Tech expert Kurt “CyberGuy” Knutsson says DNA tests pose privacy risks like shared genetic information, inaccuracies and hard data deletion.
I was one of the first to spit into a test tube, giving up my DNA forever to learn more about my health and heredity. You know, the ones that promise to connect you with distant relatives you didn’t even know existed or reveal genetic risks for conditions like Alzheimer’s or heart disease. These DNA tests aren’t just about satisfying curiosity; people buy them to uncover important health information, connect with loved ones or give thoughtful gifts.
But here’s the thing – and I’m speaking from a data privacy perspective here – genetic information is highly valuable and a risk to unlocking deeply intimate information unique to only you. And while these commercial DNA tests seem harmless, they come with risks that most people don’t immediately think about. Once you hand over your DNA, you’re giving these companies access to your most personal data. And believe me, what happens to that data after the test can be anything but straightforward.
Your DNA is more than just a string of letters; it’s a unique and permanent blueprint of your identity. Using a commercial DNA testing service can mean handing over not only physical samples but also information about potential medical conditions and predispositions, ethnicity and familial connections and even behavioral or lifestyle markers. This can put you at risk of things like genetic testing without your consent, increased insurance premiums, health-related scams and family secrets coming to light, sometimes with painful consequences. One woman even felt that she “lost her entire family” after taking one of these tests.
And here’s the kicker: Even if you choose to stay out of the genetic testing game, if anyone who shares some of your DNA, like your brother or your niece, chooses to take one, it can still expose you to many of these risks without you even knowing.
Aside from doing what the services advertise, it turns out that many DNA testing services may be sharing your genetic data with researchers, marketers, insurance companies and even law enforcement agencies.
In fact, according to recent research, half of commercial DNA testing services use your genetic data for research (both internal and external). Nearly half (4 in 10) use it for marketing. And nearly half (also 4 in 10) also share your data with law enforcement agencies, potentially without any kind of subpoena or court order.
While DNA testing companies often claim to use anonymized data for many of these purposes, the reality is that “anonymized” genetic information can often be re-identified when combined with other data sources, sources like data brokers and people search sites that hold and sell troves of information (like lists of vulnerable individuals, such as those experiencing dementia) that could be used toward this purpose.
HUGE HEALTHCARE DATA BREACH EXPOSES OVER 1 MILLION AMERICANS’ SENSITIVE INFORMATION
If you do buy one of these DNA testing kits, you might expect that the results are pretty reliable. However, I was surprised to learn that this may not always be the case. According to Dr. Divya Vats, a clinical biochemical geneticist at Kaiser Permanente, at-home genetic tests aren’t as accurate as medical DNA tests ordered by your doctor. This can lead to unnecessary anxiety or false reassurance regarding your health. Even when it comes to ethnicity and ancestry, results usually rely on statistical comparisons to reference populations, which don’t necessarily yield accurate results, especially if you’re from a less-studied ethnic group.
THE SICKENING TRUTH: HEALTHCARE DATA BREACHES REACH ALL-TIME HIGH
Once you’ve submitted your DNA to a testing company, the processes for having your sample and associated data destroyed are often complex, to say the least. According to an investigative journalist who tried to have her genetic footprint wiped, it was “brutally difficult.” Recent events, like 23andMe going bankrupt, highlight just how precarious the situation can be.
Consumers are left worried about what will happen to their genetic data if a testing company is sold or acquired, especially when they have no easy way to retrieve or destroy that data. These companies often don’t disclose where and how your samples are stored, either.
According to Incogni, a data broker removal service, almost none of the DNA testing services it investigated provided any information more substantial than that of a “secure facility.” This lack of transparency about where their data is stored and how it can be destroyed creates a major roadblock for anyone trying to regain control over their genetic information.
UNITEDHEALTH CYBERATTACK EXPOSES 190 MILLION IN LARGEST US HEALTHCARE DATA BREACH
If you’re still considering using a DNA service, if your genetic information has already been exposed or if you just want to take preventative steps, here are some things to do.
1) Invest in personal data removal services: Proactively remove your personal information from online data brokers and people search sites to minimize the risk of linking anonymized genetic data back to you. Not only will this clean up and prevent your health and genetic data from circulating the web, but it’ll also make it much harder for your anonymized data (genetic or otherwise) to be linked to you. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.
2) Choose reputable companies: Select well-known and trusted DNA testing providers, as they are more likely to adhere to privacy and security standards due to public scrutiny.
3) Review privacy options during sign-up: Pay close attention to privacy settings when registering your test kit. Many companies allow you to opt in or out of data sharing for research or marketing purposes.
4) Limit data sharing: Carefully consider whether to permit your data to be shared with third parties. While you can revoke consent later, data already shared may not be fully retrievable or deletable.
5) Delete data post-test: If you’ve already taken a test, review the company’s privacy policy and delete your data if possible. Note that data shared with third parties may remain accessible.
6) Avoid uploading data to third-party databases: Refrain from uploading your genetic information to external services, which may share data with law enforcement or other entities without clear consent.
7) Consider anonymous testing: Use anonymous methods when submitting DNA samples, such as pseudonyms or alternative payment methods, to reduce traceability.
SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES
Your DNA holds some of the most personal and sensitive information about you, and once it’s out there, you lose control over how it’s used. From potential privacy violations to emotional surprises and the challenges of deleting your genetic data, DNA testing kits come with risks that many don’t recognize upfront. If you’re considering diving into your genetic blueprint, ask yourself: Are you comfortable with this data potentially ending up in the hands of marketers, law enforcement or even a company you didn’t agree to share it with?
Have you ever used a DNA testing service, or do the risks give you pause? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
