Can DNA Testing Companies Like Ancestry and 23andMe Sell Your Information?
Updated on May 8, 2025
Back to top
In This Article
In This Article
Consumer DNA tests feel simple—you send a saliva sample and wait for a report.
Behind that convenience sits a vast data engine that can help science and expose private details.
This guide shows how leading test companies handle your genetic data, where the risks lie, and what you can do to stay in control.
Companies need your DNA to deliver ancestry and health insights, but they also use it for internal research and product development. Most keep personal identifiers separate from the genetic file so staff see an anonymous code, not your name.
You may notice occasional pop-ups or emails asking you to join extra studies.
These programs rely on “opt-in” consent, meaning the company should not share your individual-level data unless you say yes.
In-house scientists match gene patterns with survey answers to refine risk calculators and ancestry breakdowns.
When enough people carry the same variant, researchers can test links to cholesterol, sleep, or even coffee taste.
A short list highlights the goals:
Know Your DNA Reviews
Don't miss out on the opportunity to learn more about yourself. Read our best DNA test page to find the best one for you.
Policies from AncestryDNA and 23andMe promise they will not “sell” your raw genetic file in the traditional sense.
Instead, they license aggregate or de-identified datasets to research partners under strict contracts.
Despite those assurances, wording in the terms of service still allows broad uses once you give consent.
Bankruptcy or mergers can also transfer data to a new owner, so “no sale” today does not guarantee the same rules tomorrow.
Many people skim privacy boxes at checkout.
Here is what you actually agree to when you click yes:
Leading labs store DNA data on encrypted servers and move files through secure channels.
They publish transparency reports and now require two-factor log-ins after a 2023 breach showed password reuse is a weak link.
Even strong encryption cannot stop “credential stuffing” attacks that reuse passwords leaked from other sites.
Once inside an account, intruders can copy family trees, ethnicity results, or relative matches without breaking the database itself.
Hackers used reused passwords to enter about 6.9 million accounts in 2023.
They targeted Ashkenazi Jewish and Chinese ancestry profiles, then posted lists for sale on dark-web forums.
You are not powerless—small choices shrink most risks.
Start with the account settings page, then decide how much data you want online.
Here are proven steps:
The U.S. Genetic Information Nondiscrimination Act (GINA) stops health insurers and employers from using your DNA against you.
It does not cover life, long-term-care, or disability insurance, and it misses smaller employers.
Several states and international groups are drafting broader laws, while industry groups promote voluntary standards.
Until a single, robust rule set arrives, consumers must rely on contract language and company promises.
Police now use public genealogy sites to crack cold cases.
Courts can compel companies to open restricted profiles if they issue a valid warrant.
| Protection | Main Focus | Big Gaps |
| GINA (federal) | Health insurance & employment discrimination | Life and long-term-care insurance, small employers |
| State privacy laws (CA, MT, VA, others) | Consent before analysis or sharing | Vary widely; enforcement still new |
| International frameworks (EU GDPR, GA4GH) | Data minimization & user rights | U.S. firms outside EU may not follow GDPR |
| Voluntary industry standards | Security audits, transparent reports | Not legally binding or enforceable |
Knowing how companies treat your DNA helps you choose wisely.
Know Your DNA Reviews
Looking for a DNA test that's accurate and can tell you about your health and heritage?
