In our interconnected world, Many families today are dispersed over several nations or even continents. It is common for people to venture abroad in search of their ancestral roots, often investing significant sums of money in tracing centuries-old family records.

It is no wonder that online genealogical resources have gained immense popularity. These platforms allow users to create their family trees , upload photographs, and explore historical documents. In addition, these services often offer DNA analysis, which allows us to know the origin and possible genetic health risks.

These platforms taking appropriate measures to safeguard personal information? Is there any legal regulation that regulates these practices? And how could blockchain technology be the key to ensuring the protection of sensitive data?

The Growing Landscape of Direct-to-Consumer Genetic Testing

The direct-to-consumer genetic testing sector is experiencing significant growth around the world. This type of testing offers a convenient option for people to perform self-tests from the comfort of their homes . The process typically involves ordering a DNA kit, providing a saliva sample, and sending it to the lab in the tube provided. Results are sent by email within a few weeks.

According to Statista, global direct-to-consumer genetic testing (DTC-GT) market revenue reached approximately $824 million in 2018. Projections indicate that by 2028, the market value is expected to skyrocket to nearly $6.4 billion .

Currently, there are more than 250 companies offering DNA testing services to clients, covering a wide range of fields , such as forensic medicine, ancestral research, health, pharmacogenomics, and nutrition.

Leading DNA testing companies are 23andMe, which garnered 116 million impressions and mentions online in the first quarter of 2022. Ancestry and MyHeritage are close behind, with around 35 million and 4.6 million online impressions, respectively.

Legal and ethical issues

When people submit their DNA samples for analysis, they not only provide sensitive information about themselves, but also about their genetically related family members.

A worrying aspect is that the consent of these family members is not required, which raises questions about the ethical implications . Digital data relating to individuals can be stored indefinitely, which could affect not only the individuals themselves, but also their children or unborn babies.

Therefore, safeguarding the privacy and security of people's genetic data, both now and in the long term, is of utmost importance. The disclosure of this data could have far-reaching negative consequences in a variety of areas, including employment prospects, relationships, and insurance contributions.

The risks of privacy breaches are significant, including hacking of servers and passwords, theft of storage media, as well as human error or omissions by data managers. Furthermore, if data is stored and processed by company branches or service providers located in other countries, the original data protection agreement agreed by the customer may be subject to different legal regulations.

2017 Data Breaches: Lessons Learned

In 2017, Ancestry.com suffered a data breach that compromised approximately 300,000 records from RootsWeb, an online forum associated with the genealogy website. The breached data included email addresses, usernames and passwords. On December 20, 2017, an outside security researcher notified Ancestry about the disclosure of account information in a file on the RootsWeb server. The company later confirmed the breach .

Similarly, in June 2018, MyHeritage revealed that it had lost control over customer data for up to 92 million accounts . MyHeritage's Chief Information Security Officer received a message from a security researcher who had discovered a file called MyHeritage containing encrypted email addresses and passwords on an external private server .

After conducting additional investigation, MyHeritage's IT security team confirmed that the compromised data came from its platform . The breached data included email addresses of users who had registered with MyHeritage until October 26, 2017, along with their encrypted passwords.

These incidents highlight the vulnerability of personal data held by genealogy websites and the importance of having strong security measures in place to protect users' information.

Gaps in legal protection

Data protection laws, such as the U.S. Genetic Information Nondiscrimination Act (GINA) enacted in 2008, offer some peace of mind to customers by prohibiting the use of genetic test results to influence insurance policies. medical and employment decisions. However, it is important to note that GINA does not extend its coverage to areas such as life insurance, long-term care insurance or disability insurance.

Similarly, in the United Kingdom, Belgium and Italy, current legislation falls short of providing full coverage of direct-to-consumer genetic testing (DTC-GT). In fact, Italy completely lacks specific regulations in this regard.

Germany, France and Portugal: Limited access to DNA testing

This contrasts with countries such as France, Germany, Portugal and Switzerland, where genetic testing is restricted to medical professionals only.

As a result, in Germany, for example, only DNA tests for ancestral analysis are available to the public, but this does not guarantee protection against possible misuse of genetic data.

Strengthening the security of genomic data with Blockchain technology

Blockchain technology offers important advantages to reinforce the security of genomic data. It is widely recognized for its ability to facilitate the secure exchange of data and mitigate cybersecurity risks in various industries.

Fundamentally, blockchain functions as a decentralized, cryptographically secure distributed ledger. Rather, the ledger is kept in duplicate on several computers connected to a peer-to-peer (P2P) network. Transactions are verified using a decentralized technology consensus mechanism .

Transaction data is stored in time-stamped blocks, and each block is linked to the previous one using a cryptographic hash generated from the contents of the preceding block.

This hashing mechanism ensures that any attempt to modify or delete data within a block disrupts the entire chain. Consequently, such changes activate immediate alerts throughout the network, preventing unauthorized alterations.

Blockchain technology can be used to leverage the immutability and tamper-resistance that genomic data possesses by nature. The decentralized nature of blockchain improves data security, providing individuals with greater control over their own data and reducing the risk of unauthorized access or manipulation.

GDPR and Blockchain Compliance

The introduction of the EU's General Data Protection Regulation (GDPR) has placed a significant obligation on businesses to handle customer data with the utmost care.

The EU's legal framework establishes guidelines for the gathering and use of personal data. Implemented on May 25, 2018, the GDPR applies to all organizations operating within the EU that handle personal data, as well as organizations around the world that process the data of EU citizens.

Blockchain technology can serve as a valuable tool for companies to demonstrate and ensure GDPR compliance. The "Off-chain storage" is a concept that can be especially helpful for bringing blockchain compliance with legal requirements.

Off-chain storage involves using methods such as cloud storage or decentralized file systems such as IPFS (Interplanetary File System) to manage large data sets or data with strict access controls. In this approach, the actual data is stored externally, and only a small reference or hash is stored within the blockchain transactions or smart contracts.

By employing off-chain storage, businesses can maintain GDPR compliance while utilizing the transparency and security benefits of blockchain technology.

This approach ensures that personal data is not stored directly on the blockchain, addressing potential data protection and privacy concerns.

The essential

The protection of personal information in DNA analysis is of utmost importance, and blockchain government technology offers a suitable solution to address data protection concerns.

Blockchain works through a network of computers, which guarantees transparency in data transmission and makes it increasingly difficult for the network to be hacked. The technology has already proven effective in solving privacy and information security problems in various areas , and has the potential to become the standard for consumer data protection.

By leveraging blockchain technology, the storage and transmission of sensitive personal information can be protected more effectively. The decentralized and transparent nature of blockchain mitigates the risk of unauthorized access or manipulation of data, providing a robust framework to protect consumer information.

As blockchain technology continues to evolve and gain adoption, it holds great promise for establishing higher data protection and privacy standards in DNA analysis and beyond.