Can DNA Testing Companies Like Ancestry and 23andMe Sell Your Information?
Updated on May 8, 2025
Back to top
back to top icon
DNA Testing
Can DNA Testing Companies Like Ancestry and 23andMe Sell Your Information?
KnowYourDNA is reader-supported. This means we may receive a commission when you buy something from one of the links on this page.

Consumer DNA tests feel simple—you send a saliva sample and wait for a report.
Behind that convenience sits a vast data engine that can help science and expose private details.

This guide shows how leading test companies handle your genetic data, where the risks lie, and what you can do to stay in control.

Can DNA Testing Companies Like Ancestry and 23andMe Sell Your Information? 2

How Consumer DNA Companies Use Your Data

Companies need your DNA to deliver ancestry and health insights, but they also use it for internal research and product development. Most keep personal identifiers separate from the genetic file so staff see an anonymous code, not your name.

You may notice occasional pop-ups or emails asking you to join extra studies.
These programs rely on “opt-in” consent, meaning the company should not share your individual-level data unless you say yes.

Internal studies fuel new reports

In-house scientists match gene patterns with survey answers to refine risk calculators and ancestry breakdowns.
When enough people carry the same variant, researchers can test links to cholesterol, sleep, or even coffee taste.

Why firms invite you to opt in

A short list highlights the goals:

  • Improve reports: New gene–trait links make ancestry estimates or health scores more accurate.
  • Advance medicine: De-identified DNA pools help academics and drug makers study diseases faster.
  • Grow revenue: Partnerships with pharma create a new income stream beyond test kits.
  • Validate tools: Broad datasets let statisticians confirm that predictions work for many ethnic groups.

Know Your DNA Reviews

Best DNA Kit

Don't miss out on the opportunity to learn more about yourself. Read our best DNA test page to find the best one for you.

Can Your DNA Be Sold? The Truth Behind Data Sharing

Policies from AncestryDNA and 23andMe promise they will not “sell” your raw genetic file in the traditional sense.
Instead, they license aggregate or de-identified datasets to research partners under strict contracts.

Despite those assurances, wording in the terms of service still allows broad uses once you give consent.
Bankruptcy or mergers can also transfer data to a new owner, so “no sale” today does not guarantee the same rules tomorrow.

Third-party access: what does consent really mean?

Many people skim privacy boxes at checkout.
Here is what you actually agree to when you click yes:

  • Wide partner list: Universities, drug companies, and sometimes insurers running clinical studies.
  • Future projects: Your sample can support studies not yet imagined when you first signed up.
  • Data linkage: Genetic files may be matched with survey answers, health records, or wearable data to deepen analysis.
  • Ongoing storage: Some labs keep de-identified DNA for decades unless you order destruction.

How Secure Is Your Genetic Information?

Leading labs store DNA data on encrypted servers and move files through secure channels.
They publish transparency reports and now require two-factor log-ins after a 2023 breach showed password reuse is a weak link.

Even strong encryption cannot stop “credential stuffing” attacks that reuse passwords leaked from other sites.
Once inside an account, intruders can copy family trees, ethnicity results, or relative matches without breaking the database itself.

Breach case study: the 23andMe hack

Hackers used reused passwords to enter about 6.9 million accounts in 2023.
They targeted Ashkenazi Jewish and Chinese ancestry profiles, then posted lists for sale on dark-web forums.

Typical layers of protection companies advertise

  • Encryption at rest and in transit: Scrambles data on servers and during transfer.
  • ISO-certified audits: Third-party checks of security controls.
  • Activity alerts: Emails when someone logs in from a new device.
  • Mandatory two-factor authentication: Extra code adds a roadblock for hackers.

What You Can Do to Protect Your Genetic Privacy

You are not powerless—small choices shrink most risks.
Start with the account settings page, then decide how much data you want online.

Here are proven steps:

  • Limit consent: Skip optional research or relative-matching tools if you value anonymity.
  • Use a unique email and strong password: This blocks credential-stuffing attacks.
  • Delete unused samples: Some firms let you request that leftover saliva be destroyed.
  • Download and store locally: If you need raw data, keep it offline after export.
  • Create an alias: Consider a secondary email or nickname so reports do not display your full identity.
  • Revisit settings yearly: Companies update policies; check any new boxes and uncheck ones you no longer accept.

