Consent & Privacy

Date: [unknown] [unknown]
Location: [unknown]
Surnames/tags: Consent Privacy

Consent and Privacy For Genealogic DNA Testing & Research

Originally my notes on the topics of consent and privacy, this summary is shared for reference and discussion. Refer to Genetic Genealogy Standards and other sources indicated.

I welcome discussion in the public comments.

1. Obtain informed consent (oral or written) to submit a sample for genealogic DNA testing
   • Include delegated management or viewing of DNA results on testing sites
   • No human-tissue sample for genealogic testing without consent of the subject
   • An online alias can be used for testing and results
   • A non-identifying email address can be used for communications and account management
2. The test-subject has right of access to test results (matches & ethnicity), and raw DNA data files
   • Doesn't matter who paid for the test
   • By extension, the test-subject has the right to block such access, partially or wholly
   • The test-subject has the right to revoke or modify consent at a later date
   • Avoid "DNA bullying": abide by their decisions, without retaliation or threat
3. Obtain consent to share personal information online or with inquiring matches
   • Birth decade or birth year
   • City of birth
   • Given and surname; middle initial/name
   • Current city or address
   • Email or phone
   • Parental and sibling relationships
   • Spousal relationships
   • GEDcom family tree
   • Including non-public disclosures with individuals
   • Including aggregation of information from publicly available sources
4. Obtain consent to share DNA testing results online or with inquiring matches
   • Anything beyond the tools of the testing site itself
   • Including non-public disclosures with individuals
   • Specific authorization must be obtained to upload a living subject's DNA test to a public database.
   • Many (perhaps, most) test-takers are strictly interested in ethnicity (admixture) reporting, and have no interest in genealogic research. Respectfully approach persons with reported DNA matches for additional information, but acknowledge that test-takers have no obligation to respond, and that we cannot know the true reasons for their non-responsiveness.
5. Discuss the possiblity of unexpected results, and disruption of family relations
   • Even traditional genealogic record-research can have this effect.
   • May expose unexpected adoptions or misattributed parentage (i.e., "family secrets")
   • May reveal previously unknown family members (e.g., parents, siblings, or children), or unknown activities
   • May reveal errors in previously-understood ethnicity or family-tree research
   • Interpretations of DNA results can be ambiguous, which can lead to misunderstandings.
6. Health information
   • Not testing specific gene sequences or conditions; not as detailed as medical testing
   • SNP (genealogic) data may correlate with specific traits or medical information, now or in the future. ^[1]
   • Full-sequence Y-DNA or mito-DNA data can more readily reveal specific traits.
   • "Anonymized" DNA-sequence data used in research may still reveal the patient's identity. ^[2]
7. Legal implications
   • Uploading your DNA kit or a GEDcom family tree to an open database/website means a stranger can do genealogic research on you
   • That stranger could be a family member, but it could also be an adoptee, an unrelated person, a government, a corporation, or even law enforcement.
   • "Familial DNA search" can be done to identify criminal suspects, or investigate unidentified remains.^{[3] [4][5]}
   • The lack of a chain of custody means genealogic DNA is not evidentiary, but it is investigative. This opens the possibility of false accusations.
   • This is not detailed forensic (CODIS) testing, which is typically auto-STR, Y-STR, or mito-DNA ^[6]
   • In Jan 2019 it was revealed that Family Tree DNA was cooperating with law-enforcement access to their private database, as well as selling familial search services. ^{[7] [8] [9]}
   • By about 2021, about 90% of Americans of European descent will be identifiable by their DNA match results to public databases. ^{[2] [10]}
   • If you want distant family members to be able to find you, you will have to tolerate the other uses.
   • If you cannot tolerate those other uses, do not post your DNA on the web.
   • Genetic discrimination (employment, insurance, etc.) is a possiblity, and legal safeguards are developing (e.g., GINA).^[11] But it remains difficult to identify and prevent this type of activity.
   • The General Data Protection Regulation (GDPR) affords specific on-line privacy rights and protections to all living persons who reside within the European Union, and is binding on foreign companies that deal with the personal information of EU residents. "Consent must be explicit for data collected and the purposes data is used for." ^{[12] [13]}
8. Anonymity cannot be completely guaranteed by testing companies and third parties
   • The testing company has access to the primary data, so strict policies are in place to protect privacy.
   • Only use companies that can be trusted
   • Understand their testing and privacy policies in advance ^[14]
   • Testing or tree privacy may be superceded by a court order or a search warrant.
   • Clever researchers may still discover a test-taker's identity, despite use of an alias and a non-identifying email address.
9. Use anonymized results for scholarship, writing & teaching
   • Use redacted names and kit numbers in examples
10. We need to familiarize ourselves with the ethical guidelines that govern genealogy research and testing

Specific Issues

• Wikitree profile & tree privacy
  • Use Wikitree privacy controls to protect living subjects. ^{[15] [16]}
  • WikiTree members control the "Trusted List" and specific content of their own profile.
  • Set all profiles of living people as "Unlisted"^[17], unless they are a member.^[18][19]
  • Only those on the "Trusted List" of an Unlisted profile can see the personal details.
  • Living members can have a profile which is Private with limited public information ^[15][20]
    • Private with a Public Biography (with limited biographic information)
    • Private with a Public Family Tree
  • Can suppress spousal relationships while showing parental ones (divorcé; bio-parent; NPE)
  • Limit 'Trusted-List' access for editing and viewing
  • If you include an email address on a living profile, the subject will be invited to join as a member. ^{[20] [21]}
  • If they accept, they can control their own profile, and be added to the "Trusted List" of their living relatives.

