Our genetic and biometric data, like DNA and fingerprints, make each of us unique and identifiable. This information is invaluable in allowing us to verify our identity, predict personal characteristics, identify medical conditions, and trace our ancestry. But there are consequences we should be aware of when we are sharing this data. It is often not known exactly what our information is used for. We must make a more informed decision about the services we obtain in exchange for our biometric and genetic information.

​

The unknown consequences of medical tests

​

Most of us would not hesitate to get a blood or genetic test. These tests have been instrumental in allowing us to identify genetic abnormalities, monitor our health, and provide peace of mind in pregnancies. However, some companies and 3rd parties have exploited the trust patients placed in them to analyse these data beyond the original medical intentions. Reuters reported in July 2021 of a Chinese gene company, BGI, using leftover genetic data from their prenatal test to research population traits (1). The test is sold in at least 52 countries to detect abnormalities like Down’s syndrome in the fetus but it also captures genetic and personal information about the mother. The company confirmed that leftover blood samples are used for population research, and the test’s privacy policy states that data collected can be shared when “directly relevant to national security or national defence security” in China (2).
​
This is not the only instance of genetic data being exploited by a state for mass examination and surveillance purposes. The Australian Strategic Policy Institute (ASPI) published a research paper identifying the Chinese Government Ministry of Public Security’s mass DNA collection campaigns on millions of men and boys (3). It aims to ‘comprehensively improve public security organs’ ability to solve cases, and manage and control society’ (4). Certainly such databases are useful to forensic investigations, but the mass collection of genetic data raises serious human rights concerns regarding ownership, privacy and consent. Furthermore, it opens the possibility of surveillance by the government (5). Everyone should be giving fully informed consent for the usage of their genetic information in accordance with international human rights law (6). 

​

‘At-home’ genetic kits are not guaranteed to be secure

​

Although there is no evidence of such scales of surveillance in Australia, we are not immune to exploitation and questionable practices. Direct-to-consumer (DIC) genetic tests are widely available, often through online purchases. These tests advertise as being able to indicate predisposition to various diseases, including diabetes, breast cancer and heart disease (7). However, as these processes don’t always involve the advice and interpretation of a doctor, there are concerns that data may be analysed beyond current medical understanding. Misinformation, such as misdiagnosis or exaggeration of the certainty of the user’s health conditions, can cause unnecessary anxiety. The discovery of medical predispositions can have ongoing consequences, including refusal of coverage from insurance companies and discrimination by society (8). Under the US Genetic Information Nondiscrimination Act, employees cannot discriminate against employers on the basis of genetic information. Australia currently relies on existing Commonwealth, state and territory anti-discrimination laws to protect against discrimination in public domains (9).

​Companies are also not regulated by the law in what they do with the information collected. Many have been found to use the information beyond providing results to consumers, such as for internal research and development, or providing it to third parties without additional consent (10). Ancestry tests are another type of DIC test facing similar scrutiny. As we all share genetic information with our relatives, these tests allow us to identify distant relatives, and even help solve mysteries and capture a serial killer (11). Testing companies therefore have portions of genetic information from relatives without needing to obtain their consent, as well as being able to identify familial lineages. These examples highlight the difficulty of protecting consumer privacy and maintaining ownership of our genetic information.

​

The daily convenience of biometric data and its unintended side-effects

​

Most of us do not encounter the aforementioned tests daily, but we often use our biometric data in many aspects of our lives. As technology advances, fingerprint readers, facial scanners, and even retina/iris scanners are available on our phones to replace traditional PINs. These have been widely adopted due to their convenience. However, our security is being compromised in the process. Not only is your device easier to hack compared to passwords, but the collection of biometric data can also be illegally obtained from improper storage (12, 13). We cannot change our biometric data like a password. Once it is compromised, it is beyond our control. Meanwhile, technology is advancing to include new types of biometric data like voice recognition, hand geometry and behaviour characteristics. As our lives become more public through social media, others may be using this opportunity to collect more information. TikTok’s update on its privacy policy recently included permission to gather physical and behavioural characteristics, but it is unclear what it is being used for (14). These examples highlight why we should be aware of the consequences and compromisation we make in using biometric data for daily convenience.

​

Looking to the future

​

There is certainly no shortage of interest in our genetic information and biometric data. Unfortunately, current legislation is fairly general and therefore not equipped to deal with the variety of issues that emerge with specific technologies. Exacerbating this effect are the continual advances made in this technology, with the law simply not keeping up. But that does not mean we are helpless. A landmark case found that an Australian worker being fired for refusing to use a fingerprint scanner at work was unjust (15). This shows our rights over our genetic information are still in our own hands. While we should be vigilant at all times, it should not deter us from accessing the necessary medical tests or saving us a few seconds each time we access our phones. It is more important to protect ourselves: be aware of our rights, the policies we are consenting to, and the possible implications of a service. Whilst appropriate legislation still needs to be developed, we can hold companies accountable for their policies. We should also be critical in whether we publicise all of our information, and be cognizant of the way our data is stored.

This is an instance where we really should read the terms and conditions before accepting.