Sites shutting down
The mandates of the European Union’s General Data Protection Regulation (GDPR) take effect in just five days, on May 25, and those who — like The Legal Genealogist — provide information to people around the world including within the EU are scrambling to decide how — or whether — to comply.
The new GDPR rules apply to data collection and privacy for citizens of the EU, but apply to information and service providers outside of the EU. They’re complicated — the regulation alone is 99 separate articles arranged in 11 chapters and then there are the 173 recitals that explain the rules — and they carry a hefty price tag in possible fines for those who don’t figure it out well enough.
So it’s not surprising that there have been casualties within this struggle from the realm of those we’ve long relied on to help us integrate DNA results into our family history.
For example, Richard Hill, who runs the DNA Testing Adviser website, has sent out a notice that he has decided to discontinue his email newsletter because “Compliance with these regulations is onerous, especially for one person like me. … The risk of a fine is too great.” Hill, author of Finding Family: My Search for Roots and the Secrets in my DNA, will still post to his blog, but folks who want to read it will have to go to the website to do so. And, he says, he will continue to post to his DNA Testing Adviser Facebook Page.
It won’t be at all surprising if other small email newsletters go dark because of this rule, so be prepared if some of your favorites go missing in the coming days. (No, if you subscribe to The Legal Genealogist by email, this won’t go missing… but yes, I’m struggling to comply as well and you’re going to hear more about that this week as compliance efforts go forward.)
But there are two very big losses looming on the horizon, and to save the data these sites provide, we’re going to have to take action.
First, Terry and Marilyn Barton, who run the World Families Network website for YDNA projects, made the same decision to go dark: “the ambiguity and uncertainty of the bureaucratic requirements under this new law are just more than we care to deal with.” Their generous stewardship of information and their service as interim administrators for hundreds of YDNA projects has been an enormous benefit to the DNA community, and that website will be missed.
And because of the data stored on this site, our community — that’s you and me, folks — has two action items:
• Save your own data if you use this website. Terry and Marilyn have advised that: “We will delete the project sections of the WorldFamilies site on May 23, 2018, so please copy any information that you wish to save. You may wish to make a copy of your Home, Results, Patriarch, Discussion or other project pages. We can provide an empty excel spread sheet with columns preset to copy/paste your results page on request. For the other pages, you may want to copy/paste your info into a Word document. (Note: we won’t be able to “rescue” you if you miss the deadline, so please don’t wait too long.)”
• Consider saving the data section of one of the website’s soon-to-be-orphaned projects. The YDNA projects themselves will be hosted on Family Tree DNA, but there is a ton of associated pedigree information that could be lost unless others step forward to administer those projects and save the data. To see what projects are at risk, there’s a spreadsheet available here with surnames from Abel to Zunica up for adoption.
Second, Family Tree DNA has elected to close its free, public genetic-genealogy databases, ysearch.org and mitosearch.org, where people who’d tested with FTDNA and companies other than FTDNA could upload their results and get additional matches.
The company’s email to users stated: “On May 24th, 2018, our free, public genetic-genealogy databases, ysearch.org and mitosearch.org, will no longer be accessible as a result of the EU General Data Protection Regulation (GDPR) going into effect on May 25th.”
It went on: “As the founders of the direct-to-consumer genetic genealogy industry, we did not make this decision lightly. We believe it is necessary given the resources it would take to make both sites GDPR compliant. The current environment regarding DNA privacy as well as recent events in the news, particularly DNA databases being utilized to solve cold cases, were also considerations, but the rigorous requirements of GDPR would have prompted this action irrespective of current events.”
With fewer and fewer other providers offering either YDNA or mitochondrial DNA tests, this database has become less and less needed over the years, but it’s still got some data that’s literally irreplaceable. I’d love to offer an action item to save this data… there are folks in these databases who have long since passed on and can’t be retested at FTDNA.
But there’s nothing really to be done here… except to think about the next big issue that could come down the pike and impact our genetic test data.
Because as sure as we’re sitting here today reading these words, we can be sure there will be other problems that come up that put access to genetic information at risk. Some of these will come from government rules like the GDPR. Some will come from the fact that people get tired, they lose interest, or they pass on without passing on the stewardship of their information.
This is a long-term problem with no easy answers… but it’s an issue we’d better start thinking about… and coming up with solutions for.
I totally agree with you, we had better start discussing these issues now before the next lot of legalization falls from the sky! . How someone sitting in Europe can tell the rest of the world what to do is beyond belief. It is my opinion that those who misuse information will continue doing so whilst those who respect the data they have in their care are penalized. It is a sad situation to find ourselves in.
The sadness of this for my family is that our rare yDNA falls within Middle East clade parameters. No close matches so far, but nearly every single one of the names associated with the general clades are *in* the Middle East, with a very few in southern Europe and Britain. Because our documented history goes through Europe, in order to track our male line through time, we need to have access to European data. Our earliest known male line ancestor shows up in Connecticut around 1700. With an English name. I’m fascinated by this line. My mind buzzes with possible stories about his origins. There are simply too many to go fishing. Perhaps eventually EU will realize that they can accomplish their goals without such onerous provisions. But in the meantime, this line looks destined to be a permanent brick wall, without modern yDNA data to provide a link to historical lines.
