How Easy Is DNA Collected by Genealogy Companies Accessed by Law Enforcement Agencies?

At least one privacy expert is concerned about protections for consumers' DNA submissions to private companies by law enforcement agencies.

Two high-profile homicide investigations on the West Coast, including an arrest of a suspect in the decades-old case of "The Golden State Killer," has put DNA collection by genealogy companies into the spotlight.

In both cases, investigators say those troves of DNA by private companies helped provide valuable evidence. 

Could it be the beginning of a new era in crime-fighting? How easy can local police departments access the DNA that private citizens provide to track down their ancestry?

A retired FBI agent who worked for years in the Philadelphia field office of the bureau said any law enforcement access to a company's records requires a court order, like warrants for other more common searches.

"A police department, or even the FBI, can't just pick up the phone and call and say, 'Give me everything you've got on JJ Klaver,'" the former FBI agent, JJ Klaver, told NBC10.

At least one expert in privacy laws, however, is more skeptical.

"It is a free-for-all right now," Pam Dixon, executive director of the World Privacy Forum, said.

Dixon said one of the biggest concerns is the misconceptions people have about how protected DNA submissions to genealogy research companies are.

Still, those companies assure that they follow all the privacy laws currently in place.

An open-source DNA research company, GED Match, says it has recently updated its terms of service and privacy policy.

The well-known said in a statement: "Ancestry advocates for its members’ privacy and will not share any information with law enforcement unless compelled to by valid legal process."

Yet another company, 23andMe, said in a statement that its privacy policy prohibits "the company from voluntarily working with law enforcement. 23andMe has never given customer information to law enforcement officials, and we do not share information with employers or insurance companies."

It's full privacy policy can be found here.

Like those three, FamilyTreeDNA said it does not disclose any of its customers' genetic information to a third party without express consent.

The exception, a company spokesman said in an email, is "in the case of a valid, legally binding court order."

And even then, FamilyTreeDNA "will disclose the absolute minimum amount of information necessary, so as to protect user privacy to the greatest degree possible in compliance with the subpoena," the spokesman said.

Contact Us