Reviewed by ChronosGenomics Research Team
RESEARCH-VERIFIEDOur independent genomics research team analyzes DNA testing services through multi-source research: 500+ verified user reviews, official technical specifications, peer-reviewed validation studies, and community feedback from genomics forums. We maintain reviewer anonymity for editorial independence. All technical claims are cross-referenced against scientific literature and official documentation.
Research areas: WGS vs SNP array technical comparison • Biological age testing methodology validation (DunedinPACE, GrimAge2) • Genetic data privacy policy analysis • Q30 score benchmarking • DNA database size verification • Raw data format compatibility (VCF, BAM, FASTQ) • GDPR/CCPA compliance auditing
DNA Test Privacy Comparison 2026
Your DNA is the most permanent identifier you have — it cannot be changed like a password. After 23andMe's bankruptcy, a breach exposing 6.9 million users, and growing law enforcement interest in consumer DNA databases, understanding how each company handles your genetic data has never been more critical.
Based on privacy policy analysis, published breach reports, regulatory filings, and publicly available court documents. Eight companies compared across seven privacy dimensions.
Short Answer
Dante Labs (GDPR-compliant, Italian/EU jurisdiction, data deletion available) and Sequencing.com (SOC 2 Type II certified, user controls data sharing) offer the strongest privacy protections among consumer DNA testing companies. FamilyTreeDNA has the weakest privacy — it explicitly allows law enforcement database searches. 23andMe is a moderate risk due to its 2023 data breach affecting 6.9 million users and ongoing bankruptcy. Source: published privacy policies, GDPR compliance records, and BBB filings as of February 2026.
Quick Privacy Verdict
Most Transparent Privacy
Dante Labs
EU/GDPR jurisdiction (Italy). Enforceable right-to-deletion. Research sharing is opt-in only. No breach history according to public records.
Full Dante Labs reportBlockchain Ownership Model
DNA Complete
Markets blockchain-based data ownership and anonymous testing. Note: parent company ProPhase Labs filed Chapter 11 for lab subsidiaries (Sept 2025); class-action alleges third-party data sharing.
WGS provider comparisonHighest Caution
23andMe (post-bankruptcy)
2023 breach exposed 6.9M users. Post-bankruptcy ownership under TTAM. Long-term privacy governance still evolving. Consider downloading your data.
See alternativesPrivacy Comparison Table
Based on privacy policy analysis, publicly available breach records, regulatory filings, and published law enforcement cooperation disclosures. All policies verified as of March 2026.
| Provider | Jurisdiction | Data Deletion | Law Enforcement | Breach History | Third-Party Sharing | Anonymous Option | Privacy Score |
|---|---|---|---|---|---|---|---|
| DNA Complete | US | Verified deletion | No LEA partnerships | No known breaches* | No sharing claimed** | Yes | HIGH |
| Dante Labs | Italy (EU/GDPR) | GDPR deletion | GDPR protections | No known breaches | Research opt-in | No | HIGH |
| Living DNA | UK (GDPR) | Full deletion | No LEA partnership | No known breaches | No sharing | No | HIGH |
| Sequencing.com | US | Full deletion | Not disclosed | No known breaches | Optional | No | MEDIUM |
| AncestryDNA | US | 30-day deletion | Responds to valid warrants | No major breaches | Research opt-in | No | MEDIUM |
| MyHeritage | Israel | Full deletion | Local law | 2018 breach (92M emails) | No sharing | No | MEDIUM |
| FamilyTreeDNA | US | Full deletion | Openly cooperates with LEA | No known breaches | Yes (LEA access) | No | LOW-MED |
| 23andMe (TTAM) | US (TTAM) | Available | TTAM committed to honor policies | 2023 breach (6.9M users) | TTAM committed to restrictions | No | CAUTION |
Sources: Company privacy policies (verified March 2026), NPR (June 2025), US House Oversight Committee, HaveIBeenPwned breach records, SEC/court filings.
*DNA Complete: No breaches in public records, but parent company ProPhase Labs filed Chapter 11 for lab subsidiaries (Sept 2025). **A class-action lawsuit alleges data was shared with Meta, Google, and Microsoft — the case is ongoing and unresolved as of March 2026.
Deep Dive: Key Privacy Concerns
Law Enforcement Access to DNA Databases
Highest Risk: FamilyTreeDNA
According to FamilyTreeDNA's privacy policy and public statements, the company openly cooperates with law enforcement for cold case investigations. In 2019, FamilyTreeDNA confirmed it had allowed the FBI to upload DNA profiles to search their database. This cooperation is voluntary and confirmed in their published privacy policy. Source: BuzzFeed News.
