Bradley Jansen (editor)


Bradley Jansen is the director of the Center for Financial Privacy and Human Rights, part of the Liberty and Privacy Network, a Washington DC-based non-profit founded in 2005 to defend privacy, civil liberties and market economics. He is an adjunct scholar at the Competitive Enterprise Institute. Previously at the Free Congress Foundation, Jansen safeguarded privacy and other Constitutional liberties including testifying before Congress on the USA PATRIOT Act proposal, National ID, and other issues. While working for U.S. Rep. Ron Paul, he initiated and lead opposition to the "Know Your Customer" proposal. Jansen holds a B.A. in International Studies from Miami University (Ohio), learned Spanish at the Pontificia Universidad Javeriana (Colombia), and with advanced studies in economic history at Universidad Católica de Valparaíso (Chile) and law and economics at George Mason University School of Law.

He is a columnist with The Daily Caller, The Huffington Post and Nolan Chart.


The Ancestry Insider on's Privacy Policy Changes

by Bradley Jansen July 10th, 2015 2:54 pm

In addition to the red-line analysis of Thomas MacEntee, my previous comments here and here and Judy Russell's observations, I wanted to point out that The Ancestry Insider has a very useful write up:

Of importance:

By using any of Ancestry’s family of websites, you consent to let users share your family history information with users of any of Ancestry’s websites, including,,,, and any other website on which Ancestry provides a link to this privacy policy page. Does that means stuff on Find A Grave can be shared with users of

You consent to allow Ancestry to monitor, collect, and share with other users information about your activities on their websites, such as the courses you’ve taken on Ancestry Academy.

Additionally, they say, "Ancestry reminds users that it publishes legally available personal information on records about you." and "While Ancestry will generally send marketing information to you by email, you consent to contact by direct mail or even by telephone."

The whole write up is well worth the read.

But some comments on the Technology for Genealogy page on Facebook suggest that when The Ancestry Insider says "You can easily opt out of the emails" that it might not really be so easy.  If says one can opt-out of some selling and sharing of personal information easily, their customers should be able to do so.  If not, please speak up!


More on's Privacy Policy

by Bradley Jansen July 7th, 2015 1:56 pm

I recently brought to attention Thomas MacEntree's redline analysis of the updated privacy policy at here:

along with a few thoughts of my own to put it in perspective.  My main point was to hark back to warnings I've been making for years that privacy policies of companies can change--even against the company's expressed wishes (such as in bankruptcy proceedings).

In addition to my 2002 commentary, my Center for Financial Privacy and Human Rights signed on to comments to the Federal Trade Commission on a related issue in 2009 (PDF):

which read, in part:

The issue of whether data about me is “my data”, or is actually owned by commercial
entities that have collected or obtained it, is most important when such a company goes bankrupt.

No consumer actually intends to agree, when they provide personal information to a
business, that if the company goes bankrupt, that personal information not only can but should
and must be sold to the highest bidder for the sole benefit of the company's creditors, not the
individuals to whom that data pertains. In assuming this, the bankruptcy laws flagrantly violate
any reasonable or likely understanding of consumers actual expectations.

The possibility of a bankruptcy auction of a personal data archive about consumers is not
limited, of course, to the possibility of bankruptcy of a travel company...

Reform of the bankruptcy laws is urgently needed to protect personal information about consumers, which they provided to a particular company for a particular purpose, from being sold at bankruptcy auction to an unrelated third party, most likely a data mining or direct marketing company, without the consent of the individuals to whom this data pertains. And the potential bankruptcy liquidation of a travel company is clearly the paradigmatic case of the danger posed by the current lack of protection in bankruptcy law for personal information.

I also neglected to mention how the importance of this issue has been gathering public attention.  Let me rectify that now.  The New York Times has an article out "When a Company Is Put Up for Sale, in Many Cases, Your Personal Data Is, Too" repeating my warning from years ago about the change of data policies when a company changes hands.  From the article citing the privacy policy of a major online video company, it says

That respect could lapse, however, if the company is ever sold or goes bankrupt. At that point, according to a clause several screens deep in the policy, the host of details that Hulu can gather about subscribers — names, birth dates, email addresses, videos watched, device locations and more — could be transferred to “one or more third parties as part of the transaction.” The policy does not promise to contact users if their data changes hands.

The article then went on to cite the bankruptcy case I wrote about at the time.  The NYTs article does offer some hope.  It relates the story of how the Texas Attorney General's office intervened to protect the consumer data privacy of the online dating site which was going through a bankruptcy proceeding.

