Commodity of the Self: The Erosion of Genetic Ownership in the Digital Age

An analysis of the legal "grey zone" where personal biology meets corporate assets, highlighting the urgent need to redefine DNA as personal property.

Published May 12th, 2026

Written by Katelyn Smith

Companies like 23andMe and AncestryDNA have access to the genetic data voluntarily submitted by millions of Americans. Concern arises as the line between the genetic code at the molecular level and being treated as data by corporations blurs. To consumers, their DNA is viewed as deeply personal; it’s literally who they are in a test tube. However, companies remove the humanity from that tube by labeling it as something to be collectible, analyzable, and even sellable. Such sensitive information shouldn’t be at the disposal of companies claiming to build personal connections, only to then, behind laboratory walls, disconnect the personable aspect of the consumer's DNA to monetize it. Current U.S. law does not clearly define ownership of genetic data once it is submitted to these DNA analysis companies. Ethical concerns, such as a company being sold or bought, raise questions about who exactly is the identifiable rightful owner of immensely personal information that could be used to harm the consumer. Due to the absence of clarity pertaining to legal ownership and regulations over genetic data, individuals are exposed to privacy violations and law enforcement exploitation, demonstrating an urgent need for comprehensive legal reform. 

To analyze the weak legal framework behind genetic data privacy laws, it is necessary to first understand what these companies are and how they operate. The process begins when a consumer submits saliva samples to a company like 23andMe or AncestryDNA. Then the DNA is sequenced, followed by results on ancestry or health. The largest concern is the volume of data these companies have access to. Tens of millions of users have given their DNA to these companies, which have created a massive private genetic database, the legality of which remains in a grey zone. The significance of the data contained in these databases is unlike that of any other databases, as the Cleveland Clinic explains: DNA reveals health risks, family linkages and immutable biological identity. Users often consent through terms of service, though the consent is broad, vague and rarely understood. Regardless, the legal framework governing ownership and privacy raises concerns about consumer protection and the demand for change. 

Now, there is a legal framework for consumer protection, but it’s weak. Current U.S. protections include the Genetic Information Nondiscrimination Act, which prohibits discrimination in employment and insurance coverage based on genetic information; however, it does not regulate data sales or ownership. Then there is the Health Insurance Portability and Accountability Act, under which these regulations only apply to healthcare providers, of whom DNA companies are not included. There is a regulatory grey zone that DNA companies operate in, where their practices fall outside the scope of major privacy laws meant to protect consumers. Ultimately, leaving consumers defenseless. 

This grey zone, where vulnerable data seems withheld from direct ownership, was illustrated in the case of the Golden State Killer arrest. Police were able to use a public genealogy database known as GEDmatch to identify a suspect through a relative linkage. People related to the killer had submitted their DNA and were then tracked and analyzed to link the crime scene DNA to the actual killer. Legal and ethical issues arise when individuals who never submitted any DNA are identified through familial matching. This breach of privacy expands surveillance beyond traditional boundaries, which raises Fourth Amendment concerns. As peoples’ privacy is breached, the Fourth Amendment's protections seem negated in these massive DNA databases. 

The core root of these privacy violations is the questionability of who actually owns the DNA in these databases. Once submitted, companies often claim broad rights to store, analyze, and share or sell anonymized data. Legally, there lies ambiguity because DNA is a part of one’s self, which could make it personal property. Considerably, it’s also treated as purely data once extracted. The same material with two purposes, each containing its own ethical implications of ownership. Current U.S. law treats genetic data like a corporate asset rather than personal identity. Companies are at high risk of data breaches, third-party sharing and re-identification of "anonymous" data. 

Genetic data exists in a legal grey zone despite its highly sensitive nature. Without consumer protection reform, individuals risk losing control over their most personal information. Thus, there are multiple possible solutions. One may be to recognize genetic data as personal property, allowing individuals to retain ownership rights. Option two could be to expand federal privacy laws by expanding protections similar to HIPAA to consumer companies that handle health-related data. Or finally, restoring law enforcement access to require warrants or, more so, stricter standards. Regardless of these possible solutions, change is challenging in itself because of rapidly evolving technology, corporations prioritizing monetary gains, and a general lack of federal policy to support the evolution of consumer protection rights. As technology advances, the law must evolve so that DNA remains an extension of the self, rejecting the idea of DNA as a commodity for corporate gain.