New GDPR rules

Question

Is this page still accurate?

https://www.wikitree.com/wiki/Help:Anonymization

Are anonymous people going to survive the transition?

Will we have the option to delete unlisted profiles since they will no longer be helpful?

Case in point.

In research it is helpful to know what surnames are included in an ancestors descenancy.  This way, when we see a new relative that takes a DNA test, but is not very far along in their genealogy research, we can get an idea of where they fit. They may choose to share their parents and grandparents surnames, but keep their personal information private.

Judging who they match with me, I might have a hunch who their 5g parents are. If however, their unlisted grandparents and parents dont show up in a descendants tree, that information is much harder to validate.  

The point is, we are doing research on our ancestors, not on the living people. Referring to them only as Anonymous LASTNAMEATBIRTH, shows us only surnames. We didnt even have to enter birthdates in the past, but now we at least have to offer a guess of one.  If we do not identify the test taker, or the company, or their gedmatch id, their gender, etc.. just knowing that a descendant took a DNA test, and the trail of surnames to get to descendents, helps us in finding out more about our ancestors.

GDRP does provide us use of information for reseach purposes and genealogy is considered an area of research. Also, if we do not uniquely identify an individual or any of their personal information we should be within the guidlines.

Answer 1

Lance,

Thanks so much for bringing up the point about Anonymization.  The GDPR applies to personally identifiable information (PII).  The GDPR shouldn't apply to anonymized persons per this link:

Recital 26 of the GDPR says: “the principles of data protection should not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes”.

A GEDmatch ID is PII.  However, I do not believe that "Anonymous Smith had a 23andMe test" or that "B. Jones had a MyHeritage test" are PII when neither the person nor the test are identifiable.  If this is not deemed sufficient by some, then the parents could also be Private or Unlisted.

Hopefully the powers that be at Wikitree will consider options other than deleting DNA tests when the person can be sufficiently anonymized.

Kerry 

Comments

Yes It certainly seems like we are taking a sledgehammer to do the work of a scalpel. 

Instead of targeting big multinational data processors and corps with tons of computing power and programmers, the target seems to be normal people doing genealogy. 

If indeed there was a deep concern about protecting data from people who arent using wikitree for genealogy, then I am surprised that wikitree is not getting rid of all of the contributions logs and corrections logs thought out the system. 

They contain enough information to recreate a lot of the information we are now trying to hide.  Lines like:

20:00: You added Rhoda (Jessup) Woodard as spouse for John Woodard.

or the actual

<span class='HISTORY-ITEM'> 20:00: <a href="https://www.wikitree.com/wiki/Martin-15906" title="Martin-15906">You</a> added <a href="https://www.wikitree.com/wiki/Jessup-695" title="Jessup-695">Rhoda (Jessup) Woodard</a> as spouse for <a href="https://www.wikitree.com/wiki/Woodard-2203" title="Woodard-2203">John Woodard</a>.</span>

can be used by big corps to actually rebuild the work that is currently going to be deleted or hidden. 

---

But not legally.

---

True. Exactly why the DNA tests here should be allowed. There is no information which is of a protected nature saying anonymous took a DNA test. The illegal part is if someone were to use that information, do more research and find out who that anonymous person might be by consutling mutliple other sources, go to the testing facility, and get a report of that persons actual DNA sequences then used that to do further processing.  Wikitree is not in the business or habit of collecting personal identifying information. It is in the business of genealogy research.  Now, I am not sure what the business side of Wikitree does, which may be to sell the relationships we estabilsh here to other businesses which are not  geared toward genealogy, but from everything I have read, wikitree is not doing that either.

---

People really aren't anonymous if they are attached to a tree. And if they are truly anonymous and can't be identified, what's the point of having them on WikiTree?

---

"People really aren't anonymous if they are attached to a tree."  That would suggest that even Unlisted status is insufficient.

I think a more appropriate term for this discussion is pseudonymization.  Regarding this (link):

1. Pseudonymization is recommended where feasible in the GDPR.

Along with encryption of personal data, pseudonymization is explicitly mentioned as one of the “appropriate technical and organisational measures to ensure a level of security appropriate to the risk”. In other words; it is recommended, where appropriate and feasible as Article 32(1,a) of the GDPR (the text we just mentioned) states.

