Who Can Access Your DNA Results From Genealogy Services?

Companies like Ancestry and 23andMe have become increasingly popular as more people are interested in learning more about their family history, cultural heritage, and other neat facts that comprise their identity. However, given that these services rely on collecting your DNA in order to fulfill these purposes properly, there has been some controversy regarding what people and organizations should be able to access your data. 

In 2018, California police arrested Joseph James DeAngelo Jr., the infamous serial killer dubbed the Golden State Killer. For nearly 40 years, police were unable to locate the man after he went on his crime spree in the late 1970s to mid-1980s (via ABC News). However, when genealogy services started to become popular, law enforcement took a nuanced approach. They collected DNA from one of the crime scenes and uploaded it to the site MyHeritage, according to the Los Angeles Times. This allowed officers to track down close relatives of the killer and solve numerous other cases using the same method, but it has caused an uproar of debate when it comes to personal privacy. 

The controversy

The prosecutors defended their actions, claiming that when people upload their DNA to public services like MyHeritage, they are waiving their right to privacy regarding their personal data, according to the Los Angeles Times. Alternatively, critics claim that some of these private companies violated their terms of service by leaving customers unaware that the police had the ability to find their information without a warrant. 

MyHeritage specifically claimed that your information was protected unless the company was legally required to hand it over (via the Los Angeles Times). Still, the company defended law enforcement, stating that there was nothing in the terms of services that prevented the police from going on this controversial route. Since then, the policy has been adapted to ban any police investigation without a warrant or other legal statute, according to the Los Angeles Times. This has sparked much debate when it comes to privacy laws and consumer protection laws, causing many state legislatures to take legal action, according to Pew Research Center.

What will happen?

In Utah for example, a bill was proposed to ban police from utilizing private companies' genealogy services altogether, whereas some states, like Washington state, had laws proposed to allow police to search through the data but only with legal requirements, according to Pew Research Center. But the controversy only grew in 2019 when a state judge ordered the company GEDmatch to release its entire genetic database to law enforcement, according to Science.

GEDmatch was one of the sites utilized in the Golden State Killer investigation, and since then the company has updated its policy to allow users to opt-in to a public domain that is searchable by police, which around 185,000 of the company's 1.3 million users agreed to (via Science). So far, big genealogy services like 23andMe staunchly support their users' rights to privacy and oppose unwarranted police searches, but that doesn't mean the debate is over. As consumer information across all platforms only becomes increasingly available to different groups and organizations, people will still be asking this central question: Who should be able to access a person's data, and what laws should be in place to protect it?