DNA testing companies usually say they do not “sell” your genetic data the way a retailer sells a product. That statement can be technically true and still leave out important detail.
Your data can still be shared, licensed, transferred, or moved during research partnerships, policy changes, or corporate transactions. The real question is not just whether a company uses the word “sell.” It is what the policy allows once your DNA and account data are inside the system.
Key Takeaways
- Consumer DNA companies often distinguish between selling identifiable data and sharing de-identified or aggregated data.
- Research opt-ins can authorize broader downstream use than many buyers realize.
- Corporate changes matter. The 23andMe bankruptcy and TTAM asset transfer made that risk concrete.
- Genetic privacy law in the U.S. is still patchy.
- The strongest protection is still user behavior: limit consent, secure the account, and delete data you no longer want stored.
How DNA Companies Usually Use Your Data
A consumer DNA company usually handles several layers of information at once.
- your physical sample
- the digital DNA file derived from it
- your account information
- survey answers or self-reported health information
- relative matching and family-tree data
Even if a company says it does not sell your raw genetic file, it may still use those data layers in research, analytics, product development, or partnerships.
What “We Do Not Sell Your DNA” Often Means
In practice, it often means the company is not selling your named, directly identifiable raw DNA file like a simple commodity.
It does not always mean:
- no sharing with research partners
- no de-identified licensing
- no transfer in a merger, bankruptcy, or sale
- no use for internal product development
That distinction is where many consumers get misled.
Why the 23andMe Bankruptcy Changed the Conversation
The 23andMe collapse made a long-running privacy concern feel immediate. A company can promise consumer control and still face a bankruptcy, sale, or restructuring later.
That matters because privacy policies often allow personal information to be accessed or transferred as part of a merger, acquisition, bankruptcy, or sale of assets. The legal documents and the corporate reality have to be read together. If you want a buyer-facing version of that question, our guide to which DNA tests give you the clearest privacy controls is the best next read.
Research Consent Is a Bigger Deal Than Many People Think
If you opt into research, the company may be allowed to use or share de-identified genetic information in ways that go beyond the original ancestry or health report you bought.
That can support legitimate science. It can also create a wider downstream data footprint than many people intended.
What the FTC Has Already Warned About
The FTC’s action against 1Health/Vitagene is useful because it shows where the government has already drawn some lines.
The agency alleged failures involving:
- poor security
- broken deletion promises
- retroactive privacy-policy changes
That case is a reminder that privacy claims in the consumer DNA space are not just theoretical. Regulators have already found serious problems.
What the Law Protects and What It Does Not
GINA helps in one narrow but important area. It generally restricts health-insurance and employment discrimination based on genetic information.
It does not solve everything.
Notable gaps include:
- life insurance
- disability insurance
- long-term-care insurance
- the wider handling of consumer genetic data outside traditional healthcare privacy law
How To Protect Yourself Better
These are the most practical things you can do right now.
Limit optional consent
If you do not want your DNA tied into future research or broader data use, do not casually accept every research checkbox.
Secure the account
Use a unique password and enable two-factor authentication if the company offers it.
Decide on sample retention
Check whether the company stores the physical sample and whether you can request destruction.
Revisit your settings
Privacy terms and research options can change. Review them periodically.
Delete what you do not need
If you are done with the service, consider deleting the account, requesting sample destruction, and removing data from connected tools.
Bottom Line
Yes, consumer DNA companies can use your information in ways that go beyond the simple test report you bought. Even when they do not directly sell a named raw DNA file, they may still share, license, de-identify, or transfer data under policies you accepted.
The safest way to think about consumer DNA privacy is this: you are not just buying a kit. You are entering a data relationship. Treat it with that level of caution.
