in a new DNA health testing service in an attempt to keep users coming back. In October, it announced the launch of a health test that will report on your risk of a handful of medical conditions, as well as a membership service that promises to offer more health insights over time. But consumer DNA tests analyze only a small number of genes, so they only provide limited information about disease risks. Often, it’s unclear how useful this information is to your health, and for otherwise healthy people, doctors haven’t figured out how to use this data in patient care.
In the future, it’s likely that people will get their entire genome sequenced as part of routine medical care, ending the need for consumer DNA health tests. And companies analyzing genetic data and the medical institutions using that information will face the same privacy and security issues, just on a much larger scale.