Tooling

Genealogy Privacy & Ethics

Living-person data, GDPR, DNA matching ethics, IGG, adoption / misattributed parentage — the hard questions.

Genealogy lives in a tension between research transparency and personal privacy. DNA testing made the questions sharper: matching unintentionally outs adopted relatives, exposes misattributed parentage, and (post-2018) supports law-enforcement investigations. This page is the ethics + practice survey. Pair with Genealogy DNA Testing Services, Genealogy DNA Third-Party Analysis, and Genealogy Adoption & Unknown Parentage.

Living-person data

  • Default: don't post living people publicly. Most genealogy software has a "privatize living people" GEDCOM export option. Use it.
  • The 100-year rule — most jurisdictions consider records of people who died 100+ years ago to be acceptable to publish. Birth records of living people generally are not.
  • GDPR (EU) and similar — data of deceased people is generally not personal data under GDPR (though some EU countries extend protection 30+ years post-mortem). Living people's data is GDPR-regulated; data subject rights apply.
  • California / state privacy laws — CCPA / CPRA cover living California residents; act accordingly if hosting US-based.
  • WikiTree convention — living people are private by default, edits restricted to Profile Manager + Trusted List.
  • Family software (Gramps, RootsMagic, webtrees) — settings to hide living people in published outputs.
  • Photos of living people — request consent before publishing online.

DNA matching ethics

The DNA-matching shoe drops in three particular cases:

  • Adoption — DNA matches reveal biological parents who may not have wanted contact. Conversely, adoptees finally find biological family. The asymmetry is hard.
  • Misattributed parentage (NPE / not-the-parent-expected) — DNA matches reveal that great-grandfather wasn't actually the genetic ancestor. The "family secret" surfaces unintended.
  • Donor-conceived people — DNA testing has effectively ended donor anonymity worldwide. Sperm / egg donors who were promised anonymity in the 1990s are findable now.
  • Sibling discovery — half-siblings unknown to either side surface frequently.

Best-practice norms

  • Don't out family secrets without consent. When you're the person who tested and got the surprise match, you don't owe disclosure to anyone — but if you do disclose, be careful.
  • The "warm-tea, cold-tea" approach — frame contact gently. Don't message a match cold with "I'm your half-sister."
  • Search Squad / DNA Detectives Facebook groups — communities with ethical guidelines; experienced "search angels" help adoptees + NPE folks navigate.
  • Confidentiality — don't publish another person's DNA results without permission, even on a private tree.
  • Mental-health awareness — discoveries are seismic for some people; be ready to step back if a match needs space.

Forensic Genetic Genealogy (IGG / FIGG / IGG)

The Golden State Killer case (2018) was identified using GEDmatch. Hundreds of cold cases since. The ethics:

  • Pro: identifies perpetrators of unsolved violent crimes; identifies unidentified human remains (Jane/John Doe).
  • Con: uses DNA from people who didn't consent; raises Fourth Amendment / state law questions; possibility of false matches; possibility of corporate / state-sponsored expansion beyond violent-crime use.
  • GEDmatch Pro / law-enforcement matching — opt-in only since 2019; users must explicitly enable. Most users don't opt in.
  • FamilyTreeDNA — controversial 2018 disclosure that they had been allowing FBI matching by default; changed to opt-in after backlash.
  • Ancestry / 23andMe / MyHeritage — do not allow law-enforcement matching against their databases.
  • DNA Doe Project / Othram — IGG used to identify human remains (less controversial than perpetrator-id).
  • State laws — Maryland (2021) restricted IGG; California (2021) GIPA expanded protections; Florida (2023) added consent requirements; more states following.

Honest position

  • The privacy debate is unresolved. Researchers in this space document their consent posture (opt-in or opt-out at GEDmatch) and apply it consistently.
  • The "I'm not opting in" choice is principled. So is "I'm opting in to help cold cases." There isn't a single right answer.

23andMe data breach (2023–2025) aftermath

  • October 2023: ~7M users' data exposed via credential-stuffing attack on relative-matching tool.
  • 2024 class-action settlement: ~$30M; user data anonymized differently.
  • 2025 bankruptcy filing: 23andMe (the company) filed Chapter 11; data ownership changes are a real risk to monitor. Pricing + features unstable.
  • Migration: users have moved kits to MyHeritage / FamilyTreeDNA / GEDmatch.
  • Lessons: treat consumer DNA kit data as breach-prone; download your raw DNA periodically; don't rely on a single vendor.

Privacy practices for the family historian

  • Separate trees — public tree with privatized living people, private working tree with full data.
  • Encrypt backups — see Backup & Disaster Recovery.
  • Two-factor auth on all genealogy services — Ancestry, MyHeritage, 23andMe, FTDNA, GEDmatch.
  • Tailscale / VPN — when accessing self-hosted Self-Hosted Files & Cloud and DMS in Self-Hosted Document Management.
  • Strong passwords + manager — see Self-Hosted Passwords.
  • Personal data minimization — when a record's only purpose is verifying a relationship, do you need the SSN? Probably not.
  • Consent record — keep notes on who in the family has consented to what level of sharing.

Specific ethical scenarios

  • An ancestor's mental-health record / criminal record / illegitimate birth — these are facts but historically embarrassing to descendants. Convention: include in private records, redact in public publications, discuss with living family before posting.
  • Holocaust / genocide ancestors — handle with respect; many descendants want truth but also family-narrative sensitivity. JewishGen + Yad Vashem have norms. See Genealogy By Country (Jewish/African/Asian).
  • Slavery + Beyond Kin Project — ethical methodology for tracking ancestors enslaved in others' households. Be a partner, not a tourist.
  • Indigenous ancestor claims — DNA-debunked "Cherokee princess" stories should be examined respectfully, not weaponized.
  • Children's data — especially careful with anyone under 18.
  • Ancestor's spouse from another family who DNA-tested but isn't blood-related to your line — their DNA is theirs; treat accordingly.

Professional norms

  • APG Code of Ethics — paid membership but the code is free to read; sets expectations for paid genealogists.
  • BCG Genealogist's Code — free; certified genealogists pledge to it.
  • Academic IRB-style consent — when interviewing relatives for oral history, document consent; see Genealogy Oral History & Story Recording.

What's changing in 2024–2026

  • State privacy laws expanding — more state restrictions on IGG; consumer DNA-data protection laws.
  • 23andMe future uncertain — bankruptcy aftermath; data custody questions ongoing.
  • EU AI Act 2024+ — implications for AI-genealogy services using personal data.
  • Donor-conception laws — UK + several countries removed donor anonymity; legacy donor-anonymity promises cannot be honored anymore.
  • Privacy-vs-research debate intensifying; genealogy community working on shared norms.

Pick this practice if…

  • Default privacy posture: privatize living people in all public outputs; encrypt backups; 2FA everywhere.
  • DNA-matching surprise discovery: consult Search Squad / DNA Detectives community; warm-tea contact approach.
  • Adoptee searching biological family: Genealogy Adoption & Unknown Parentage.
  • Posting research publicly: redact living-person data + recent records; cite sources; ask living family before sharing photos.
  • DNA kit + IGG concerns: consider opting out of GEDmatch LE matching; choose Ancestry / MyHeritage / 23andMe (which don't allow LE matching) over FTDNA's optional opt-in.
  • Data-breach-resilient posture: download raw DNA regularly; multi-vendor strategy; assume any cloud service may be breached.