I guess the moral of that story is that we'd have to argue genealogy sites are really like online dating sites!


Ancestry's Privacy Policy Change

by Bradley Jansen June 30th, 2015 2:21 pm

If you haven't heard, has changed it's privacy policy.  Over at geneabloggers, Thomas MacEntee has a wonderful post red-lining the changes.  See this PDF linked here:

More generally, it's a good idea to follow news on developments not only of changes to privacy policies, but other corporate news as well.  Companies get bought and sold, and these ownership changes may bring changes to the privacy policies or other data use issues.

Similarly, sometimes companies go out of business (I am NOT trying to start a rumor about or any other genealogy company!), and what happens to the data might be different in a bankruptcy proceeding than the company's stated privacy or other policies may indicate.

Some years ago, I wrote an op-ed "Our Bankrupt Privacy Policies" on exactly how the Federal Trade Commission approved the prostitution of personal consumer data in a bankruptcy proceeding. had a privacy policy saying, “When you register with, you can rest assured that your information will never be shared with a third party."  Despite this clear statement, the FTC approved the selling of that information to a third party buyer.

In short, don't post or share any information--especially Personally Identifiable Information (PII) of living people--that you wouldn't want shared when privacy policies change or company ownership changes--especially if it goes out of business and bankruptcy proceedings put your personal information on the selling block.


Privacy at RootsTech

by Bradley Jansen February 9th, 2015 1:43 pm

If anyone will be attending RootsTech later this week and/or the Federation of Genealogical Societies conference, I'd like to highly recommend an unconferencing session: RT1922 "Genealogists, Technologists, Privacy Advocates: We REALLY Need to Talk!"

The session by Fred Moss and Jim Dempsey will address some important issues:

  • How the Internet is changing our lives
  • Resolving “Big Data” issues
  • Interests of the genealogical community
  • Genealogists share Privacy Concerns "Family Historians and their families are as vulnerable to the predations of identity thieves as any other citizen. Those who believe that genealogists are reckless with Personally Identifiable Information might be pleasantly surprised at some of the measures taken by websites and individual researchers. Our belief is that dialogue among genealogists, technologists, and privacy advocates offers the best potential for developing even better protective measures." 
  • Recent initiatives to restrict access to records

The syllabus can be found here:

The talk will be Friday (Feb. 13) in 251A at 4:00 pm.


Happy Data Privacy Day!

by Bradley Jansen January 28th, 2015 12:00 pm

Every year on January 28th since 2007, we celebrate Data Privacy Day (Data Protection Day to our European friends) going back to the start of the  Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.  The most important and pressing data privacy issue in the United States today is the fight to update the Electronic Communications Privacy Act.

The law that governs the privacy protections of your electronic communications (ECPA) such as text messaging, cloud computing, etc., was passed in 1986.  Needless to say, the general consensus is that the law needs updating. The Digital Due Process (DDP) coalition brings together a broad spectrum of groups from the left, including the American Civil Liberties Union, and the right including Americans for Tax Reform, as well as privacy groups, technology companies including Google, Microsoft, HP, Yahoo, Facebook, etc.

Importantly to this blog, I have to point out that the Records Preservation and Access Committee (RPAC) representing a more than critical mass of the genealogical community is part of DDP and helping in the fight to update ECPA.  Many of the reasons are spelled out in this letter to US Sen. Orin Hatch.

Yes, the genealogy community is active in the struggle to protect privacy.  For another example, check out Judy Russell's excellent post earlier today on this blog.

So here are some good privacy guidelines for genealogists:

  • Consent matters, as Judy explains.  Which dovetails with the general privacy principle of not sharing Personally Identifiable Information (PII) of living people without their consent, and
  • Law enforcement should need a warrant for content (except under well-established exceptions)--the Fourth Amendment should apply to the physical world and the digital one.

The more genealogists work to and respect privacy, the fewer problems we'll have with others wanting to restrict records access.



Genetic Genealogical Privacy Standards

by Bradley Jansen January 18th, 2015 1:12 pm

The Genetic Genealogy Standards Committee recently came out with a document on Genetic Genealogy Standards that can be found here:

My take at first blush is that it's good that the genealogy community continues to update its standards with the times--and that it increasing recognizes the importance of privacy in those standards.

