California retains the residual blood spots for followup studies, apparently indefinitely – see the section "Storage and Use of Dried Blood Spots":
California currently screens for 79 disorders:
And, results lookup long afterward by disorder is possible, since there's a routine, by-email procedure for checking the sickle-cell status of NCAA athletes:
The policies for the data and the retained sample are described by the 'babysfirsttest' site above as allowing use "for medical intervention, counseling or specific research projects which the California Board of Health approves" and "anonymous research studies". Those sound about equivalent to the 23andMe policy... and at a similar risk of reinterpretation or rule-bending if organizational priorities or technology change.
The California Board of Health reports, however indirectly, to the taxpayers. This accountability, however insignificant you may perceive it, is simply absent from 23andMe.
To summarize your comparison:
- 23andMe collects genomes to please their VC and Wall Street investors.
- The CA government collects genomes to please the taxpayers.
Be honest, and forget your bank account: who do you really trust more?
Even where the profit motive can lead to abuses, those abuses pale in comparison to the history of even very good governments. California is one of the most accountable governments in the world, but in the memory of its living residents has imposed both forced internment of its citizens by their ethnicity (WW2) and forced sterilization (until 1963).
What future crime or health scares could lead to the repurposing of this broadly-collected state data? (It's quite hard to opt-out of this collection, whereas it's costly to opt-in to 23andMe's program.) And if state-repurposing happens, those who implement the change, perhaps including for-profit companies in partnership with the state, can be insulated from accountability, because when the state decides to do it, it is 'legal'.
Perhaps you assign those scenarios much lower probability than the more common and mundane privacy abuses of profit-seeking sleazeballs. OK, fine. Still, the magnitude of damage the state can do, with its powers of compulsion and confiscation, is much larger. Fewer events, yes, but much worse when they happen.
So if you're 'terrified' by the chance 23andMe might misuse voluntarily-offered genetic materials, against their own policies, state law, and customer preferences, you ought to reserve at least some fear as well for the danger from the much larger cache of genetic data, collected without explicit consent, already in the hands of an institution that – when it occasionally misfires – does more damage than any single company can.
"bound by laws" - like the laws and regulations enforced by the FDA?
No thanks. 23andMe is yet another group of shady, for-profit slimeballs making money off people's fears, called out by the FDA for the same kind of arrogant adolescent libertarian horseshit that gave us Vioxx.
And yeah, most of us actually prefer to deal with the "state's shifting policies" - you remember...the policies we vote on.
Nobody should trust any corporation OR government agency blindly. Duh.
But to suggest that corporations are somehow inherently less trustworthy that the government is just... silly. And unsubstantiated.
The problem we have is that it is now easier to collect everything than to be selective and this represents a huge risk to security down the line in all kinds of ways. You could say our data footprints have become a form of pollution. To mitigate we need to flip it and make non-collection the default - e.g. introduce strict regulations around destroying non-critical information with a very high bar for even temporary storage and anonymisation wherever possible.
Do we just forgo all those benefits because of the risk of abuse or data compromise, by any entity anywhere down the line?
Or do we try to figure out the right checks, both in practices and law, to maximize the benefit and minimize the risks? I'm for that iterative discovery of the right balance. And, I think a for-profit company operating under the microscope of consumer/journalist/regulator scrutiny is more likely to find the optimal tradeoffs than a compulsory state collection program, or other solely bureaucratic and legislative processes.
There are real potential abuses of privacy, but we shouldn't let those scare us into failing to progress. The fact is, you leave your genetic information everywhere you go. If any restaurant wanted to get into the DNA collection business, they would never run out of material. In the near future, I wouldn't be surprised if some people argued that any genetic material left at their business was their rightful property, and since you made no effort to hide the fact that you were eating off that particular fork, they shouldn't have to avert their eyes from your DNA or deny its association with you. Perhaps on your next visit to any chain restaurant, they could suggest a menu more appropriate to your specific health needs.
More to the point, it's absolutely necessary to research this stuff. The more samples we can get out there, by whatever means necessary, the better. This kind of research will absolutely save lives, and in no small portion.
It's good to keep the security implications in perspective. However, if privacy concerns held back or halted basic research on biology, they would do more damage from voluntary and legislative protections than they are capable of doing by creating advertising profiles.
There is also an important cultural aspect that makes certain behaviours abhorrent/unacceptable that would need to be tapped into.
Research is a legitimate and beneficial activity that you would therefore expect to be licensed and controlled.
FUD about building a massive database is kind of hard to take seriously when the NSA watches everything and the US government already builds DNA databases.
I would expect 23andMe to be doing some shady Facebook-esqe bullshit because of the profit motive and that is why I have never used them even though I am curious. I expect the state to be doing some shady Facebook-esqe bullshit because of "terrists" but I didn't have the option to not.
So I can both be "at least as concerned about the State of California" and also be 100% against sending a swab to 23andMe. I trust neither more but with one of them I have control over their collection of my DNA.
That's a big part of what makes it more dangerous than what the states are doing, I believe.