"And if they are truly anonymous and can't be identified, what's the point of having them on WikiTree?"  It's already the case on Wikitree that a person's profile name often does not match their name on a DNA testing site.  One reason for keeping even a pseudonymized DNA connection is to support "confirmed by DNA" relationships and confirmation statements as Wikitree's current procedure is that each cousin must have a DNA test recorded.

---

Unlisted probably is insufficient for the GDPR. But I'm not a lawyer so I'm not certain. It probably reduces the likelihood of someone complaining to an authority about their data being exposed.

I think the confirmed by DNA stuff is being looked at by the DNA project so maybe having a test attached will no longer be required.

---

I respectfully disagree.

It isn't until you add a name and/or birthdate to the anonymous profile which start to impinge on the anonymity. The beauty of using Anonymous and not putting a birth date and making it red security is that you would not be able to find it, unless you already knew the people in the tree and how they were related to Anonymous.

The benefit of having anonymous listed, is say I knew John Doe and Jane Smith were related via DNA tests that they shared.  I also knew that John Doe and Jane Smith were related to me but I didnt know how.  By building their trees using Anonymous Doe and Anonymous Smith (and anonymous for any other of their living ancestors), plus a marker stating that they had taken a DNA test I am not revealing any protected information. When I find their share ancestor, I can begin looking at this ancestor and determining how they might be related to me.

Also, by doing this research, and keeping their tree with either red or yellow privacy, others who are doing similiar research, who also know of the relations already, will have access to the information and in turn will not create duplicate profiles and can use the anonymous profiles already in place to build upon.

I can already do this at Ancestry. Adding living people wether they like it or not is fine in Ancesty. What happens however, all identifing information is stripped away however, but if someone looks at my tree, they can still see blank individuals and their relatives, they can even see the sex (something I have begun omitting from my anonymous profiles as well)

---

Even if they had "red" privacy, you could look at which profiles their DNA test showed up on, and with a last name could figure out who they are pretty easily.

Kerry didn't mention this, but in the article he linked it says pseudonymised data still counts as personal data that needs to be protected under the GDPR. So it doesn't change the fact that people should be able to consent to their data being shown.

---

You could almost figure it out, but only by going to other sources. The key part of the privacy thing is that you should not be able to discover birth date, address, genetic information, race, phone number, etc... from a site. An anoynmous red would require you to go to many other sites and try and guess who the person it refers to is. Unless it is actually a provable only child (not adoptive, given up for adoption, out of wedlock) impossible as far as I know, it is impossible to uniquely identify them without more information.

Even then, you would not have gleened any new information you did not already have. Therefore the case is moot. It would be the other sites that violated the law, not wikitree, it provided no identifying information, you had to research elsewhere to find it.

 

Also perhaps you need to define what "their data" is that you are talking about.  Is it "their data" that their grandparents had 15 grandchildren or is that the data of the grandparents?

---

A person should be able to consent to their own data being displayed. So stuff like their last name or the fact that they took a DNA test somewhere.

People Google themselves or their families and see that their person information was added to WikiTree by someone they don't know, and they get pretty upset.

Either way, nothing said here is going to change anything. This isn't our site, if it isn't compliant we won't be the ones getting fined, so we don't get to make the decision.

---

again Jamie, what do you mean by a person should consent to sharing "their data". What "data" are you talking about?  

You say, people shouldn't be able to share their last name. Does that mean wikitree cannot post anything with regards to MARTINs?  The law specifically states that the collector (wikitree) cannot collect the information to uniquely identify someone. That means it needs a first and lastname, birthdate, etc.. to uniquely identify someone. Wikitree has the capacity to make that collection impossible by making living people anonymous, closing their bio sections to edits and removing or generalizing the birth dates.

If I publish somewhere that 100 people caught the flu in San Francisco this year, does that mean that my data is being shared since I was one of the 100 that caught the flu? Or perhaps my data is violated because I was on of the people that did not catch the flu?  My point is, the data has to be uniquely identifying. That is what GDPR protects - Unique.