Regulatory Oversight of DNA Privacy

The U.S. Genetic Information Nondiscrimination Act (GINA) stops health insurers and employers from using your DNA against you.
It does not cover life, long-term-care, or disability insurance, and it misses smaller employers.

Several states and international groups are drafting broader laws, while industry groups promote voluntary standards.
Until a single, robust rule set arrives, consumers must rely on contract language and company promises.

Law-enforcement access raises special fears

Police now use public genealogy sites to crack cold cases.
Courts can compel companies to open restricted profiles if they issue a valid warrant.

ProtectionMain FocusBig Gaps
GINA (federal)Health insurance & employment discriminationLife and long-term-care insurance, small employers
State privacy laws (CA, MT, VA, others)Consent before analysis or sharingVary widely; enforcement still new
International frameworks (EU GDPR, GA4GH)Data minimization & user rightsU.S. firms outside EU may not follow GDPR
Voluntary industry standardsSecurity audits, transparent reportsNot legally binding or enforceable

Key Takeaways

Knowing how companies treat your DNA helps you choose wisely.

  • Read every checkbox: Consent forms spell out where your data can go.
  • Strengthen log-ins: Unique passwords and two-factor codes stop most breaches.
  • Review retention options: Ask the lab to destroy your sample or data when you are done.
  • Watch the law: New state and federal bills could expand your rights; stay informed.
  • Talk to relatives: Shared DNA means your choice can affect family members who have not tested yet.

Know Your DNA Reviews

The Best DNA Test

Looking for a DNA test that's accurate and can tell you about your health and heritage?

Updated on May 8, 2025
Minus IconPlus Icon
10 sources cited
Updated on May 8, 2025
  1. 23andMe. (n.d.). Individual Data Sharing Consent Document. https://customercare.23andme.com/hc/en-us/articles/115015674488-Individual-Data-Sharing-Consent
  2. 23andMe. (n.d.). Privacy and Security Overview. https://www.23andme.com/privacy/
  3. Consumer Reports. . Privacy and Direct-to-Consumer Genetic Testing. https://advocacy.consumerreports.org/press_release/consumer-reports-releases-study-on-the-need-for-greater-privacy-and-security-protections-for-direct-to-consumer-genetic-testing/
  4. Federal Trade Commission. . FTC Says Genetic Testing Company Failed to Protect DNA Data. https://www.ftc.gov/news-events/news/press-releases/2023/06/ftc-says-genetic-testing-company-1health-failed-protect-privacy-security-dna-data
  5. Harvard Gazette. . What Happens to Your Genetic Data if 23andMe Collapses?. https://news.harvard.edu/gazette/story/2025/03/what-happens-to-your-genetic-data-if-23andme-collapses/
  6. National Human Genome Research Institute. (n.d.). Genetic Information Nondiscrimination Act (GINA) Fact Sheet. https://www.genome.gov/about-genomics/policy-issues/Genetic-Discrimination
  7. Pew Research Center. . Americans and Privacy: Concerned, Confused and Feeling Lack of Control. https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/
  8. Reuters. . Court-Appointed Overseer for 23andMe Genetic Data in Bankruptcy. https://www.reuters.com/sustainability/boards-policy-regulation/23andme-will-have-court-appointed-overseer-genetic-data-bankruptcy-2025-04-29/
  9. Seceon. . 23andMe Data Breach: A Wake-Up Call for Consumer Privacy. https://securityboulevard.com/2025/04/23andme-data-breach-a-wake-up-call-for-consumer-privacy-and-corporate-accountability/
  10. Future of Privacy Forum. . New Genetic Privacy Laws in Montana, Tennessee, Texas and Virginia. https://fpf.org/blog/the-dna-of-genetic-privacy-legislation-montana-tennessee-texas-and-virginia-enter-2024-with-new-genetic-privacy-laws-incorporating-fpfs-best-practices/
Cristine Santander
Cristine Santander
Content Contributor
Cristine Santander is a content writer for KnowYourDNA. She has a B.S. in Psychology and enjoys writing about health and wellness.