Modern Software Experience


Privacy International

privacy complaint against

The London based international privacy watchdog Privacy International has filed a complaint with the UK Information Commissioner’s Office about’s DNA testing service.

request immediate investigation and suspension

Privacy International notes that is likely in violation of European privacy and data protection laws at a very basic level, because it does not even provide clear information about the service; it appears to us that the practice substantially violates UK Data Protection law and we request that your office institutes an investigation without delay and seek the immediate suspension of the site’s DNA project pending legal review.

obvious questions unanswered

Privacy International provides the substance of the complaint under four headings; data storage, third party use of data, lawful access, impersonisation, legal compliance, ownership and control of data and communications.

Their complaint is a rude wake-up call for those who were lulled into a false sense of security by’s FAQ. Many fairly obvious questions about privacy protection, data retention, ownership, export of and trading in your data remain entirely unanswered.

violation of European data protection law

Privacy International observes that although has offices in several European countries and is offering its services through these offices to these countries, the British site does not even mention the EU Data Protection Directive, and that neither or The Generations Network is listed as certified under the Department of Commerce Safe Harbor program for export of personal data from the EU.

astute questions

Privacy International notes that the FAQ on the DNA section of is evasive on the point of lawful access to genetic data and genetic material and poses some astute questions.

For example, the FAQ says that information disclosure may occur as required by law., but whose law? What if the U.S.A. asks for data on U.K. citizens?’s minimal FAQ does not provide any clarity on these issues.

Another matter is that is offering the service, but the actual DNA testing is done by another company, Sorensen Genomics. does not make clear what its contract with Sorensen Genomics is, and what conditions have been imposed upon this business partner.

Just what does mean when it describes DNA data as transferable asset? That they own it and can sell it to third parties? has a matching service, but there is a way to opt out of the matching, and not be informed or have others informed of a match?

What if you want to opt out entirely, and do not want your genetic information stored any longer?

These are good questions to ask of any DNA service, but’s bad reputation for its less than unblemished business practices record does not serve to mitigate concerns.

paying for your own data

An issue that Privacy International did not raise, but certainly deserves attention, is that it is standard operation practice for to demand monies for access to data, including user-submitted data, even your own, and that has never considered offering the possibility to correct, update or delete data a priority. This raises the very real possibility that will use subscription fees as a roadblock to deter to those who wish to delete their data, so that can continue to sell access to and services around this data to third parties.