Can DNA Testing Companies Like Ancestry and 23andMe Sell Your Information?

Some DNA testing companies sell your information but only with your explicit consent. Most DNA testing companies claim they keep DNA information as private as possible and only share or sell your DNA with your consent.

Usually, there's a contract or user agreement you have to sign first to ensure the safety and encryption of your data. In most cases, DNA testing companies will ask you to opt in or out of sharing your data with third parties for research purposes and are required by law to abide by this decision.⁴

According to genetic testing companies, the process is safe and secure. However, choosing to keep your raw DNA data involves some privacy risks. After all, it’s sensitive information, and many people share that same concern about data privacy.

So while at-home DNA tests like Ancestry and 23andMe have become popular in recent years and promise security, be mindful that security breaches can happen despite the companies trying their best to keep their databases secure.

We recommend you download your data first to have your own personal copy, then delete it from DNA company websites to be sure.

There's also the complicated issue of who has total ownership of your DNA—you need to make sure you read the fine print or terms of service before sending any company your private information and then give your express consent.

Who Owns Your DNA Data?

One of the biggest concerns people have about genetic testing is the ownership of their DNA information.

For the most part, with most testing services, you own your DNA sample and personal information. However, after you sign the consent and submit a sample, you will no longer have complete control over them depending on what you opted in on when you signed consent.

This is why it’s important that you read your user agreement first, review the company's privacy policy, and ask the testing service to destroy your sample once you get your results. You should also consider deleting your raw DNA data after downloading it.

Always ensure you read any consent forms and the fine print that genetic testing companies have before handing over your private information.

How Do Companies Protect Your DNA Data?

Here are some of the measures most companies take to protect your DNA data:

• Several levels of data encryption turn readable data into an unreadable format using an algorithm
• Secure HTTPS protocols are put into place for the transmission of data between users and databases
• Server encryption for data access within databases
• Meeting global data security standards and earning certification to prove high data security to elevate industry standards for privacy
• Separation of identifiable information from genetic data
• Explicit user consent agreements
• Authentication measures to work with password protection
• Options to delete data

Note that not every company may do this, but most of them try to ensure tight security measures all the same.

How Legal Protections Around DNA Data Work

The following legal protections and genetic privacy laws are in place to protect your DNA data:

• Oversight by the Federal Trade Commission (FTC) – The FTC actively enforces the protection of biometric and genetic data, taking measures against companies for security lapses. They emphasize the necessity for explicit consent and stringent security practices in handling sensitive information to prevent misuse and ensure compliance with the FTC Act.
• Genetic Information Nondiscrimination Act (GINA) – GINA is a federal law that protects individuals from discrimination in health insurance and employment based on genetic information. GINA forbids the use of genetic data in job-related decisions.
• Health Insurance Portability and Accountability Act (HIPAA) – HIPAA includes genetic information in the definition of Protected Health Information (PHI), restricting its use in health insurance underwriting. The Office for Civil Rights has further clarified genetic data as health information.
• Americans With Disabilities Act (ADA) – The ADA prevents discrimination against anyone with disabilities, including disabilities or health risks recognized in genetic tests. Genetic discrimination can come in many forms, such as denying someone employment for a disability they find out about in genetic testing results.

While there are many frameworks in place to protect you and your private information, many DNA test consumers still demand even further legislation to protect them, especially on the state level.

Many genetic testing services take their privacy practices seriously, as they can suffer severe legal consequences if they don't. Sadly, not all of them are as careful or have your best interests at heart, so do your due diligence and take the time to look into a company before taking a test.

If they don't have your express consent, you can take legal action.

How Consent Works in DNA Tests

Informed consent with DNA tests is legally and ethically required. Here's how it works normally with most DNA tests:

• Disclosure of the kind of data being collected, how it will be collected, who will be able to access and analyze it, and how long it will be stored
• Voluntary consent for any kind of DNA sharing (for research, forensic use, etc.) must be in writing
• DNA testing companies will take into account how competent you are to give your consent, including getting the consent of any parent or legal guardians for minors
• Clearly indicating that DNA data may be used for legal or law enforcement reasons and the circumstances that may surround those uses
• Explanations of how you can withdraw consent at any time and destroy your sample in their privacy policy or user agreement
• Explicit agreement to terms, usually with an "I agree" button or signature

How Do Companies Use Your DNA Data?

