By Gideon Farrell10 minute Read

This essay becomes part of The Personal Privacy Divide, a series that explores the misunderstandings, variations, and paradoxes that have developed around our sense of privacy and its more comprehensive effects on society. Read the series here

There has actually been an increasing public dispute in the last few years around using data by states and tech companies. This has actually mostly been concentrated on business like Google and Facebook offering futures on human habits, primarily to a marketing market, based on the large amount of data they hoover up from our online activities. There is another classification of data, nevertheless, genomic or biometric information, for which there is an increasing market, and which has actually been mainly ignored by the public debate. This echoes of the absence of dispute 10 years back on the method big tech companies tracked us around the web, which is troubling because it suggests that individuals are quiting their information to these companies with extremely little awareness of the effects.

Whilst it might now be argued that a great deal of the data the huge tech business ingest are taken by stealth, through the many sites that integrate Google adwords, or Facebook’s beacon and other “neighborhood engagement” functionality, at the beginning, most users (myself included) appeared completely happy, in our naivety, to supply these leviathans with our primary (e.g. images, status updates, and web searches) and ancillary (e.g. what we clicked, with whom we’re connected, when we perform actions and how those actions are associated) information, gratis, in exchange for services which were seemingly provided to us for no charge at all.

Given That the extreme reduction in the cost of genomic sequencing over the previous decade, numerous companies have appeared, providing sequencing services at a low cost which profess to expose your vulnerability to a host of illness, or to help you piece together your origins. Simply as our browsing and social data were provided to companies who have been using them for functions to which we may well have objected had we forseen them, numerous individuals are giving up their hereditary data, ostensibly for one purpose, whilst having no understanding, visibility, or control over the future purposes to which these data may be put. It is extremely disturbing to see the determination with which people will provide up data which are so intrinsic to them without the tiniest assurance that these companies will not use their information for more nefarious functions even more down the line.

” Selling” you, “securing” you

There are two apparent uses to which these data are likely to be put (and already are). The first is an analogue of the marketing model, except that rather of offering what Shoshana Zuboff calls “futures on human behavior”, genomics companies will sell futures on human requirements and health, probably to insurance providers and health care companies, who can target advertising and price services according to each user’s hereditary makeup. This is, in truth, a lot more sinister than the usages to which our browsing information are put, since not only is it going to be very difficult to odd oneself from the view of such business as soon as these data are sent (genetic information are not going to significantly alter throughout an individual’s life time), the precision of the models does not matter because we have no way of determining it ourselves.

That is to say that we have no chance of understanding, without an intermediary (who may have a vested interest), towards which health results we are predisposed, nor what solutions are effective at promoting the outcomes we want. This is because, unlike with our tastes and desires, we can not ask our genes to tell us the response. Whether an allele that exists in my genome is really indicative of my propensity to develop, for instance, diabetes, the simple fact of being informed by a company that it does, and after that consequently being advertised to by another who offers to sell me an option, will affect my decision to buy that option, even if the true result will be nil (which I have no method of testing).

These business have actually created the ideal system where they inform the consumer what they need, and then offer them the product (or sell the propensity to buy to a business who sells the product), based on a design whose accuracy is impossible to figure out by that customer. It is a totally opaque market. This is in plain contrast to the previous marketing model of the internet, where if Google thought that I was really thinking about Barbie dolls, and therefore increased the number of Barbie dolls I was revealed as I searched, I would be no more likely to buy Barbie dolls– the design was merely incorrect.

The 2nd apparent use is to bolster the security state, as in the example of FamilyTreeDNA opening access to the FBI We have actually currently seen this in action with the case of the Golden State killer, who was traced using the DNA of 2 remote relatives who had published their data to an online repository of hereditary data. This is twice as pernicious as that person did not need to upload their information in order to be traceable. Hereditary data of family members is adequately comparable to that of a provided individual that much can be presumed utilizing their data rather of those of the person in concern. This makes the question of consent an entirely moot point, I no longer have the power of authorization over my own information.

As is typically the case, catching a serial killer or stopping a terrorist appear like fantastic factors to allow the state to access these information. This is why governments often cite these examples whenever they are attempting to argue for a reduction in people’ rights (to personal privacy, reasonable trial, etc.). The repercussions of accepting this argument is to open the floodgates to all sorts of abuses. Consider what is occurring in China, where the biometric information of the Uighurs are being forcibly collected These information can be used to monitor dissidents and additional pester an already persecuted minority. These arguments are already well rehearsed in the debate about communications data (and metadata), and use to biometric information too.

