What you need to know:
DNA test companies have begun selling anonymized DNA data to large pharmaceutical companies and research facilities for genetic drug research. In some cases users have to opt-in to the terms of service for this data to be shared, but in other cases the disclosure is less transparent.
DNA data can also be used by law enforcement, demonstrated by the high profile capture of the Golden State Killer, where investigators compared crime scene DNA to a private database to find a distant relative that had used a DNA test service. Investigators were able to then narrow down suspects and capture the murderer. Some DNA test companies won’t share data with law enforcement without a warrant, while others require users to proactively opt-out.
That is currently the known limit to how your DNA data can be used by third parties. However, genetic information and health interpretations derived from it can be valuable to insurance companies, employers, banks and (in turn) hackers. If the sharing of your DNA data grows to become more commonplace, it can lead to discriminatory practices. In the US, DNA samples taken by medical institutions is protected by HIPAA, with specific limits on how it can be shared. However, data from consumer test kits are not protected under HIPAA.
As genetic research advances and scientists can better interpret genetic markers to determine health insights, this data will increasingly become valuable to third parties, and DNA test companies will be increasingly motivated to sell that data.