Privacy Policy

How is my privacy protected?

While logged into the App your privacy is protected through industry-standard electronic security. Your data will be protected on a secure server that is not directly connected to the public internet. All data on this server will be de-identified to protect your privacy. Facebook cannot access the information collected through the App, even if you are logged in on Facebook while answering surveys. The same also applies for your summary information and genetic information. DNA samples are stored in suitable locations on the University of Michigan campus. All samples are bar-coded and de-identified. Sample handling, processing, and storage activities occur in physically secure, locked spaces, with access restricted to authorized personnel only.

Purposes and goals of the data we collect

Genes for Good is an IRB-approved research study conducted at the University of Michigan.

Our goal is to accelerate genetic and health research through social media and mobile devices. When using the Genes for Good app, you will be asked to participate in surveys about your health and optionally provide a sample of your saliva, from which a complete copy of your DNA can be extracted.

We will use the information you provide to advance our understanding of genetics, disease, behavior, human ancestry, and our relationships around the world. The findings from this research may benefit many individuals, for generations to come, as we learn more about how our genes affect our lives. You can also use capabilities in Genes for Good to track your lifestyle, habits and activities, and compare yourself to other participants. 

Risks and Protections

We will carefully protect all information you provide, including your survey results and genetic information. For example, we will only release your coded genetic data to scientists who agree not to attempt to identify or contact you. 

This research study is covered by a Certificate of Confidentiality from the National Institutes of Health. The most important protection is that with this certification, the members of our research team may not disclose or use information, documents, or biospecimens that may identify you in any federal, state, or local civil, criminal, administrative, legislative, or other action, suit, or proceeding, or be used as evidence, for example, if there is a court subpoena, unless you have consented for this use.

Information, documents, or biospecimens protected by this Certificate cannot be disclosed to anyone else who is not connected with the research except if there is a federal, state, or local law that requires disclosure, such as to report child abuse; if you have consented to the disclosure, including for your medical treatment; or if it is used for other scientific research, as allowed by federal regulations protecting research subjects.

Withdrawal and data deletion

You can withdraw from Genes for Good at any time by using the withdrawal link in the App under “Your Account”. We will delete your name, e-mail, unique Facebook ID, IP address, and phone number from our database but will continue to use your remaining data for future research. We may continue to use your zip code and address to link your information to geo-coded databases like the US Census, but will not use it to contact you or share your address with others.

Withdrawing is also possible by emailing us at genesforgood@umich.edu. Upon withdrawal, we will keep your age, sex, your survey responses, your address and zip code, and your genetic data if you have provided a sample. After you withdraw, your address and zip code will only be used to link your data to geo-code databases (weather, air pollution, the US census, and others) but will never be used to contact you. We will not share your mailing address with anyone outside our research team. 

Only you can remove the Genes for Good App from your Facebook account, which you can do through your Facebook Account Settings page. 

How closely do the privacy safeguards and consent agreements mirror what the NIH provides?

The NIH uses a variety of consent and data sharing agreements -- some are more restrictive than ours (for example, because they target populations who are at very special risk or focus on conditions like AIDS, etc.) others that are more open (for example, that allow the data to be shared directly on the internet without restrictions on use). We tried to balance things by saying that data has more value if more researchers try to analyze it, by separating more personal information from the rest [e.g. name, address, phone number], and by requiring that anyone who uses the data should not try to identify you.

The Henrietta Lacks case was troubling. Is there any chance that my genetic data/sample could be used for similar purposes?

There are many troubling aspects of the Henrietta Lacks case. Henrietta Lacks was a black woman whose cervical cancer cells were harvested without her permission and used to create the HeLa immortal cell line. Neither she nor her family received any direct benefits from the research done with her cells, nor were they ever informed by Johns Hopkins that the cells were taken and used. In our case, from a saliva sample, we would be collecting DNA, not cells, and we have no plans (or technical means) to establish immortal cell lines based on the sample you provide. However, a sample you provide hopefully will be used for research (by us and others) and you should expect no direct benefit of downstream discoveries, which may be seen as similar to the Henrietta Lacks case, but we are informing you and asking for your consent to use your samples.

How do you keep my identity confidential when you share data with other researchers?

When we share data we de-identify them. Meaning we will give your data a study number and that is all other researchers will get. No names, no addresses.

Who can see my responses?

Only study personnel can see your responses and only very few trusted individuals have additional access to your identifiers, such as your name. This means that people who analyze your responses don’t know who you are; they only have a study number that we assigned to you.

Can Facebook see my responses?

No, Facebook cannot see your responses. The App uses a database and a web server, located at our department at the University of Michigan, to deliver questions to you. We use a second data server to securely store the responses. Only study personnel have access to these servers.

Can Facebook see anything related to this study?

Facebook can only see whether and when you are using the App. They cannot see your responses, summary information, or genetic information.

Will Facebook the corporation have access or be privy to my genetic results - other than what is listed on the site by me or your organization?  Is there any agreement with Facebook that prohibit them from selling this data? I am not worried about those who I allow to see my data, I am worried about Facebook scraping my data off the Facebook page and selling it or using it to market drugs etc. to me.

Facebook should not see your genetic results. Your genetic results don't sit on Facebook servers and we will always transmit them via encrypted connection -- e.g. we don't think they could be scraped.