If you opt into research, Ancestry may share your genetic data with outside research organizations. These partners are contractually required to keep it confidential and use it only for the stated research purpose.
This analysis describes what Ancestry's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Opting into research means your genetic information leaves Ancestry's systems and goes to third parties, even if under contract. Understanding what research purposes are covered and how partners are vetted is important for consumers sharing sensitive genetic data.
Interpretive note: The adequacy of research partner contracts and the identities of specific partners are not disclosed in the policy, making independent verification of confidentiality and purpose limitation commitments not possible from this document alone.
California residents lose direct navigation to the CCPA-mandated 'Do Not Sell or Share My Personal Information' disclosure page from Ancestry's privacy footer. While California law requires the compa…
Research opt-in consent authorizes your genetic data to be shared with third-party research partners outside Ancestry's direct control. The policy states these partners are contractually bound to confidentiality and purpose limitation, but consumers should review research consent terms carefully before opting in.
How other platforms handle this
We may share your personal data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. We may also share your personal data with advertising partners to display relevant advertising to y...
In order to provide you with services, Valve needs to share some data with the publisher or developer of the game (for example to verify your ownership of the game and register your Steam ID with the publisher), or with other third parties that Valve works with to provide services to you. Valve will...
We may share your personal information with third party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service and marketing assistance. We may also share information with advertising and analyt...
Monitoring
Ancestry has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may share your personal information, including DNA data, with third-party research partners if you have chosen to participate in research. Research partners are required to maintain the confidentiality of the data and to use it only for the research purposes for which it was shared. We do not sell your DNA data to third parties.— Excerpt from Ancestry's Ancestry Privacy Statement
(1) REGULATORY LANDSCAPE: Sharing genetic data with third-party research partners triggers GDPR Article 28 data processor obligations if partners process on Ancestry's behalf, or joint controller obligations under Article 26 if partners determine their own processing purposes. The consent mechanism must meet GDPR Article 7 standards: specific, informed, freely given, and withdrawable. US state genetic privacy laws in Illinois and Texas impose additional requirements on third-party sharing of genetic data. (2) GOVERNANCE EXPOSURE: High. The policy does not identify specific research partners or provide a mechanism for users to review who their data has been shared with. This opacity may create exposure under GDPR transparency requirements and state law disclosure obligations. The contractual confidentiality model is standard but the adequacy of those contracts is not verifiable from the policy text. (3) JURISDICTION FLAGS: EU/EEA users are most exposed given GDPR's stringent requirements for special category data sharing. California users have CPRA rights to know the categories of third parties with whom data is shared. Illinois and Texas residents may have genetic privacy law rights that constrain third-party sharing beyond what the policy describes. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement and legal teams at organizations acquiring Ancestry services should request copies of standard research partner agreement templates to assess GDPR Article 28 compliance. The policy's statement that partners are required to use data only for the stated research purpose should be verified against actual contractual language. (5) COMPLIANCE CONSIDERATIONS: Ancestry should maintain and be prepared to disclose (upon request under applicable law) a list of research partner categories. Internal audits of research partner agreements for GDPR, CCPA, and state genetic privacy law compliance are advisable. Consent capture records for research participation should be maintained to demonstrate the specific scope of consent granted.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Opting into research means your genetic information leaves Ancestry's systems and goes to third parties, even if under contract. Understanding what research purposes are covered and how partners are vetted is important for consumers sharing sensitive genetic data.
Research opt-in consent authorizes your genetic data to be shared with third-party research partners outside Ancestry's direct control. The policy states these partners are contractually bound to confidentiality and purpose limitation, but consumers should review research consent terms carefully before opting in.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Ancestry.