Paul Ellenbogen notes in an article at Freedom To Tinker that the terms and conditions at ancestry.com permit the usage of the results of genotyping DNA information submitted by users for the purposes of scientific study, in order to serve ‘relevant’ advertising to them. The pertinent part of the ancestry.com disclaimer can be found here: 

AncestryDNA strives to show relevant advertisements. To that end, AncestryDNA may use the information you provide to us, as well as any analyses we perform, aggregated demographic information (such as women between the ages of 45-60), anonymized data compared to data from third parties, or the placement of cookies and other tracking technologies…In these ways, AncestryDNA can display relevant ads on the AncestryDNA Website, third party websites, or elsewhere.*

The addition of the section about ‘analyses’ represents a quantum leap over the specific information that even the most avid data broker can garner from tracking beacons or cross-site scripting: one’s sex, age, propensity towards specific diseases and ethnicity, to name but a few of the 700,000 markers which DNA-submitters volunteer to the project, can all be deduced. Even specific genomic information which is currently difficult to interpret, either because of shortfalls in research, intra-linked dataset correlation and/or current processing limitations, sit ready to be far more easily ‘translated’ with later leaps of technology or data interpretation.

Ancestry.com’s promise to delete a user’s submitted genome samples on request doesn’t seem to afford much comfort if its characteristics have already been calculated, categorised and passed on to third-party marketing entities, who thereafter are likely to be able to associate the genomic information with the submitter, even after the sample has been withdrawn. Neither does the site’s promise of the security of the user’s data seem terribly comforting, since the very page on which these words appear…

We have security measures in place to attempt to protect against the loss, misuse or alteration of User data under our control…We use secure server software to encrypt financial information you input before it is sent to us and we only work with laboratories and third parties who have met and commit to our security standards.

…is itself insecure:

ancestrydotcom-insecure

It is interesting, and a little chilling, to examine the source code of the host page and glance through JavaScript which is ‘iterating’ the characteristics of the user and their session, including an ‘Ethnicity mapbox’ and a connection to the Omniture online marketing and web analytics system.

In a period where the longevity of online personal information and the ethical treatment of it is such a topic of contention; where data broking companies claim to have as much as 1,000 marketable pieces of information about you personally, even without analysing your blood; and where decisions about the dissemination of personal data is as much in the hands of hackers as under the care of lawyers that you don’t know…it does seem reasonable to at least wonder if letting your very DNA be used to sell you advertising is really a good idea.

*My emphasis

Home