Questions Surround 23andMe's Decision to Cut Off Developers from Its API

It wasn’t the gushing, self-congratulatory kind of press release that typically populates the wires. It was a call to arms.

This week, TimiHealth, the company behind the genetic data blockchain platform TimiDNA, blasted out not one but two messages deriding 23andMe, the ultrapopular direct-to-consumer (DTC) genetic testing company. The first dart came in response to 23andMe’s decision to boot most developers from its application programming interface (API), opting instead to offer company-curated reports, rather than deidentified genetic data, to “select” partners. TimiHealth published its second press release today, a call for consumers to petition 23andMe and its competitors for ownership and control of their personal data.

>> READ: GlaxoSmithKline Invests $300M in 23andMe, Tapping Well of Genetic Data

TimiDNA came online as a “direct response” to the rise of DTC genetic testing companies. By planning to disable most API clients, 23andMe had declared its intent to rip direct access from TimiHealth, who claimed that “hundreds” of customers had expressed disappointment in the move.

“The voice of the consumer regarding the issue of healthcare data ownership has spoken, and we continue to get numerous requests for porting data to TimiDNA,” Joyce Lignell, chair of TimiHealth’s advisory board, said in a statement.

23andMe customers may continue to download their data and upload it to third-party developers, some of the affected companies have noted. And 23andMe told Healthcare Analytics News™ that it will continue to provide raw data from consenting customers to “qualified” researchers, who stand to learn a great deal from the organization’s sprawling database.

@23andMe announced that it will no longer allow developers to use their API to read customer data. This has no impact for people using @Encrypgen as customers may still download #DNA data files from 23andme and upload them to the Gene-Chain. Here's how... https://t.co/Jw5tMilZSf

— EncrypGen (@Encrypgen) August 29, 2018

Most developers, however, will need to rely on broader reports from 23andMe.

“Our hope is to bring added value to customers’ overall experience,” a company spokesperson said regarding the API decision, which takes effect Sept. 6.

If Twitter and online forums are any judge, many 23andMe customers appear indifferent, if unaware, to the shift. Some applauded the action, and others said they were shocked that app developers ever had access to perhaps the most sensitive data that humans can generate, a situation one person called “insane.”

On the other hand, some customers and industry insiders followed TimiHealth’s lead and mourned the loss of an API that “had inspired an entire cohort of enterprising scientists and innovators to build genomics services.”

But a question remained. 23andMe said it hoped to increase customer value, but was something else at play?

In July, the company agreed to a $300 million deal with GlaxoSmithKline (GSK), which cemented an exclusive four-year deal for the pharma giant to use 23andMe’s genetic data for drug discovery. Around that time, 23andMe also signed on to a set of best practices for DTC genetic testing firms, guidelines crafted by an independent entity for the sake of protecting consumer privacy. And months earlier, it came out that police had used data that were uploaded to a third-party genealogy website to catch the notorious Golden State Killer, a revelation that sent shockwaves through the mainstream.

Those three issues had nothing to do with 23andMe’s decision to cut off most developers from its API, a source said. But customers and observers have argued online that the GSK deal sparked the change, which they said represents 23andMe’s allegiance to pharma, not consumers.

(Of course, if someone thought the company’s chief product was genetic testing and not genetic data, they overlooked a crucial part of 23andMe’s business. That would be similar to thinking Facebook had little interest in monetizing its members’ information.)

Although TimiHealth didn’t go as far to attribute the shift to GSK, it claimed that the partnership underscored 23andMe’s desire to capitalize on consumer data “under false marketing” and “without any consumer profit sharing.”

TimiHealth also shared a statement from a 23andMe and TimiDNA user who took the backlash a step further.

“They say the policy change is for security reasons, but the API data access sure was secure before the GSK deal,” the customer, Steven Wang, said in a TimiHealth press release.

It's time to block all @23andMe rights to use my genetic material. Recent announcement is just: "most API clients will be disabled on September 6, 2018". My advice for all is to do the same. Making significant chunk of money and blocking others... sorry, no.

— Vladimir Chupakhin (@chupvl) August 29, 2018

Whatever the precise driver behind 23andMe’s migration from third-party developers, the company has indeed been upfront about the use of consumers’ genetic data in research and by third-party apps. The disclaimer might not take centerstage in TV commercials, but 23andMe requires customer consent for data sharing, a procedure that goes beyond the typical checking of a box.

As of late July, 23andMe had served more than five million customers, who signed up to glean insights into their ancestries and disease risks. Of those individuals, more than 80 percent consented to contribute their information to 23andMe’s research database, according to the company.

So, for the time being, questions will surround 23andMe’s tightening of its API. Affected businesses, such as TimiHealth, will continue to cry foul and raise important questions about customer data ownership, control and profits. And 23andMe will tout its collaboration with GSK as a means to develop more effective drugs, to save or improve lives. But the terms of engagement are clear now more than ever. Which side to take and how to proceed will be up to each customer — each person.

Get the best insights in healthcare analytics directly to your inbox.

Related

DTC Genetic-Testing Giants Throw Their Weight Behind Privacy

Podcast: Should Cops Have Access to Consumer DNA?

Handling the Headaches of At-Home Genetic Testing