For example, there are several sections where the standards address areas of concern to this blog:

2. Testing With Consent. Genealogists only obtain DNA for testing after receiving consent, written or oral, from the tester. In the case of a deceased individual, consent can be obtained from a legal representative. In the case of a minor, consent can be given by a parent or legal guardian of the minor. However, genealogists do not obtain DNA from someone who refuses to undergo testing.1

3. Raw Data. Genealogists believe that testers have an inalienable right to their own DNA test results and raw data, even if someone other than the tester purchased the DNA test.

6. Privacy. Genealogists only test with companies that respect and protect the privacy of testers. However, genealogists understand that complete anonymity of DNA tests results can never be guaranteed.

7. Access by Third Parties. Genealogists understand that once DNA test results are made publicly available, they can be freely accessed, copied, and analyzed by a third party without permission. For example, DNA test results published on a DNA project website are publicly available.

8. Sharing Results. Genealogists respect all limitations on reviewing and sharing DNA test results imposed at the request of the tester. For example, genealogists do not share or otherwise reveal DNA test results (beyond the tools offered by the testing company) or other personal information (name, address, or email) without the written or oral consent of the tester.

9. Scholarship. When lecturing or writing about genetic genealogy, genealogists respect the privacy of others. Genealogists privatize or redact the names of living genetic matches from presentations unless the genetic matches have given prior permission or made their results publicly available. Genealogists share DNA test results of living individuals in a work of scholarship only if the tester has given permission or has previously made those results publicly available. Genealogists may confidentially share an individual’s DNA test results with an editor and/or peer-reviewer of a work of scholarship. Genealogists also disclose any professional relationship they have with a for-profit DNA testing company or service when lecturing or writing about genetic genealogy.

The committee explains their process, membership, review of comments, etc., all here

It was pointed out that many of the members on the committee have ties to 23andMe and which should have been disclosed properly.

The question then remains whether the community will be able to self-regulate.  We will have to come back to this subject soon.


23andMe and Genentech reach deal on genetic research

by Bradley Jansen January 12th, 2015 11:11 am

According to a Forbes article, 23andMe has reached a very lucrative deal with Genentech--the first of nearly a dozen agreements the company has reached with pharmaceutical and biotech companies.

Explains the "Surprise! With $60 Million Genentech Deal, 23andMe Has A Business Plan" story:

Such deals, which make use of the database created by customers who have bought 23andMe’s DNA test kits and donated their genetic and health data for research, could be a far more significant opportunity than 23andMe’s primary business of selling the DNA kits to consumers. Since it was founded in 2006, 23andMe has collected data from 800,000 customers and it sells its tests for $99 each. That means this single deal with one large drug company could generate almost as much revenue as doubling 23andMe’s customer base.

“I think that this illustrates how pharma companies are interested in the fact that we have a massive amount of information,” says Anne Wojcicki, 23andMe’s chief executive and co-founder. “We have a very engaged consumer population, and these people want to participate in research. And we can do things much faster and more efficiently than any other research means in the world.”

The prospects of advances in genetic research should not be unappreciated, but the story raises the privacy implications of the 23andMe customers:

People who have bought 23andMe kits and agreed to donate their data to research (that’s about 600,000 of the company’s 800,000 customers) automatically consent for 23andMe to sequence their genomes. 23andMe says that it is also able to share anonymous and pooled data about their self-reported health traits without asking. But Genentech wants even more: it wants to look at health and genetic data on an anonymous but individual basis. For that reason, the company will have to ask customers if they want to enter the study.

Let's hope 23andMe has worked out the way to respect consumer privacy and promote genetic research!


Privacy Concerns Fuel Vital Records Access Restrictions

by Bradley Jansen December 30th, 2014 12:16 pm

Hat tip to Dick Eastman who posted "Privacy Concerns Raised about Vermont Town Reports of Births, Marriages, and Deaths" on his blog.  As he explained, "some [Pittsford,Vermont] residents are concerned that publishing birth, marriage, civil union and death names in the annual town report harms their privacy."  These concerns (sometimes very real and justified, sometimes not) are fueling the movement to restrict access to vital records that is quietly sweeping the country.  More here:

The Federation of Genealogical Societies, among other groups, has been warning about the loss of access to vital records for a few years now.  Almost a year ago, there was this update, "We expect the introduction of state legislation based on the unapproved 2011 Model Act and Regulations." referencing this report from March 2013:

The registration of births, deaths, marriages, and divorces is done on the local level, that is, by 50 states, 5 territories, the City of New York, and Washington, DC. Information contained in those records is shared with U.S. government entities such as the Social Security Administration.

