Jordan Johnson
Biomolecules
Dr. Christina Steel
10/29/2025

DNA Privacy Policy

Ancestry highlights the physical protection of your DNA samples. They keep the DNA samples in a secure facility with 24-hour monitoring while also storing the DNA in a secured database with strictly limited access within the company. 23andMe has a more detailed description of their online protections. They hold three ISO certifications , that being ISO/IEC 27001:2013, 27018, and 27701, and all sensitive data is encrypted. The company was also stated to conduct regular assessments to detect vulnerabilities and threats.

Ancestry states they store DNA samples as “de-identified” meaning it is without your name or other common identifying information. However, PII could be used optionally with the matches and family tree features within your account. 23andMe stated their research analyses are conducted using data stripped of registration information, like your name and contact info. The contact info may be used to communicate with the user but is never analyzed with your genetic information.

Ancestry specifically stated that they do not sell your genetic or personal information to any companies or employers with your explicit consent. They do state however, information is shared with affiliated companies, other users and their advertising companies. 23andMe stated genetic and self-reported information will not be provided to insurance companies or employers “End of story”. The company does have research and commercial partnerships but would require consent to share info.

Ancestry states they do not voluntarily share user data with law enforcement or government agencies unless they follow a valid legal process. Therefore they would require a warrant, subpoena, or such. But the company does state it wouldn’t allow its service to identify human remains or investigate crimes.23andMe stated they have never released individual data to law enforcement agencies since its founding. They state they will not release any individual-level personal data without explicit consent unless required by law. Like Ancestry, they require legally valid requests such as court orders or warrants. And if that were to happen, affected users would be informed unless prevented by law.

Ancestry allows users to delete generic data and the destruction of biological samples upon request. The deleted data would be removed from production, development, and research systems within 30 days. But data cannot be withdrawn from ongoing or completed research. And information shared with other users can’t be removed unless those users delete it themselves. 23andMe lets users choose whether your sample is biobanked or safely discard it after analysis. And if you biobank it and later want to delete it, you can request it be destroyed at any time. Both companies state that if your account is deleted then your data will be deleted along with it.

Ancestry uses your data in research to further understand human history and improve human health. But your data would be stored without your name or address and only authorized personnel would be able to access it. 23andMe research is used to make new discoveries about genetics and other factors behind diseases and traits. Along with Ancestry, the information would be stripped of info such as your name and contact information

Personally, I wouldn’t want to give my genetic information to any company besides my doctor. I just wouldn’t want to have that information “out there” on any company database. Even with all their security measures anything could happen like what happened to 23andMe not even 2 years ago. I feel that since they have been compromised, 23andMe has beefed up their security measures and now has stronger protection on paper compared to ancestry. For this reason, I would go with 23andMe if I had to choose a company to go with.