A one-time test, a permanent handover
You spit in a tube to find out where your ancestors came from, or what your body might be carrying. It is a curious, often emotional, one-time purchase. What rarely registers in that moment is the size of what you just handed over: the single piece of identifying information you can never change, and, woven through it, a readable version of the same information for every blood relative you have, none of whom were asked.
What a DNA service is actually holding
- your genome, or a wide read of it: hundreds of thousands of markers;
- your ancestry and ethnicity breakdown;
- health predispositions and carrier status;
- the web of relatives the service matches you to;
- and whatever you added on top: surveys, family trees, health notes.
This is not data about your accounts. It is data about your body, and about your family's.
The database is the business
A genome is valuable for research, so for a lot of these services the real product is less the test than the pile of genomes the tests build. Many partner with pharmaceutical and research companies and share genetic data described as "de-identified." Hold that phrase up to the light: the data in question is your unique genome, the most identifying thing there is. "De-identified" does a great deal of work it cannot really do. You usually agreed to all of this in a research consent at signup, the kind that is on by default and easy to miss.
Where "delete" stops working
Deletion of a genetic profile is partial by design. The lab keeps some of it. And once research has actually been run using your sample, that work cannot be pulled back: the consent you gave to research generally cannot be reversed or withdrawn after the fact. Anything already shared with research partners is, by then, a copy that has already left the building.
And there is a failure mode most people never think about until it arrives.
When the company fails, your DNA goes on the market
Here is what happened to one of the largest consumer-DNA services in the world. It was breached, exposing the profiles of roughly seven million people, with attackers specifically assembling lists by ethnicity. A regulator fined it. Then the company ran out of money and filed for bankruptcy, and the database, around fifteen million people's genetic profiles, turned out to be the single most valuable thing it owned. A court ruled it could be sold, and it was, for a few hundred million dollars, to a newly created entity. Lawmakers noted that the bankruptcy rules carry protections for ordinary personal data but do not clearly cover genetic data at all. The only real defence anyone had was to rush to delete before the sale closed, and even that only reaches the part deletion can reach.
The company did not have to set out to sell your biology. A genome on a balance sheet is an asset, and an asset is what gets sold when the money runs out. The intent does not change the outcome, and the outcome is that your DNA changed hands.
If it leaks, there is no reset, and it was never only yours
A leaked password is an afternoon. A leaked genome is permanent. As one regulator put it, genetic information, once it is out, cannot be reissued like a password or a card number. And it is not your secret alone. Your DNA implicates your siblings, your parents, your children, your cousins, people who never spat in a tube and never agreed to a thing. A breach of you is a partial breach of all of them.
The legal floor is lower than most people assume, too. Where genetic non-discrimination rules exist, they tend to cover health insurance and employment, and stop short of life insurance and long-term-care cover, which are exactly the places a genetic prediction about you could be used.
What to actually do
- If you are leaving, delete properly, and know the limits. It does not reach the research already run, the copies already shared, or a database that has already been sold. It is still worth doing for everything it can reach.
- If you are staying, withdraw from research sharing where the setting exists, and turn off relative-matching if you would rather not be the open door to your whole family's DNA.
- Assume permanence. Treat anything you give a DNA service as out of your hands for good, because for the genome itself, it is.
- Keep the record: what you submitted, the day you asked to delete, exactly what they confirmed, and which research consents you withdrew. If your genome turns up where it should not, that record is where holding someone to account begins.
It is the same shape as deletion never being the clean moment it sounds like, running under the same fine print as every privacy policy. This is just the version where the data is your body, it belongs partly to people who never consented, and you only ever get the one. Start your record →