Genetic testing companies agree guidelines for DNA data sharing and police requests

In 2018 genetic testing companies such as Ancestry and 23andMe agreed on guidelines for sharing users' DNA data and handling police requests. The guidelines, which include easy-to-read privacy policies, were inspired by two incidents: one in which local investigators used the GEDmatch DNA comparison service to identify a suspect in the Golden State Killer case, and the other 23andMe's announcement that in return for a $300 million investment it would grant GlaxoSmithKline access to "de-identified" user data for research purposes. Helix, MyHeritage, Habit, African Ancestry, and FamilyTreeDNA pledged to adopt a similar approach. While the new approach grants users of these services limited rights to have their data deleted, they may not be able to withdraw data once it's in use by researchers, and the testing services are not required to disclose every time users' data is de-identified and used. Barring gag orders, the companies promise to publish an annual report on law enforcement requests; 23andMe says it has received five requests in its history. GEDmatch, however, is an open source database that is not covered by the guidelines.

Writer: Tony Romm and Drew Harwell
Publication: Washington Post