Not simply your rights, everybody else’s, too

This market in hereditary data raises an incredibly crucial question which has existed for other types of information, but never so undoubtedly as for genetic information: who owns information when they refer to more than one person? A great example is in the photographs published to social media platforms like Facebook, Instagram, Twitter, and so on. If a good friend of mine takes an image of a group, and I happen to be because group, I rarely get asked whether I grant that picture being posted online. Yet now my image can be utilized in facial recognition databases, my whereabouts pinned to an offered location at a given time, and my associations with others inferred directly by my colocation with them.

The method this works is that when you take a photo of me with your smartphone, it contains the time and area at which the image was taken. When it is then uploaded to, state, Facebook, the algorithms Facebook employs will match my likeness to my identity. It will therefore have the ability to state that I was at a provided place, at an offered time, utilizing simply that image. Additionally, anybody else in the image– or other photos published to Facebook taken at roughly the exact same location and around the same time– might then be presumed to have existed with me, inferring an association in between us. Therefore, with just a couple of photos submitted to Facebook, a great deal of details about my life and the lives of others can be instantly presumed, with no of us granting such info being offered.

The majority of people would consider the picture to be owned by the professional photographer, yet the photographer does not own the similarities (and for that reason biometric information) of the people photographed, and must be needed to get their approval before using their data. There are exceptions to this, of course. I don’t think that for a household picture album it much matters if my image is used without my consent, but when published online, and based on the sorts of information processing carried out by large tech business (not to point out the level of presence to all the connections of all the individuals in the picture whether I know them or not), there is a clear violation of my privacy. Also, an expectation of privacy is not constantly sensible– one can expect to be photographed at concerts, or sporting events.

It deserves keeping in mind, however, that in these counterexamples, the usage to which these data are put must still go through strong personal privacy laws. They must not be offered on to marketers, for instance, however may wind up in newspapers and the distinction in between these scenarios is really subtle.

Overlooking making use of my biometrics from a photograph (through facial recognition), a single image will give up a minimal amount of information about my life, and is certainly open up to analysis. This differs from genetic information, which are totally irreversible and unchangeable– as soon as they are provided over to a business, short of forcing the company to delete all traces of them from their systems (which is tough to implement in practice), they own information which will pertain to my life for perpetuity, not simply for the picture at which they were captured. I would never grant a business having access to my data like this, and especially not under the terms most release for their services.

Regrettably, I might not be offered the option. I have family and friends who have actually considered sending out in their genetic information. Whatever the factor they might do so, whether genealogical or epidemiological, as soon as they take that decision (a choice about which they are unlikely to inform me ahead of time), then a lot of my own information unexpectedly end up being readily available to these business (and, in brief order, whichever mentions and companies pay or coerce them for gain access to).


Related: Privacy in 2034: A corporation owns your DNA (and perhaps your body)


Here we run into a dilemma: how do we stabilize on the one hand the person’s right to use their own information as they see healthy, and on the other the right of other people to their own privacy, in a world in which these information are not straightforwardly owned by a single person.

It would be an error to try to reverse the development which has brought us here, specifically since it has many favorable effects for human welfare. Just like any innovation, the only solution to preventing its abuse is to legislate to offer strong defenses for individuals. This must secure both those who grant making use of their data, and those who do not. For those who give their data to a genomics company in order to trace their genealogy, it needs to not be permitted that business to then sell on their data to 3rd parties even if the user approvals as the concept of permission in this sort of scenario is extremely stuffed– it’s extremely hard to figure out that any private really understands the true repercussions in such a nascent location with such abstract effects. For those who do not approval, and have been swept up in another’s data submission, it must be illegal to try to figure out anything about them at all.

This method has a weakness, nevertheless, which is that future governments can pick to bypass defenses composed into the statute book. One can quickly imagine a federal government making the argument that they need access to information which were sent when such gain access to was forbidden by law. This is exactly the sort of thing that happened with the “war on terrorism” where a number of our rights to privacy were breached by the state in the name of national security. As a result, a submission made in the period of rights and securities has effects in an entirely different context. It’s possible that the only way to actually repair this issue is to have a technological service, either robust anonymization, or a time limit on how long data can be kept (presuming that other people can not be wiped from the dataset without entirely breaching its stability).

In the meantime, my plea to you (and particularly to anyone associated to me) is this: do not give your genetic information to business as you are also violating my rights (not to mention your own); do not upload photos which include my similarity (or that of anyone else who has not straight consented) to a social media platform (or any platform which processes the images). And finally, I plea that we press for strong legislation on individual rights to personal privacy, as, ultimately, that’s going to be the only genuine defense against states and business far more powerful than we are as individuals.


Gideon Farrell is a recovering astrophysicist, developer, and cofounder of Converge, a business that drives performance in the building and construction industry with physical information from the cutting edge. A version of this essay initially appeared on his website