Most testing companies will ask you to sign an informed consent form before you take the test. The more trustworthy companies may get you to sign additional documents if they have other plans with your DNA.

If you agree, this could mean they have control over the following:

• Storage of your DNA data
• Release of your DNA data
• Use of your DNA data

Some companies utilize a third-party provider to interpret your DNA data. Unfortunately, this places your information at risk.

For instance, your DNA can be used for scientific research. Pharmaceutical companies and academic researchers may also use it to develop treatments or study genetic diseases.

Law enforcement agencies can obtain your DNA or the DNA of family members, with or without a court order. The identification and arrest of the Golden State Killer is one example.¹

How Can DNA Data Be Misused?

Because DNA data contains so much personal, identifiable information and family history, it can be misused in several ways, such as:

• Over-reliance on genetic information for predictive policing endangers minority groups as they are disproportionately targeted and suspected of crime⁵
• Malicious impersonation of people whose information they were able to find through DNA data breaches
• Discrimination in healthcare or the workplace based on genetic predispositions to some conditions
• Use in research without explicit informed consent

Other Privacy Concerns With Your DNA Data

Health insurance companies and employers can access your DNA data. You might be worried that negative results (like an increased risk of disease) can affect your:

• Insurance coverage
• Employment status
• Salary and increases
• Career advancement

However, there are several laws that protect you against discrimination. The Genetic Information Nondiscrimination Act (GINA), for example, prevents employers and insurance companies from making decisions based on your DNA information. 

GINA provides protection by preventing health insurers from discriminating against users based on their health information and using this information as a prerequisite for employment. For example, they cannot deny you health coverage, increase your premium, or lay you off on the basis of your DNA results.

The Future of Privacy Forum (FPF) is also working on protecting consumers.²

The non-government organization is focused on public policies for the DNA research industry. Both 23andMe and Ancestry have agreed to FPF policies, which include:

• Transparent data collection
• Strong security measures
• Following legal processes

Does Ancestry Sell Your Data? 

According to Ancestry, they don’t sell your genetic information to third parties. They might share your DNA data with research partners, but only with your consent.

They also don’t share your DNA data with law enforcers unless they are ordered to. All government agencies are required to follow legal processes to access their users’ data.

You can read our Ancestry DNA review to learn more.

Can 23andMe Sell Your Data?

According to 23andMe and its privacy policy, they’ll never share your genetic data without your permission. You’ll have full control over:

• How they can use your information
• Who they can share it with

As a security measure, they encrypt all sensitive information. They also perform regular assessments to look for security threats.

23andMe doesn’t release any personal information to government agencies. However, they can do this if they are handed a court order, subpoena, or search warrant.

Here’s our 23andMe review if you need more information.

Is It Safe To Take A DNA Test?

It depends on the test. It’s best that you look for a company that:

• Creates a standard security policy
• Asks for consent if they want to share your genetic data
• Stores data in a physically separate location
• Encrypts data and other personal information
• Assigns randomized ID numbers

Data encryption will make it difficult for hackers to decode the information and connect it to a person. ID numbers make personal details like your name unidentifiable.

The most private DNA tests follow certain standards to ensure your data privacy across the industry.

What Can You Do To Make DNA Testing Safe?

Before taking any genetic tests, it’s important to understand the risks. There are several things you can do to protect your DNA data if you choose to take an at-home DNA test. 

Here are some tips on how to keep your genetic information safe:

• Carefully read the privacy policy before signing the consent form
• Never allow the company to share your data with third parties
• Delete your raw data after getting your results
• Request to destroy your DNA sample or delete your account
• Be careful where you upload your raw DNA data