avatar

The Ancestry Insider on Ancestry.com's Privacy Policy Changes

by Bradley Jansen July 10th, 2015 2:54 pm

In addition to the red-line analysis of Thomas MacEntee, my previous comments here and here and Judy Russell's observations, I wanted to point out that The Ancestry Insider has a very useful write up:

http://www.ancestryinsider.org/2015/06/ancestrycom-changes-privacy-agreement.html

Of importance:

By using any of Ancestry’s family of websites, you consent to let users share your family history information with users of any of Ancestry’s websites, including fold3.com, newspapers.com, findagrave.com, archives.com, and any other website on which Ancestry provides a link to this privacy policy page. Does that means stuff on Find A Grave can be shared with users of Ancestry.com?

You consent to allow Ancestry to monitor, collect, and share with other users information about your activities on their websites, such as the courses you’ve taken on Ancestry Academy.

Additionally, they say, "Ancestry reminds users that it publishes legally available personal information on records about you." and "While Ancestry will generally send marketing information to you by email, you consent to contact by direct mail or even by telephone."

The whole write up is well worth the read.

But some comments on the Technology for Genealogy page on Facebook suggest that when The Ancestry Insider says "You can easily opt out of the emails" that it might not really be so easy.  If Ancestry.com says one can opt-out of some selling and sharing of personal information easily, their customers should be able to do so.  If not, please speak up!


avatar

Ancestry updates privacy terms: DNA and more

by Judy Russell July 9th, 2015 11:53 am

[Cross-posted from The Legal Genealogist]

Privacy terms and conditions have been updated at AncestryDNA and at all of Ancestry's other services, such as the main Ancestry.com site, Fold3.com and Newspapers.com.

The changes, overall, are minor.

AncestryDNA privacy changes

Privacy terms and conditions have been updated at AncestryDNA (and, by the way, at all of Ancestry's other services, such as the main Ancestry.com site, Fold3.com and Newspapers.com).

The privacy terms at AncestryDNA were updated 12 June 2015 and the changes affect “visitors and new users registering on the Website on or after June 12th, 2015, and ... all users already registered on the Website on or after July 12th, 2015.”1

And the changes in those privacy terms are really very minor -- but they incorporate a change from earlier this year that The Legal Genealogist (and everybody else) missed.

Now, a reminder: terms and conditions -- terms of use -- are “the limits somebody who owns something you want to see or copy or use puts on whether or not he’ll let you see or copy or use it.”2 In this case, the terms of use govern whether we can use the AncestryDNA service and, if we do, what rights we’re giving AncestryDNA.

As savvy online genealogists we all know that we should read every last word of the terms of use and understand them before we agree to them by using a website.

And as human beings in a technological age we still generally just click through because, after all, what choice do we have? If we want to use AncestryDNA — and we do — we have to agree to the changes.

So what are we agreeing to this time?

Nothing that’s a whole lot different from what we’ve agreed to in the past -- though -- again -- there was a change earlier this year that we all missed.

Right from the very beginning, in its very first terms of use, the AncestryDNA service's terms appear to have permitted it to take our data and our information, strip off personally-identifying parts like our names and our addresses, aggregate it with data from other customers and use it to “research human genetic diversity.”3 While the original 2013 terms made it sound like that could happen only if we also signed a specific consent agreement, reading the document as a whole, that's not so clear.

That's because those original terms also gave AncestryDNA very broad rights to use non-personal information: “Because non-personal information does not personally identify you, we may use such non-personal information for any purpose. In addition, we reserve the right to share such non-personal information, with our Group Companies and with other third parties, for any purpose.”4

Then in February of this year, AncestryDNA amended its terms in a change that, frankly, I missed completely. The February change amplified the previous terms to include that AncestryDNA was allowed to conduct research to “internally analyze Users’ results to make discoveries in the study of genealogy, anthropology, evolution, languages, cultures, medicine, and other topics. In addition, if you voluntarily agreed to the Research Project Informed Consent we may use the Results and other information for the purposes of collaborative research and publication and in accordance with the Informed Consent.”5

That February 2015 privacy statement also said:

Subject to the restrictions described in this Privacy Statement and applicable law, we may use personal information for any reasonable purpose related to the business, including to communicate with you, to provide you information about Ancestry’s and AncestryDNA’s products and services, to respond to your requests, to update our product offerings, to improve the content and User experience on the AncestryDNA Website, to let you know about offers of interest from AncestryDNA or Ancestry, and to prepare and perform demographic, benchmarking, advertising, marketing, and promotional studies.6>

So... since February 20th, we've all been bound by these new terms (and yes, you can delete your test and the results, but subject to the caveat that anything you've shared with others could have been copied and may be kept by those others).

