Dna Helix with a Privacy Lock Symbol Overlay

Why Genetic Testing Companies Can Legally Share Your DNA — and How to Stop Them

Why Genetic Testing Companies Can Legally Share Your DNA — and How to Stop Them

The Hidden Side of DNA Testing You Probably Never Thought About

Millions of people have sent their saliva to genetic testing companies like 23andMe, AncestryDNA, and MyHeritage. The promise is simple and exciting — learn about your heritage, discover health risks, and find long-lost relatives. But once that sample leaves your hands, something else happens that most people never read about in the fine print.

Your genetic data — one of the most personal things about you — can be shared, sold, or handed over to third parties, often without you fully realizing it. And in many cases, it is completely legal. Understanding how this works, and what you can do about it, is something every DNA test customer should know.

Why Genetic Data Is So Sensitive

Your DNA is not like a password you can change if it gets stolen. It is permanent. It contains information about your health risks, your family members, your ancestry, and even your physical traits. It can potentially reveal whether you are likely to develop certain diseases, and that information could, in the wrong hands, affect your insurance coverage or employment.

Beyond your own privacy, your DNA also reveals information about your biological relatives — people who never agreed to any test at all. This is what makes genetic privacy such a uniquely complicated issue compared to other types of personal data.

How These Companies Are Allowed to Share Your Data

When you sign up for a DNA testing service, you agree to a terms of service and a privacy policy. These documents are often long, written in legal language, and most people skip straight past them. But buried inside those agreements are the rules about how your genetic data can be used.

Here are the most common ways genetic testing companies share your data legally:

  • Research partnerships: Many companies offer an optional program that lets them use your anonymized data for scientific research. Some customers opt into this without fully understanding what it means. Companies like 23andMe have partnered with pharmaceutical giants such as GlaxoSmithKline to use customer data for drug development.
  • Law enforcement requests: In the United States, law enforcement agencies can request access to genetic databases, either through subpoenas or through investigative genealogy techniques. Several high-profile criminal cases have been solved using DNA data from genealogy websites.
  • Third-party apps and services: Some platforms allow users to connect their accounts to third-party health or wellness apps. When you grant those apps access, your data can flow to another company entirely.
  • Business sales and mergers: If a genetic testing company is sold, goes bankrupt, or merges with another business, your data can be transferred as a business asset. This happened with 23andMe after the company filed for bankruptcy in 2025, raising serious concerns about who would end up controlling millions of genetic profiles.

What the Law Actually Says

The legal landscape around genetic privacy in the United States is a patchwork of rules that do not always line up. Here is a basic breakdown:

  • GINA (Genetic Information Nondiscrimination Act): This federal law prevents health insurers and employers from discriminating based on genetic information. However, it does not cover life insurance, disability insurance, or long-term care insurance — which are all areas where genetic data could still be used against you.
  • HIPAA: The Health Insurance Portability and Accountability Act protects medical records held by healthcare providers. But direct-to-consumer DNA testing companies are generally not classified as healthcare providers, so HIPAA does not automatically apply to them.
  • State laws: Some states, like California and Texas, have passed their own genetic privacy laws that give residents more control. But protections vary widely depending on where you live.
  • Company privacy policies: In the absence of strong federal regulation, the rules are mostly set by the companies themselves — which means they can change them over time.

The bottom line is that the legal protection for your genetic data is much weaker than most people assume. When you click “I agree,” you are often giving up more control than you realize.

The Consent Problem

Consent is at the heart of the genetic privacy debate. In theory, most genetic testing companies ask for your consent before sharing your data. In practice, that consent process is often deeply flawed.

Research has shown that the average person spends less than two minutes reading a terms of service agreement, even when those agreements can run to tens of thousands of words. Consent checkboxes are often pre-checked by default, especially for research programs. Options to opt out are sometimes buried in account settings that most users never visit.

True, informed consent means understanding exactly what you are agreeing to, what the risks are, and having a genuine choice to say no without losing access to the core service. By that standard, the consent practices of many genetic testing companies fall far short.

Real-World Consequences

This is not just a theoretical concern. There have been several documented cases where genetic data sharing created serious problems:

  • In 2018, investigators used the genealogy website GEDmatch to identify the Golden State Killer, Joseph James DeAngelo. While many people celebrated the outcome, it sparked a major debate about whether law enforcement should be able to search genetic databases without a warrant.
  • In 2023, 23andMe suffered a major data breach in which hackers accessed the personal information of nearly 7 million customers. The breach highlighted how a single security failure can expose an enormous amount of sensitive biological data.
  • When 23andMe filed for bankruptcy in 2025, consumer advocates and state attorneys general urged customers to delete their data immediately, worried about who might purchase the genetic profiles of millions of people.

How to Protect Your Genetic Privacy

The good news is that you have more control than you might think, as long as you take action. Here is what you can do right now:

1. Read the Privacy Policy Before You Sign Up

Yes, it takes time. But before you submit a DNA sample to any company, find out exactly what they do with your data, who they share it with, and under what circumstances. Look specifically for sections on research partnerships, law enforcement access, and data sales.

2. Opt Out of Research Programs

Most major genetic testing companies offer an option to opt out of having your data used in research or shared with third parties. This option is not always shown prominently, but it is usually available in your account settings. Go find it and turn it off.

3. Request That Your Data Be Deleted

Under some privacy laws, including the California Consumer Privacy Act (CCPA), you have the right to request that a company delete your personal data. Many genetic testing companies provide a way to delete your account and request destruction of your physical sample. Use it if you no longer need the service — or if you are worried about who might end up controlling the company.

4. Opt Out of Law Enforcement Matching

Some genealogy platforms, including GEDmatch and FamilyTreeDNA, have specific settings that control whether your profile can be searched by law enforcement. Check these settings and set them according to your own comfort level.