• Wikitree sharing of DNA results
  • Do not post a DNA kit number on a living profile unless they are a member.^[18] [In fact, a wikibot will remove it.]
  • You can indicate that a living person has taken a DNA test if you have full access to their DNA test information, and their explicit permission to discuss it.

• GEDmatch.com (and other third-party) privacy and sharing of results
  • To make DNA results available to others for testing and matching purposes, the kit ID of the DNA test result must be public, not research
  • GEDmatch test-taker and email contact can be anonymized with an alias and a non-identifying email account
  • Original SNP and full-sequence data are not available on GEDmatch.com, but anyone with the DNA kit number can perform the same functions as the provider of the DNA data.
  • Comparisons are done with kit ID's, not primary data
  • Chromosome segments are indicated by position and length, not sequence
  • You can indicate that a living person has taken a DNA test if you have full access to their DNA test information, and their explicit permission to discuss it.
  • Only upload the DNA test results of a living person to GEDmatch if they have granted specific authorization to do so. ^[22]
  • mitoYDNA.org operates under similar privacy constraints ^[23]

Sources

1. ↑ Cystic Fibrosis: A Case Study in Genetic Privacy The DNA Geek
2. ↑ ^{2.0 2.1} Identity inference of genomic data using long-range familial searches, Science Magazine, Oct-2018
3. ↑ Police used consumer genealogical websites to identify Golden State Killer suspect LA Times
4. ↑ Genealogy and the Golden State Killer The DNA Geek
5. ↑ Genealogists Turn to Cousins’ DNA and Family Trees to Crack Five More Cold Cases, The New York Times, June-2018
6. ↑ What is Forensic DNA Testing? DNA Diagnostics Center
7. ↑ Russell, Feb 2019
8. ↑ Larkin, Jan 2019
9. ↑ G2G, www.wikitree.com/g2g/764685/ftdna-and-privacy
10. ↑ Most White Americans’ DNA Can Be Identified Through Genealogy Databases, The New York Times, Oct-2018
11. ↑ Genetic Information Nondiscrimination Act Wikipedia
12. ↑ General Data Protection Regulation (GDPR) Wikipedia
13. ↑ Common Sense and GDPR DNAeXplained
14. ↑ Privacy policies, consent forms and terms and conditions ISOGG Wiki
15. ↑ ^{15.0 15.1} Privacy WikiTree
16. ↑ Honor Code WikiTree
17. ↑ Help:Privacy WikiTree
18. ↑ ^{18.0 18.1} Significant privacy-related changes to WikiTree for GDPR G2G
19. ↑ Unlisted profiles on WikiTree GDPR FAQ
20. ↑ ^{20.0 20.1} How to invite a relative to become a Family Member of WikiTree GDPR FAQ
21. ↑ Help:Invitations WikiTree
22. ↑ Terms of Service and Privacy Policy GEDmatch.com
23. ↑ TOS and Privacy Policy, mitoYDNA.org

• Bettinger, B T. "3. Ethics and Genetic Genealogy", in The Family Tree Guide to DNA Testing and Genetic Genealogy (Blue Ash, OH: Family Tree Books, F+W Media, 2016), 35-48
• Cooper, K. "The Worry about DNA privacy and GEDmatch," Sep 2014. Kitty Cooper's Blog. blog.kittycooper.com/2014/09/the-worry-about-dna-privacy-and-gedmatch/
• The Genetic Genealogy Standards Committee. "Genetic Genealogy Standards," Jan 2015 www.thegeneticgenealogist.com/wp-content/uploads/2015/01/Genetic-Genealogy-Standards.pdf Standards for test takers and those who advise them
• Larkin, L. "FTDNA Opens the Door to the Cops." The DNA Geek, 31 Jan 2019. thednageek.com/ftdna-opens-the-door-to-the-cops/
• National Genealogical Society. "Guidelines for Sharing Information with Others," Sep 2018. ww.ngsgenealogy.org/wp-content/uploads/NGS-Guidelines/Guidelines_SharingInfo2016-FINAL-30Sep2018.pdf
• Russell, J G. "Skillbuilding: The Ethics of DNA Testing," Jan 2015. Board for Certification of Genealogists. bcgcertification.org/skillbuilding-the-ethics-of-dna-testing/
• Russell, J G. "Opening the DNA floodgates." The Legal Genealogist, 1 Feb 2019. www.legalgenealogist.com/2019/02/01/opening-the-dna-floodgates/