Now... is this a change worth getting up in arms over?

Ummmm... no.

To provide us with accurate analyses of our own DNA results, any DNA testing company should “internally analyze Users’ results to make discoveries in the study of genealogy, anthropology, evolution, languages, cultures, medicine, and other topics.” The more internal analysis of user data that's undertaken, the better the matching algorithms, ethnicity estimates and the like may be.

As long as the use of data outside of a testing company is controlled by “the Research Project Informed Consent ... in accordance with the Informed Consent,” there's absolutely nothing wrong with a testing company using its customer data to produce a better result for its customers.

Sure, that should have been in the terms of use from the outset, but it really is a pretty basic concept, isn't it? How do you know you're doing it right unless you're constantly reviewing your customer data to doublecheck whether your analysis is standing the test of time?

So... the current changes. What about them? What actually has changed in this latest round of privacy terms updates is -- to coin a phrase -- not much:

• The terms now clarify that any comments you post on the website are part of the information that may be read, collected, and used by others.

• The terms now specify that one of the things AncestryDNA can use your personal information for is “to help you and others discover more about your family.”

• The terms note that there will be a “‘DNA Alert’ setting that will allow Ancestry to send you notifications for genetic matches, profile updates, and other DNA-related informational alerts.”

And that's really pretty much all that's changed in this latest round of changes at AncestryDNA.

Ancestry's other privacy changes

Ancestry is also in the process of updating its terms of use, applicable to all of its non-DNA-related websites, including Ancestry.com, Fold3.com, Newspapers.com and Ancestry Academy.

The update -- a minor rewrite of its privacy statement -- applies to “visitors and new users registering on any of the Websites on or after June 26, 2015 and to all users already registered or subscribing to any of the Websites on or after July 26, 2015.”7

In this first update since 1 August 2014, there are no surprises and no major changes -- just some tweaks.

First and foremost, the privacy statement now applies to the newly-launched Ancestry Academy -- the partly-free, partly-subscription-based learning center that began operations earlier this year. Many of the changes in the privacy statement simply add Ancestry Academy to the list of websites affected.

Second, the new terms make it clear that anything -- anything at all -- that you choose to make public on any website Ancestry operates is... well... public. Among the things Ancestry will make use of, if you choose to use any of the Ancestry websites:

• “Your background, interests, and activity on the Websites.”

• “Your age, gender, background and interests ... such as in your user profile.”

• “Information about some of your activity on the Website, such as historical records you save or Ancestry Academy courses you've taken.”

• “Personal information about yourself and others in the course of doing research on our Websites, e.g., adding a photo, adding information about a historical person, creating family trees, or sharing a photo with another user through our Services.”

• “Any comments on the Websites or ... in community discussions, chats, communications with us or between you and other users... (and) any information you provide in these areas may be read, collected, and used by others who access them.”8

None of this “your information may be shared” stuff is new. You can go online and read the prior terms, posted 1 August 2014, and all of that “your information may be shared” stuff is there too.9 And you can go back to the terms before that, posted 28 June 2013, and all of that “your information may be shared” stuff is there too.10

In fact, the earliest online version I can find -- from 2010 -- says essentially the same thing:

As a member of Ancestry.com, you can also chose to share further information about yourself, your activity on the site, and your background and interests, with other members of the site. ... Information about some of your activity on the site... may also be shared with other members in order to help you connect with others researching similar ancestors. ... To help you connect with other members researching similar ancestors, by default new accounts are set up to allow other members to learn about things you publicly add or post to the site, as well as some personal research activities (such as saving historical records to your Shoebox or private member tree).11

So if you don't like the Ancestry terms of use, what can you do? Under the agreement, you have one -- and only one -- choice: don't use the Ancestry websites. The terms explicitly provide that: “If you do not consent to any changes to our Privacy Statement and as a result you would like us not to use or hold personal information about you in accordance with the revised terms, you may notify us here so we can discontinue your account.”12


SOURCES

1. AncestryDNA Privacy Statement, June 12, 2015, AncestryDNA (http://dna.ancestry.com/ : accessed 4 July 2015).

2. See Judy G. Russell, “Reprise: a terms of use primer,” The Legal Genealogist, posted 29 Apr 2015 (http://www.legalgenealogist.com/blog : accessed 4 July 2015).