To ensure successful sharing, the U.S. government has made available text that states may elect to use for law as well as for regulations describing how those laws are implemented. States are not required to conform to the Model Act and Regulations. Each state, city, or territory is free to implement laws and regulations for its own needs. Nonetheless, the Model Act can have significant impact. For example, the movement of state vital records offices into state Departments of Public Health was first advised by the 1977 version of the Model Act.

Beginning in 2009, a committee formed by the U.S. Department of Health and Human Services convened to update the 1992 Model Act. The National Association for Public Health Statistics and Information Systems (NAPHSIS) approved the update by resolution 8 June 2011. NAPHSIS is an association of representatives from the 57 states, cities, and territories. Members of the organization had participated in the drafting of the new Model Act.

Previous iterations of the Model Act have gone through periods of public feedback and revision before approval by the federal agency involved. The 2011 revision has not yet been made available for public review by DHHS (see their note here) and so it is not yet considered final. In the meantime, several state public health departments developed legislation that conformed to the unreviewed version of the Model Act. This past Friday, 1 March 2013, at noon Eastern time, NAPHSIS independently released the 2011 revision of the Model Act on its website. It can be downloaded here.

What does the new version do? It incorporates changes in technology over the twenty years since the 1992 version. It also changes the records closure periods. Please compare these periods to the ones currently in law in the states in which you research. If they differ, it would be wise to work with local genealogy societies to monitor for the introduction of state legislation affecting records closure.

  • Birth records closed for 125 years.
  • Marriage and divorce records closed for 100 years.
  • Death records closed for 75 years.


Unless family history researchers are comfortable with these proposed delays in access to vital records, they'd we be well served working to understand the underlying privacy concerns and actively addressing them.


EU Medical Privacy Rule Could Hamper Genealogical Research

by Bradley Jansen December 29th, 2014 8:40 am

Alan McQuinn at the Information Technology & Innovation Foundation wrote an op-ed "E.U. data privacy rules threaten medical research" recently.  He rightly raises the fact that the reality of circumstances is often more complicated than presented.  In this case, new medical privacy rules that sound great at first blush might have negative consequences for medical research and ultimately people's health.  Genealogists won't be none to pleased either.

Explains the op-ed,

Last March, the European Union proposed the General Data Protection Regulation (GDPR). The new privacy rules would dramatically harm the ability of researchers to conduct medical research throughout all of its member states. If allowed to pass in its current form, many in the medical community believe the GDPR could cost the European Union not only medical knowledge and money, but human lives as well.

The GDPR was created to protect Europeans’ personal data. In pursuit of this goal, it forces organizations that process personal data to obtain informed consent each time they want to use that data for a purpose other than for what it was originally collected. As the Center for Data Innovation’s Travis Korte has argued, while these regulations have chilling effects on many big data initiatives, their greatest potential for harm is in medical research.

He continues:

There are many solutions that could be incorporated into the GDPR to help it address these problems. For use of data after death, the GDPR should offer a mechanism to “donate your data to science,” giving blanket consent for a patient’s data to be used after their death. This would allow researchers that are studying rare diseases with limited access to patients to achieve effective sample sizes. The GDPR should also be more explicit about when organizations must seek consent to reuse data, or allow organizations to ask once to obtain consent for the reuse of data for multiple purposes. This “one-time consent” framework would reduce costs and regulatory uncertainty for organizations, as well as help address the problem of consent after death.

and concludes, "policymakers should craft narrowly targeted rules to mitigate specific harms, protect individual privacy and ensure medical research can flourish."

With genetic genealogy offering new avenues for research and medical genealogy offering real world insights that could help people with their health, we should tread carefully on how to both protect privacy and research responsibly.

Best to read the whole op-ed here:


Facebook Privacy

by Bradley Jansen December 27th, 2014 6:36 pm

Like many other genealogists (amateurs at least), I use Facebook a lot.  The crowdsourcing and local knowledge aspects greatly help my research.  Unfortunately, Facebook isn't usually known as a champion for privacy--though Facebook is active in Digital Due Process and other pro-privacy activities.

Facebook, like many sites, sometimes changes its policies, and it behooves us to keep up with the changes.  A Huffington Post article explains some recent and forthcoming changes and how to protect your privacy there:

"How To Stop Facebook From Getting More Of Your Info, In 2 Steps"

Importantly, the article directs one to this site:

as a way to customize ads and opt-out through your browser.

Consumers have lots of tools, if they're interested.

Next Page »