5. Be Careful With Third-Party Apps

If you use a testing platform that allows you to connect third-party apps, review which apps have access to your account and remove any that you do not actively use or fully trust. Each connection is another potential point of exposure.

6. Download a Copy of Your Raw Data First

Before you delete your account, consider downloading a copy of your raw genetic data. This lets you store it securely yourself or use it with another service in the future, without having to rely on a company that might not always be around.

What Needs to Change at a Broader Level

Individual actions matter, but they are not enough on their own. Stronger legal protections are needed to make genetic privacy a real right rather than a checkbox exercise.

Consumer advocates and privacy experts have been calling for several key reforms:

  • A federal law that specifically governs how direct-to-consumer genetic testing companies collect, store, and share data.
  • Stricter rules around what happens to genetic data when a company is sold or goes out of business.
  • Clearer and more honest consent processes, with opt-in rather than opt-out defaults for data sharing.
  • Stronger limits on law enforcement access to genetic databases, including warrant requirements.

Until those protections are in place, the responsibility largely falls on consumers to educate themselves and take steps to protect their own data.

The Bottom Line

Genetic testing can offer real value — learning about your health, your ancestry, and your family history is genuinely meaningful. But the genetic privacy risks are equally real, and they are not going away on their own.

The data you hand over when you take a DNA test is uniquely personal, permanent, and powerful. Understanding your rights, reading the fine print, and actively managing your privacy settings are not just optional extras. They are necessary steps for anyone who wants to keep control of one of the most intimate pieces of information they will ever share.

Your DNA tells your story — and you deserve to decide who gets to read it.

Related Posts

Featured Videos

How Does a Motorcycle Accident Attorney Help Your Injury Recovery? Attorney Gacovino Explains

Attorney Steven Gacovino Explains How A Motorcycle Accident Attorney Significantly Assists Injury Recovery

What Are the Car Insurance Requirements in New York? Attorney Gacovino's Complete Legal Guide

Attorney Steven Gacovino Explains Car Insurance Requirements In New York

Understand New York No-fault Insurance After a Car Accident

Attorney Steven Gacovino Explains How No-Fault Insurance in New York Works After A Car Accident

Does New York No-fault Insurance Cover You if the Driver is Uninsured? Attorney Gacovino Explains

Attorney Steven Gacovino Explains If No-Fault Insurance in New York Is Applicable For Uninsured Drivers

What Compensation Can You Receive After a Car Accident? Attorney Steven Gacovino Explains All

Attorney Steven Gacovino Explains The Types Of Compensation You Could Receive After A Car Accident

Will This Landmark Trial Break Social Media Forever and Change the Internet As We Know It

Will This Trial Break Social Media Forever?

Ai Hallucinations Lead to Attorney Sanctions: What Every Lawyer Must Know About Legal Tech Risks

AI Lawsuit Shakes the Legal World: Expert Insight

Why Age Matters: the Alarming Link Between Teen Brain Development and Social Media Addiction

Age and Social Media Addiction: The Surprising Connection

Recognize Social Media Addiction Early: Legal Rights when Platforms Cause Mental Health Harm

How to Recognize Social Media Addiction Early

Inside the Legal Battle over Youth Social Media: Privacy, Safety, and Free Speech Collide

Inside the Legal Struggle on Youth Social Use

Australia’s Bold Teen Social Media Ban: Experts Say Results Will Show Up Soon

Australia’s Bold Social Ban: Expert Predicts Results Soon

How Australia Can Enforce Its Teen Social Media Ban and Protect Young Users

How to Enforce Australia’s Teen Social Media Ban

Recent Videos

How Does a Motorcycle Accident Attorney Help Your Injury Recovery? Attorney Gacovino Explains

Attorney Steven Gacovino Explains How A Motorcycle Accident Attorney Significantly Assists Injury Recovery

What Are the Car Insurance Requirements in New York? Attorney Gacovino's Complete Legal Guide

Attorney Steven Gacovino Explains Car Insurance Requirements In New York

Understand New York No-fault Insurance After a Car Accident

Attorney Steven Gacovino Explains How No-Fault Insurance in New York Works After A Car Accident

Does New York No-fault Insurance Cover You if the Driver is Uninsured? Attorney Gacovino Explains

Attorney Steven Gacovino Explains If No-Fault Insurance in New York Is Applicable For Uninsured Drivers

What Compensation Can You Receive After a Car Accident? Attorney Steven Gacovino Explains All

Attorney Steven Gacovino Explains The Types Of Compensation You Could Receive After A Car Accident

Attorney Andrew Dosa Explains Estate Planning Problems when Caregivers Are Included in Your Inheritance Plan

Attorney Andrew Dosa Explains Potential Estate Planning Problems When CareGivers Are Included

How to Avoid Bitter Inheritance Disputes Now and Protect Your Family’s Legacy and Relationships

How to Avoid Bitter Inheritance Disputes Now

Will This Landmark Trial Break Social Media Forever and Change the Internet As We Know It

Will This Trial Break Social Media Forever?

Ai Hallucinations Lead to Attorney Sanctions: What Every Lawyer Must Know About Legal Tech Risks

AI Lawsuit Shakes the Legal World: Expert Insight

Why Age Matters: the Alarming Link Between Teen Brain Development and Social Media Addiction

Age and Social Media Addiction: The Surprising Connection

Recognize Social Media Addiction Early: Legal Rights when Platforms Cause Mental Health Harm

How to Recognize Social Media Addiction Early

Inside the Legal Battle over Youth Social Media: Privacy, Safety, and Free Speech Collide

Inside the Legal Struggle on Youth Social Use

Scroll to Top