23andMe’s Stance on Protecting Customers’ Data

The following is from an article by Kathy Hibbs, 23andMe’s Chief Legal and Regulatory Officer, as published in the company’s blog:

“A Florida judge recently issued a warrant granting law enforcement access to search the database of GEDmatch, a small publicly accessible DNA and genealogy research site. Allowing law enforcement access to GEDmatch’s nearly one million users should trouble anyone who values people’s right to privacy.

“It certainly troubles us here at 23andMe.

“Perhaps just as disturbing is GEDmatch’s apparent lack of scrutiny and challenge of the validity of the warrant issued.

“According to reporting by the New York Times, the company opened up its database to law enforcement within 24 hours of the judge’s decision. Given this timing, it does not appear that GEDmatch exhausted all legal avenues to challenge the warrant. In contrast, if we had received a warrant, we would use every legal remedy possible. And to be clear, because our database is and always has been private, we don’t believe that this decision impacts 23andMe.”

There is a lot more information in the complete blog post at: https://blog.23andme.com/news/our-stance-on-protecting-customers-data/.


“because our database is and always has been private, we don’t believe that this decision impacts 23andMe.” So GlaxoSmithKline got nothing for their purchase?


This is a copy of what I senr to their blog: “At least 23&me is releasing a statement. There was a reason that 23&me was my very last choice in my **genetic genealogical** research. It was their original business model, medical-based DNA testing, that attracted single and rather overly secretive people looking for *genetic* evidence for real or perceived medical issues. This is not 23&me’s fault. That was the client they wished to serve and that kind of client is of almost no use to genealogists. Those type of clients are mostly unresponsive and I am guessing rather frightened of contact. As 23&me broadened their customer base to include non-medical testing for us, they forgot to isolate the medical-tester matches. That new total database number of clients included all the previous mostly useless medical clients. That was bait. If the medical issue group wants true privacy, they should have never actually been made matches with us ( unless they opt in to be visible ), nor should 23&me inflated the number of potential matches useful to us. To be truthful, genealogists can be very clever people. We commonly deal in mysterious connections and vague data. It does not take that much to actually track someone down….who are only guilty of being a cousin, at worst, a father who abandoned a pregnancy. Frankly, I would not even bother with cousinship of the unresponsive…beyond one or two “Hello cousin” messages, if at all. Too busy being productive.”


    It’s my understanding, from our family’s personal experience, that 23andMe was started for medical research. My mother, who had a rare form of blood cancer (rare enough to be termed an orphan disease where little research is conducted due to lack of demand and funding) was a patient of the doctor at Stanford who developed the test. Years before it became accessible to the public, he made it available to all of his patients to see if perhaps there was some other link genetically, geographically, etc between them that might give insight into the origin of their disease. You’re right, they probably should have segregated the original testers. I’m sure they’re all dead by now , like my mom. She’s one of those annoying people who don’t respond to emails.

    Perhaps it’s important to remember that not every potential situation in every new business model can be though through while its growing as quickly as this field is growing.

    Perhaps it’s important to understand that family members don’t always have access to the original testers login. Perhaps many people having the tests for difficult medical reasons are mildly curious about genealogy and not daily, weekly or even monthly researchers and they decided in their DOCTORS office to opt in to the general pool.

    I happen to be a 20 year genealogy enthusiast and have tested my entire family on Ancestry. Before Ancestry offered it, I tested my brother on 23andMe. I too am anxious to see what will unfold and hope and pray our privacy is protected. I also look at the comments about “non responders” with a little bit of irritation.

    Liked by 1 person

I find this amusing. Here are two Goliaths posting what can only be a “marketing” response to the Florida case. Any company who can afford a “Chief Privacy Officer” (Ancestry: $757 million revenue) and a “Chief Legal and Regulatory Officer” (23andME: $474 million revenue) can afford to pay lots of attorneys to challenge the Florida judge’s ruling. But two guys who, along with five volunteers, run a website on a shoestring can’t afford to get tied up in a prolonged court battle. Even 23andME admits that GEDmatch is “…a small publicly accessible DNA and genealogy research site.”
Ancestry and 23andMe gets “good” publicity at the expense of “bad” publicity for GEDmatch. Rather than encouraging GEDmatch to defend the warrant (in other words, give them some money to defend it), they instead want to point fingers at GEDmatch rather than at the judge who issued the order in the first place. It sure appears to me that Ancestry and 23andMe would love to see GEDmatch disappear.
For all of you out there who think that GEDmatch is a huge corporation with deep pockets, I’d suggest you search the web and find out more about them. Or better yet, subscribe to their service for $10 and help them build a defense fund. However, you might want to check out what Ancestry and 23andMe charge first.
(I am also going to post this on the Ancestry article.)

Liked by 1 person

That’s a puzzling comment from a “Chief Legal and Regulatory Officer”. Is she writing about 23andme or GEDmatch?


Leave a Reply

Name and email address are required. Your email address will not be published.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <s> <strike> <strong> 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: