Privacy Blog

"Friends don’t let friends get spied on.' – Richard Stallman, President of the Free Software Foundation and longtime advocate of privacy in technology.

GEDmatch Implements Required Opt-In for Law Enforcement Matching and Privacy Issues

GEDmatch is an open data personal genomics database and genealogy website founded in 2010 by Curtis Rogers and John Olson. Its main purpose is to help “amateur and professional researchers and genealogists,” including adoptees searching for birth parents. However, it recently has also become “the de facto DNA and genealogy database for all of law enforcement,” according to The Atlantic’s Sarah Zhang.

GEDmatch recently gained a lot of publicity after it was used by law enforcement officials to identify a suspect in the Golden State Killer case in California. Other law enforcement agencies started using GEDmatch for violent crimes, making it one of the most powerful tools available for identifying “cold case” criminals.

Sadly, the same site also has generated a lot of controversy involving the lack of privacy of personal DNA information, both for the people who uploaded their own DNA data and especially for the relatives of the uploaders whose DNA information also was included without their permission and usually without their knowledge. Such blatant disregard for personal privacy may be a violation of privacy laws in many countries.

The GEDmatch owners have now tightened the web site’s rules on privacy. The result is expected to make it much more difficult for law enforcement agencies to find suspects.

Judy Russell, often referred to as “The Legal Genealogist,” has written an explanation of the issues involved and the reasons for the decision by the GEDmatch owners. Judy wrote:

“The new system fully conforms to all legal definitions of informed consent — particularly in light of the candid admission in the terms that GEDmatch can’t promise there won’t be new non-genealogical uses of the site someone figures out in the future that nobody is even thinking of today — and to the provisions of the European Union’s General Data Protection Regulation (GDPR) as well.

“And it’s a good, right, ethical decision. Doing as much as any website can to protect the trust of genealogists that their DNA data will be used only for the purposes to which they personally consent leaves the entire field on firmer ethical ground.”

You can read a lot more in Judy Russell’s article at:

Categories: DNA, Legal Affairs, Offline Privacy & Security, Online Privacy & Security

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.