If you take an AncestryDNA test, your genetic information is governed by a separate set of terms and a separate privacy statement, and you may be asked to consent to your DNA data being used for research or shared with third-party partners.
This analysis describes what Ancestry's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Genetic data is among the most sensitive personal information a person can share, and the layered consent structure, where core terms reference but do not fully replicate the AncestryDNA-specific terms, means users must navigate multiple documents to understand the full scope of how their DNA data may be used or shared.
Interpretive note: The precise scope of third-party research data sharing and the granularity of consent options available to users is governed by the separate AncestryDNA Terms, which are not fully reproduced in this document, creating interpretive uncertainty about the full data use picture.
The updated Terms footer no longer includes a direct link to 'Do Not Sell or Share My Personal Information,' a disclosure mechanism required under California's CCPA. California residents retain the legal right to direct Ancestry not to sell or share their personal information, but the footer no longer provides a prominently placed navigation point to exercise that right. Ancestry's privacy notice continues to reference CCPA compliance and provides other disclosure language, but the specific footer link has been removed.
View change record →The updated terms reduce the out-of-pocket costs consumers must pay to arbitrate disputes against Ancestry. Previously, consumers and Ancestry shared filing fees, arbitrator fees, and hearing expenses equally unless an arbitrator found the arbitration frivolous; now, if an arbitrator determines the arbitration is non-frivolous, Ancestry covers all JAMS-invoiced fees. Separately, the revised terms establish that Ancestry will pay all mediation fees, whereas both parties previously shared this cost. The removal of language describing alternative AAA procedures narrows the stated dispute resolution pathway.
View change record →California residents who rely on the Terms and Conditions footer to find the option to request that Ancestry not sell or share their personal information will no longer see that link in that location. While the underlying CCPA right to opt out likely remains available, the removal of this navigation path from the terms page makes the right less discoverable. California residents should verify that they can still access opt-out functionality through Ancestry's website or contact the company directly if they cannot locate the feature.
View change record →Removal of reference to separate AncestryDNA Terms and limitation of third-party research partner sharing to consent-based model, now replaced by simpler integrated DNA provision.
View full change record →AncestryDNA customers are subject to a second layer of terms governing genetic data use, including potential sharing with third-party research partners, and must actively review and manage consent choices within the AncestryDNA platform to control how their most sensitive biometric data is used.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
Ancestry has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If you use AncestryDNA, the AncestryDNA Terms and Conditions and Privacy Statement also apply to you. Those terms govern our collection and use of your DNA data and the data of others whose DNA you submit. Your DNA data may be used for research purposes, including being shared with third-party research partners, subject to the consent you provide under the AncestryDNA Terms.— Excerpt from Ancestry's Ancestry Terms and Conditions
REGULATORY LANDSCAPE: Genetic data is subject to specialized regulatory frameworks including state genetic privacy laws in California (GIPA), Texas, Illinois, and other states. The FTC Act and, to the extent health implications arise, HHS frameworks may also be relevant. GDPR and UK GDPR classify genetic data as a special category requiring explicit consent under Article 9. The incorporation by reference of a separate DNA terms document creates a multi-document consent structure that regulators in the EU have scrutinized for transparency and granularity. GOVERNANCE EXPOSURE: High. The use of genetic data for research purposes and potential sharing with third-party research partners represents one of the highest-sensitivity data processing activities in consumer services. Regulators globally are increasing scrutiny of consumer genetic data platforms, and the adequacy of consent mechanisms for secondary research uses is a live enforcement area. JURISDICTION FLAGS: California's Genetic Information Privacy Act imposes specific requirements on the collection and use of genetic data. Illinois BIPA considerations arise due to the biometric-adjacent nature of DNA data, though direct BIPA applicability to DNA data specifically is subject to legal debate. EU and UK users benefit from GDPR Article 9 protections requiring explicit consent for genetic data processing. Texas and other states with genetic privacy statutes also create heightened exposure. CONTRACT AND VENDOR IMPLICATIONS: Third-party research partnerships involving AncestryDNA data should be assessed for adequacy of data processing agreements, particularly regarding the onward transfer of genetic data to research institutions. Due diligence should confirm that third-party recipients are bound by equivalent data protection standards and that the consent chain is documented and auditable. COMPLIANCE CONSIDERATIONS: Compliance teams should map the full consent flow across both the main ToS and the AncestryDNA Terms to ensure that users are presented with a clear, layered, and legally sufficient consent mechanism for each distinct use of genetic data. Consent granularity for research uses should be evaluated against GDPR, CCPA, and applicable state genetic privacy law requirements. Data retention and deletion capabilities for genetic data should be specifically audited given the heightened sensitivity.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Genetic data is among the most sensitive personal information a person can share, and the layered consent structure, where core terms reference but do not fully replicate the AncestryDNA-specific terms, means users must navigate multiple documents to understand the full scope of how their DNA data may be used or shared.
AncestryDNA customers are subject to a second layer of terms governing genetic data use, including potential sharing with third-party research partners, and must actively review and manage consent choices within the AncestryDNA platform to control how their most sensitive biometric data is used.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Ancestry.