Ancestry states that personal information, including potentially genetic data and family history content, may be transferred to a third party in the event of a corporate transaction such as a merger, acquisition, or asset sale.
This analysis describes what Ancestry's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision authorizes transfer of the full scope of Ancestry's collected personal information, including genetic data, to a successor entity in a corporate transaction. The receiving entity may operate under different privacy policies and data governance frameworks, subject to applicable law and any representations made at the time of transfer.
The updated Privacy Statement clarifies what uses of Ancestry services are permitted and prohibited, establishes that photo face-grouping in your gallery requires your express consent, and introduces SMS messaging as a communication channel for future opt-in communications. The statement now covers Ancestry, AncestryDNA, and Related Brands under a unified framework while noting that other services operated by the company use separate privacy statements. The removal of 'uploaded DNA data' from the account creation section reflects a narrowing of that specific provision's scope, though genetic information processing remains described elsewhere in the policy. You can review the full updated statement to understand how your personal information will be processed and manage your communication preferences when SMS opt-ins become available.
View change record →California residents lose direct navigation to the CCPA-mandated 'Do Not Sell or Share My Personal Information' disclosure page from Ancestry's privacy footer. While California law requires the company to honor data sale opt-out requests, removing the link reduces visibility and accessibility of this right. California residents can locate this right by searching Ancestry's website or contacting the company directly, but the removal creates an additional barrier to exercising a legally protected option.
View change record →Removed notification requirement, opportunity to opt out, and disclosure of changes to privacy policy; significantly weakened user protections in corporate transactions.
View full change record →Under this clause, personal data including DNA records and family tree content collected by Ancestry may be transferred to an acquiring company in a merger, acquisition, or asset sale, potentially subjecting that data to a different privacy framework. The policy does not specify whether users will be notified prior to such a transfer or provided an opportunity to delete their data before the transaction completes.
How other platforms handle this
We may share your information in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, or dissolution, transaction, or proceeding involving all or a portion of our business.
By using our Services, you agree to be bound by this Privacy Policy.
We may share your personal information with our affiliates, meaning entities that control, are controlled by, or are under common control with Consensys. We also share information with service providers who assist in operating our services, subject to confidentiality obligations.
Monitoring
Ancestry has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"In the event of a merger, acquisition, bankruptcy, or other sale of all or a portion of our assets, personal information may be one of the assets transferred to or acquired by a third party.— Excerpt from Ancestry's Ancestry Privacy Statement
REGULATORY LANDSCAPE: Corporate transaction data transfers involving sensitive personal data, including genetic information, may require regulatory notification or approval in certain jurisdictions. GDPR requires that transferred data continue to be processed consistently with the original lawful basis and that data subjects be informed of material changes to the data controller's identity. The FTC has historically scrutinized data transfers in bankruptcy and acquisition contexts involving sensitive consumer data, including health-related records. GOVERNANCE EXPOSURE: Medium to High for genetic data specifically. Given the nature and volume of genetic and genealogy data held by Ancestry, a corporate transaction transferring that data to a new controller would represent a significant privacy event. The receiving entity's obligations under applicable law and the enforceability of the original consent scope against a new controller are areas of legal complexity. JURISDICTION FLAGS: EU and UK GDPR require that data subjects be notified of a change in data controller and that the legal basis for processing remain valid after the transfer. California law imposes requirements on the use of personal data acquired in a corporate transaction. Genetic data transferred to a new controller may trigger state genetic privacy statute compliance obligations in the receiving entity's jurisdiction. CONTRACT AND VENDOR IMPLICATIONS: In M&A due diligence contexts, acquiring entities should assess the full scope of Ancestry's data holdings, the consent architecture for genetic and health data, and the enforceability of existing data processing agreements with third-party vendors and research partners post-acquisition. COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether the policy's corporate transaction disclosure satisfies GDPR transparency requirements for informing users of potential controller changes. Contingency planning for data subject request handling during and after a corporate transaction should be documented, particularly for genetic data deletion and research consent withdrawal requests.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision authorizes transfer of the full scope of Ancestry's collected personal information, including genetic data, to a successor entity in a corporate transaction. The receiving entity may operate under different privacy policies and data governance frameworks, subject to applicable law and any representations made at the time of transfer.
Under this clause, personal data including DNA records and family tree content collected by Ancestry may be transferred to an acquiring company in a merger, acquisition, or asset sale, potentially subjecting that data to a different privacy framework. The policy does not specify whether users will be notified prior to such a transfer or provided an opportunity to delete their …
ConductAtlas has identified this type of provision across 23 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Ancestry.