Moderate Risk: AncestryDNA
According to AncestryDNA's transparency report, the company responds to valid legal warrants but does not voluntarily cooperate with law enforcement or allow database searches. AncestryDNA publishes a yearly transparency report detailing government data requests.
Strongest Protections: EU-Based Companies
Dante Labs (Italy) and Living DNA (UK) operate under GDPR, which imposes stricter requirements on law enforcement data access, requires data minimization, and provides enforceable individual rights. Neither company has disclosed any law enforcement partnerships.
Data Breach History
23andMe — October 2023
A credential-stuffing attack exposed data from approximately 6.9 million users, including names, birth years, ancestry results, and DNA Relatives matches. According to published reports, attackers used leaked passwords from other services to access accounts. The breach led to a $30 million class-action settlement. Source: Science journal.
MyHeritage — June 2018
Approximately 92 million email addresses and hashed passwords were found on a private server. According to MyHeritage's disclosure, no DNA data or family tree information was compromised — only login credentials. The company implemented two-factor authentication afterwards. Source: MyHeritage official statement.
No known breaches (as of March 2026): DNA Complete, Dante Labs, Living DNA, Sequencing.com, AncestryDNA, FamilyTreeDNA — based on publicly available records and HaveIBeenPwned data.
What Happens to DNA Data in Bankruptcy?
The 23andMe bankruptcy highlighted a major gap in genetic privacy law: when a company goes bankrupt, customer DNA data can be treated as a business asset and sold to the highest bidder. Here is what happened and what it means:
23andMe (March 2025)
Filed Chapter 11 bankruptcy. Customer genetic data was classified as a transferable asset in the proceedings. Anne Wojcicki purchased the company through TTAM Research Institute (a nonprofit) for $305 million in June 2025, beating a competing bid from Regeneron. Source: NPR, June 2025.
ProPhase Labs / DNA Complete (September 2025)
ProPhase Labs filed Chapter 11 for its laboratory subsidiaries, which includes DNA Complete's testing infrastructure. According to court filings, consumer data protections in this case remain subject to ongoing legal proceedings. A separate class-action alleges DNA Complete shared data with Meta, Google, and Microsoft.
The Regulatory Gap
According to the US House Oversight Committee, there is no federal law specifically governing the sale of genetic data during bankruptcy. The Genetic Information Nondiscrimination Act (GINA) covers employment and health insurance discrimination but does not address data transfers during corporate sales. The Science journal published an analysis calling this "the precarious future of consumer genetic privacy." Source: Science, 2025.
GDPR vs. US Jurisdiction: Why It Matters for DNA Privacy
EU/GDPR Companies
Dante Labs (Italy), Living DNA (UK)
- + Enforceable right to deletion (Article 17)
- + Genetic data classified as "special category" with extra protections
- + Data Protection Officers required
- + Fines up to 4% of global revenue for violations
- + Explicit consent required for data processing
US-Based Companies
23andMe, AncestryDNA, FamilyTreeDNA, DNA Complete, Sequencing.com
- - No federal genetic privacy law for consumer testing
- - GINA covers employment/insurance only, not data sales
- - Data can be treated as a business asset in bankruptcy
- - Law enforcement access varies by company policy
- + Some states (CA, IL, MD) have genetic privacy laws
Key insight: For users who prioritize privacy protections backed by enforceable law (rather than company promises), EU-based providers like Dante Labs offer structurally stronger protections. Company policies can change; GDPR cannot be unilaterally overridden.
How to Protect Your Genetic Privacy
Regardless of which DNA test you have used, there are practical steps you can take to minimize your privacy exposure. These recommendations are based on privacy policy analysis and publicly available guidance from the Electronic Frontier Foundation and the Future of Privacy Forum.
Download Your Raw Data First
Before deleting any account, download your raw data file (typically a TXT or VCF file). This ensures you retain personal access to your genetic information. Most providers offer free raw data downloads. See our step-by-step data export guide for 23andMe users.
Opt Out of Research Programs
Most DNA companies offer optional research programs that share de-identified data with partners. Review your account settings and opt out if you do not wish to participate. According to privacy policy analysis: AncestryDNA, 23andMe, and Dante Labs all have research opt-in programs that can be disabled.
Request Sample Destruction
Many companies retain your physical saliva sample after testing. Request destruction of your biological sample in addition to digital data deletion. According to their privacy policies, AncestryDNA, 23andMe, and Dante Labs all offer sample destruction upon request.
