After the case of Joseph James DeAngelo, we conducted research on several privacy policies. The Privacy Policies of Ancestry.com, 23andMe, and GEDmatch have fairly straightforward Policy Statements, however GEDmatch has several sections that can be misinterpreted and can cause its users to reveal more information than they intended or wanted to.
In the "Collection and Use of Information" section, GEDmatch confirms that they collect data regarding a user's equipment, browsing actions, and usage patterns. While they claim the information is gathered solely for statistical information and internal use, GEDmatch is still gathering personal information without the user's knowledge. Further, GEDmatch discloses that a user's Raw Data (DNA), personal information, and/or genealogy data can be disclosed to comply with legal obligation such as a subpoena or warrant. This disclosure of information may happen without the user's knowledge if notification is prohibited under law. What this means is that GEDmatch can give personal information to authorities without the user's consent or knowledge.
Under the Privacy section of GEDmatch, they state that users have the ability to use an alias instead of their real name. However, if the user has their DNA linked to their Genealogy Data their alias will not be used and their real name will be displayed instead. If a user does not read this section carefully, they may be under the impression that their identity is going to remain anonymous, when in reality their real name could be displayed and for other users who search through GEDmatch's DNA database.
|Section of the Policy||Privacy|
|Presently Reads||"If an alias has been provided, it will be displayed in place of the real name along with results. If your DNA is linked to your Genealogy Data, and only one or the other uses an alias, it may be possible for users to see the real name in the linked data."|
|Recommended Translation||"An alias may be used in place of a real name along with results. To keep your real name private you must use an alias for both your DNA and Genealogy Data, otherwise the real name may be known."|
|Purpose of Updates / Translation||To clarify that the alias must be used in both areas in order to have the real name hidden.|
Within the GEDCOMs section, GEDmatch claims that the information users provide (family trees and genealogy data) is to remain the property of the person who uploaded it. They say that they give the user to right to delete their information at any time. However, the user’s information will not be deleted immediately. Instead it will remain on a backup file for at least 30 days. It goes on to say that even if a user may wish for their information to be private, all Genealogy Data provided to GEDmatch can be viewed, searched, and compared by any GEDmatch user. They say steps are being taken to avoid users' information being available to the 'casual web surfer' or search engines, but never go into details about what these steps are. The next sentence, states that they cannot guarantee that private information will not be accessed by individuals who are not GEDmatch users and that the only way to have absolute privacy is to not upload any genealogy data. While the information is still the property of the user, other members and outside sources may have access without the users knowledge.
Health insurance is a critical area in which the laws surrounding the use and application of DNA information can seriously affect individuals. Allowing health insurance companies to see and use GEDmatch's user information could lead to possible genetic prejudices. In an article, Genetic Testing Threatens the Insurance Industry, which was published by The Economist, they discuss the impacts of genetic testing on insurance companies and some of the limitations that are in place. “In America the Genetic Information Nondiscrimination Act bans health insurers (and employers) from using such results…”(Economist, p.10). However, by having user’s genetic information available to the public, there is nothing to stop insurance companies from breaking the law and using this information anyway. For example, health insurance companies could use the personal genetic information on GEDmatch to see possible hereditary health issues and simply list other reasons for the increases to coverage costs.
23andMe. (2018). Full Privacy Statement.
Ancestry. (2018). Your Privacy.
Economist. (2017). Genetic Testing Threatens the Insurance Industry.
Govtrack. (2008). H.R. 493 (110th): Genetic Information Nondiscrimination Act of 2008.
Legal Information Institute. (2008). 29 U.S. Code § 1182 - Prohibiting discrimination against individual participants and beneficiaries based on health status.