Insurance Companies Increasingly Using Cheap DNA Testing To Deny Coverage
Joel Winston — current consumer protection lawyer and former New Jersey attorney general — is offering up the periodic reminder that terms of service are rarely written with the user’s best interests in mind. Winston highlights the demands Ancestry.com makes in exchange for using its paid service. Two-thirds of those highlighted are standard operating procedure for far too many services. [h/t War on Privacy]
The first is the perpetual license users grant Ancestry.com for exploitation of their DNA data. Again, this sort of thing can be found at many services heavily-reliant on users’ contributions. And many of those not only want your money, but the opportunity to sell off data as well.
Specifically, by submitting DNA to AncestryDNA, you agree to “grant AncestryDNA and the Ancestry Group Companies a perpetual, royalty-free, world-wide, transferable license to use your DNA, and any DNA you submit for any person from whom you obtained legal authorization as described in this Agreement, and to use, host, sublicense and distribute the resulting analysis to the extent and in the form or context we deem appropriate on or through any media or medium and with any technology or devices now known or hereafter developed or discovered.”
It’s not particularly heinous. (Yes, I’m damning it with faint damnation.) But it’s no better than countless other services, and this one deals with DNA, which is arguably more personal than, say, tweets… or coarse demographic info. It would be nice to know this up front. Ancestry.com can claim it does inform users of this, but it’s part of a lengthy Terms and Conditions which contains enough dense language and boilerplate legalese to deter all but the most detail-oriented from reading it all the way through.
Opting out is, of course, much more difficult. As Winston notes, several hoops must be jumped through to pull your DNA out of this broad “agreement.” It also takes the company 30 days to handle users’ requests, and it doesn’t affect any studies, etc. the company has already supplied with your DNA data. It also may involve phone calls, which is super fun in the age of digital communications that leave a better, more easily-verifiable paper trail.
On top of that, there’s the arbitration clause, which will ensure users have as little leverage as possible should they be unhappy with Ancestry’s services or handling of DNA data. This, too, is sadly a part of too many terms of service agreements. Arbitration forces users to play on the company’s playground, rather than the more neutral field created by filing a civil complaint. This sucks, but once again, it’s nothing that’s unique to Ancestry.com.
What’s most disturbing about Ancestry’s growing DNA collection is something Glyn Moody highlighted here a couple of years ago.
According to an article on Fusion.net, Ancestry now has over 800,000 samples, while 23andMe has a million customers (Ancestry says that a more up-to-date figure is 1.2 million members in its database). Those are significant holdings, and it’s only natural that the police would try to use them to solve crimes; both companies confirm that they will turn over information from their databases to law enforcement agencies if served with a suitable court order.
Customers’ DNA info — processed by Ancestry.com — becomes nothing more than a third-party record. The company says it only complies with court orders, but there’s a lack of specificity in that statement. A court order may be nothing more than a subpoena, rather than a search warrant. Third-party records have a lowered expectation of privacy, which means warrants aren’t a necessity.