3. AncestryDNA Privacy Statement, March 20, 2013, AncestryDNA (http://dna.ancestry.com/ : accessed 4 July 2015).

4. Ibid.

5. AncestryDNA Privacy Statement, February 20, 2015, AncestryDNA (http://dna.ancestry.com/ : accessed 4 July 2015).

6. Ibid.

7. Ancestry Privacy Statement, June 26, 2015, Ancestry (http://www.ancestry.com/ : accessed 6 July 2015).

8. Ibid.

9. Ancestry Privacy Statement, August 1, 2014, Ancestry (http://www.ancestry.com/ : accessed 6 July 2015).

10. Ancestry Privacy Statement, June 28, 2013, Ancestry (http://www.ancestry.com/ : accessed 6 July 2015).

11. Privacy Statement, December 14, 2010, Ancestry (http://www.ancestry.com/ : accessed 6 July 2015).]

12. Ancestry Privacy Statement, June 26, 2015, Ancestry (http://www.ancestry.com/ : accessed 6 July 2015).


avatar

More on Ancestry.com's Privacy Policy

by Bradley Jansen July 7th, 2015 1:56 pm

I recently brought to attention Thomas MacEntree's redline analysis of the updated privacy policy at Ancestry.com here:

http://www.genealogicalprivacy.org/2015/06/30/ancestrys-privacy-policy-change/

along with a few thoughts of my own to put it in perspective.  My main point was to hark back to warnings I've been making for years that privacy policies of companies can change--even against the company's expressed wishes (such as in bankruptcy proceedings).

In addition to my 2002 commentary, my Center for Financial Privacy and Human Rights signed on to comments to the Federal Trade Commission on a related issue in 2009 (PDF):

https://www.ftc.gov/sites/default/files/documents/public_comments/privacy-roundtables-comment-project-no.p095416-544506-00025/544506-00025.pdf

which read, in part:

The issue of whether data about me is “my data”, or is actually owned by commercial
entities that have collected or obtained it, is most important when such a company goes bankrupt.

No consumer actually intends to agree, when they provide personal information to a
business, that if the company goes bankrupt, that personal information not only can but should
and must be sold to the highest bidder for the sole benefit of the company's creditors, not the
individuals to whom that data pertains. In assuming this, the bankruptcy laws flagrantly violate
any reasonable or likely understanding of consumers actual expectations.

The possibility of a bankruptcy auction of a personal data archive about consumers is not
limited, of course, to the possibility of bankruptcy of a travel company...

Reform of the bankruptcy laws is urgently needed to protect personal information about consumers, which they provided to a particular company for a particular purpose, from being sold at bankruptcy auction to an unrelated third party, most likely a data mining or direct marketing company, without the consent of the individuals to whom this data pertains. And the potential bankruptcy liquidation of a travel company is clearly the paradigmatic case of the danger posed by the current lack of protection in bankruptcy law for personal information.

I also neglected to mention how the importance of this issue has been gathering public attention.  Let me rectify that now.  The New York Times has an article out "When a Company Is Put Up for Sale, in Many Cases, Your Personal Data Is, Too" repeating my warning from years ago about the change of data policies when a company changes hands.  From the article citing the privacy policy of a major online video company, it says

That respect could lapse, however, if the company is ever sold or goes bankrupt. At that point, according to a clause several screens deep in the policy, the host of details that Hulu can gather about subscribers — names, birth dates, email addresses, videos watched, device locations and more — could be transferred to “one or more third parties as part of the transaction.” The policy does not promise to contact users if their data changes hands.

The article then went on to cite the bankruptcy case Toysmart.com I wrote about at the time.  The NYTs article does offer some hope.  It relates the story of how the Texas Attorney General's office intervened to protect the consumer data privacy of the online dating site True.com which was going through a bankruptcy proceeding.

I guess the moral of that story is that we'd have to argue genealogy sites are really like online dating sites!