Enable Two-Factor Authentication
The 23andMe 2023 breach was a credential-stuffing attack — attackers used passwords leaked from other services. Enable 2FA on all DNA testing accounts. According to user reports, AncestryDNA, 23andMe, and MyHeritage all support 2FA.
Use a Unique Email and Password
Create a dedicated email address for DNA testing services. Use a unique, strong password (ideally generated by a password manager). This mitigates credential-stuffing attacks like the one that compromised 23andMe accounts.
Consider EU-Based Providers for Stronger Legal Protections
If privacy is your primary concern, EU-based providers like Dante Labs or Living DNA offer GDPR protections that are enforceable by law, not just company policy. GDPR classifies genetic data as a "special category" with the highest level of protection.
Disable DNA Relatives / Matching Features
DNA matching features (23andMe DNA Relatives, AncestryDNA matches) expose your data to other users. If you are not interested in finding relatives, disable these features. Note: this was a vector in the 23andMe breach — attackers accessed data from matched relatives of compromised accounts.
Frequently Asked Questions
Which DNA test has the best privacy?
Based on privacy policy analysis, Dante Labs (Italy, EU/GDPR jurisdiction) and Living DNA (UK, GDPR) offer the strongest enforceable privacy protections. DNA Complete markets blockchain-based data ownership and anonymous testing, though its parent company's financial difficulties and an ongoing class-action lawsuit about data sharing should be considered. For the strongest legal protections, EU-based providers operating under GDPR offer structural advantages over US-based companies where privacy relies primarily on company policy.
Can police access my DNA test results?
It depends on the company. According to their privacy policy, FamilyTreeDNA openly cooperates with law enforcement for cold case investigations and has allowed the FBI to upload DNA profiles. AncestryDNA states it responds to valid legal warrants but does not voluntarily participate in law enforcement searches. EU-based companies like Dante Labs and Living DNA are subject to GDPR, which imposes stricter requirements on law enforcement data access. 23andMe's new owner TTAM has committed to honoring existing privacy policies.
What happened to 23andMe data after bankruptcy?
After filing Chapter 11 in March 2025, 23andMe was acquired by TTAM Research Institute — a nonprofit founded by co-founder Anne Wojcicki — for $305 million in June 2025 (NPR). TTAM committed to honoring existing privacy policies, allowing data deletion, and establishing a privacy advisory board. Customers received two years of free Experian identity monitoring. However, the earlier 2023 breach had already exposed 6.9 million users' data. See our 23andMe data sovereignty guide for steps to protect your account.
Should I delete my DNA data?
This depends on your personal risk tolerance. If you no longer use the service or are concerned about long-term data security, deletion reduces your exposure. Before deleting: (1) Download your raw data file so you retain personal access, (2) Request destruction of any stored biological samples, (3) Confirm deletion in writing. For 23andMe users specifically, reviewing your data sharing preferences is recommended given the ownership transition. EU residents have stronger deletion rights under GDPR Article 17. See our data export guide for detailed steps.
Intelligence Sources
Privacy Policies Reviewed
- 23andMe Privacy Statement (verified March 2026)
- AncestryDNA Privacy Statement (verified March 2026)
- Dante Labs Privacy Policy (verified March 2026)
- FamilyTreeDNA Privacy Statement (verified March 2026)
- Living DNA Privacy Policy (verified March 2026)
- MyHeritage Privacy Policy (verified March 2026)
- Sequencing.com Privacy Policy (verified March 2026)
- DNA Complete Privacy Policy (verified March 2026)
Reporting & Research
- NPR: 23andMe sale approved, raising DNA data questions (June 2025)
- Science: The precarious future of consumer genetic privacy (2025)
- US House Oversight Committee: DNA data safety report
- Fortune: Wojcicki buys back 23andMe for $305M (July 2025)
- MyHeritage: 2018 cybersecurity incident statement
- BuzzFeed News: FamilyTreeDNA FBI cooperation disclosure
- HaveIBeenPwned breach database (verified March 2026)
Related Intelligence Reports
DNA Privacy Risk Scores
Quantified privacy risk scores for every major DNA testing company.
23andMe Data Sovereignty
Step-by-step guide to exporting, protecting, and deleting your 23andMe data.
DNA Health Test Comparison
Side-by-side comparison of DNA health testing providers, including WGS options and privacy models.
AncestryDNA Report
Complete intelligence analysis including privacy, database size, and user consensus.
Take Control of Your Genetic Privacy
Your DNA cannot be changed like a password. Download your raw data, review your sharing settings, and make informed decisions about which companies hold your most personal information.