In recent months, there have been reports in the media concerning the use for law enforcement purposes of personal genetic information submitted to commercial companies in the interests of determining ancestry. This has raised questions that need wider scrutiny and debate.
Such ancestry databases collect and store genetic information provided by paying customers who, in exchange, obtain access to a database where they may be able to find genetic matches with other customers, and so establish a degree of relatedness. Companies usually state that consumers’ genetic information will be kept private and confidential within the context of the ancestry database and will not be shared with third parties without their consent, with the exception of their being compelled to do so by law enforcement authorities.
A clear definition of the categories or limits of such cases is not provided by the companies, since this would be variable depending on the circumstance, as well as from country to country. However, this unavoidable imprecision may leave room for misinterpretation and an incomplete understanding of the facts from the customer’s perspective.
The legal framework under which any one company selling ancestry testing and holding the database operates is another potential problem. It would be plausible to assume this would be according to the regulations of the country where the company is registered, which might in itself not be familiar to the customer. However, it would be reasonable to speculate that there might also be a complex interplay with the legal framework of the country of origin of the customer, as well as of international regulation, particularly when serious crimes or immigration policies are involved.
Furthermore, the customer might reasonably assume that such particular circumstances would apply in the case where they themselves are suspected of committing a crime. Instead, those cases reported recently show that access to these databases has been exploited by authorities for the purpose of looking for relatives or fellow nationals of a suspect, who is not himself a customer of the company, with the aim of confirming identity or nationality. In order to do this, every search has to examine data from a large group of customers and not only one individual or a small, restricted group. This represents a serious threat to the privacy of individuals not suspected of committing a crime.
This is not an ‘in principle’ matter. Instances of non-paternity, for example, could be revealed through this process. If others were to gain access to the database, this information could be exploited for personal or even criminal reasons.
Informed consent of the person involved is waived in cases of law enforcement, but such consent is still needed for the initial request for testing and registration to the database. Understanding this level of complexity is not trivial and can test the implication of ‘meaningful’ alongside ‘informed consent’.
Finally, the use of commercial databases containing data acquired mainly for ‘recreational’ use, might not be fully compliant with the recently published guidelines for the storage and use of genetic data (Forensic Genetics Policy Initiative’s 2017 Report: ‘Establishing best practice for forensic DNA databases’) from a technical and procedural perspective.
On this basis, we would encourage all relevant stakeholders to start discussions on the use for forensic purposes of genetic information available in the public domain and in non-forensic databases. Access to a private genetic information outside of the scope of the individual consent is an exception that responds to a specific goal: to contribute to justice. This access must be established through laws or the constitution, so as to guarantee the protection of innocent people.
We urge current and future customers to acquire all the information needed before undertaking commercial genetic testing, particularly for purposes that are not health-related.