At-home DNA testing and sharing in public genealogy databases are becoming widespread. This will facilitate finding out ancestry, genetic relatives, biological parents, making new connections, advancing medicine, and determining predisposition to various diseases and health issues. While the biomedical community glorifies the uses of the genomics revolution, the expanded obtainability of such sensitive data has substantial implications for individual privacy as genes carry sensitive personal information about human traits and predispositions to any diseases. Furthermore, DNA data has identification capability (e.g., forensics) as well as reveals familial interconnections. However, commercial DNA testing is not vigorously governed by any laws and policies. The privacy implications of public DNA data sharing remain largely unexplored. This dissertation explores users' privacy concerns and proposes a method for communicating the risks to users to inform users when sharing their DNA data.
In the first study, we explored users' perceptions regarding DNA data. We asked about their views of at-home DNA testing and sharing, followed by their expected benefits and concerns. We also talked about public genealogy databases like GEDmatch. We focused on understanding the users' preferences and perceptions on the disclosure of their genetic information under the different types of platforms and entities. Our results show that users are mostly unaware and uncomprehending of the interconnected nature of genetic data. We noted users' general perceptions and focused on understanding their preferred privacy controls while sharing their DNA data, their desired settings, policies, and rules.
From this study, we identified the need to develop a privacy-enhancing technology such that the users can make an informed choice while sharing DNA data. We also found that several policies and settings should be to preserve the privacy of sensitive data. With these findings in mind, the ultimate objective of this dissertation is to design and implement privacy risk communication methods that aid users in comprehending the risks and benefits associated with sharing DNA data, as well as enhancing transparency in access control. To evaluate the effectiveness of our developed risk communication approach, we deployed it within an existing platform, allowing us to assess users' decision-making processes and gain a deeper understanding of the nature of DNA data.