Annie, sounds a lot like my dad’s Y-DNA! What’s your dad’s clade? I share the sadness over the loss of Ysearch, just like when we lost SMGF, which was even better for studying Y-DNA from other parts of the world. However, alternatives still exist. No one has mentioned https://yhrd.org/. Being German, they are already in compliance, I’m sure, and already set up to be used by law enforcement, so that development won’t trouble them either. They are a great resource for research on Y-DNA haplotypes, even if the number of SNPs and STRs is limited. It continues to grow.
It really does seem overwhelming. I run 1 genealogy website and 1 genealogy blog, plus 3 unrelated blogs. The idea of making them all compliant seems daunting.
I see folks focusing on email newsletters, but it’s more. It’s social media sharing plugins, statistical analytics, affiliate ads, and things I probably haven’t thought of.
I am taking the slow approach and trying to get as much information as possible before I act.
As a small website and blog owner, the constant changes needed for GDPR, US Federal Law requirements, or to stay relevant in Google Search get to be overwhelming. I wish I could hire someone to do it for me!
I am totally against allowing one sovereignty to hold legal sway over another sovereignty. That is a slippery slope down which, in my opinion, we do not need to start sliding.
Whether we like it or not, we have to decide to comply or risk the consequences. Your choice.
Why is one organization being allowed to determine what the rest of us comply with? Who is behind this?
This is a regulation of the European Union. Most of us who have websites or write blogs reach people in the EU.
Judy, Thanks for your excellent summary. Might you expand on one issue? What is your opinion specifically on DNA. My paternal grandparents immigrated from the Netherlands. My Y-DNA and at-DNA will reveal information on living relatives in the Netherlands who have not been tested. We have three native born US citizens with Y-DNA testing, all concurring with a MRCA born in 1815 … thus, lots of patrilineal descendants. Do the regulations address this issue?
Nope, they sure don’t. It seems to me that your DNA is your DNA, the fact that it could shed light on the DNA of others notwithstanding.
Judy,
Does this mean that if I have submitted my AncestryDNA to Family Tree DNA, I will no longer have access to Family Tree DNA?
No, this doesn’t affect the main Family Tree DNA site at all — only the two much older free sharing sites, YSearch and Mitosearch.
The “casualties” of GDPR is an important issue. But there is another, darker side to the story. Regulations like GDPR create a new set of middlemen and profitable synergies between regulators and industry. There are established and start up companies capitalizing on the need for more robust consenting procedures. Regulators stand to make large sums from fines. The extra cost (profits) tend to drive out the little players and stifle innovation. The stated goals of GDPR are to give consumers more control. But its implementation seems to have little to empower consumers in the management of their own data, which remains with those holding it. In US health care (my field) this has had significant negative impact and burnout of personnel. I fear a similar fate for genealogy.
“If it ain’t broke, don’t fix it.” Genealogists have been responsible players while enabling individuals to control use of their own data, if they chose. Hopefully we can continue to do so with a minimal burden of consenting!
I certainly hope the fall-out is small, especially for small players (of which this blog is one!). Compliance for folks like us should not require a middleman and we shouldn’t face huge fines if we make missteps, particularly in this early stage when we’re all trying to figure out what the rules are.
I love these new regulations. The Internet needs to get cleaned up of the spammers, trolls, scammers. Yes, there are unintended consequences, but so be it. Democracy itself is at stake. Kudos to the E.U.!
My suspicion is that none of these regulations will have the slightest effect on spammers, trolls or scammers, any more than the “Do Not Call” registry of the FTC has stopped scammers from calling our phones. What it will do is intimidate a lot of perfectly legitimate individual website owners into closing their sites, because they don’t think it’s worth the effort to try to figure out how to comply.
Another example: because of the GDPR Dutch archives decided to take down the digitized family record cards that provided information about the period 1920-1939. Genealogists loose access to information that has been online for years.
That may be the saddest example of all — most of the people named in those records are deceased, and the GDPR doesn’t cover records of the dead.
John – are these Dutch records already off line?
Judy, for example the Tilburg Archives (where I live) have taken the family record cards offline effective 18 May 2018. You can read their blog post (in Dutch, but you might be able to translate it) about this drastic step here:
https://www.regionaalarchieftilburg.nl/home/blog-detail/algemeen/2018/05/18/gezinskaarten-en-bevolkingsregisters-offline/
I was aware of that, John, and am disappointed by it.
Instead of agonizing over the impact of this EU power grab, we should be inundating our elected representatives with the basic question: who gave the EU the authority to punish U.S. citizens? If it was our government, we have much bigger problems than closed databases.
The only US citizens who are subject to this are those who have contact as service or information providers for citizens of the EU. Each of us has a choice: isolate within our own borders, or be good global citizens.
I agree. It is the same if we wish to do business in Brazil, China, Philippines, etc – we need to abide by their laws.
Judy,
From my understanding GDPR does not apply to an organization who does not do business nor solicit business in the EU. In other words a website similar to Ysearch could exist providing they do not advertise or solicit participants from the EU. If a citizen of the EU chooses to use the site that is their choice.
Is this interpretation correct the way you see it?
I kind of doubt it, frankly. If you’re doing business of any kind on the internet, I don’t think there’s any way to say you don’t do business or solicit business in the EU (or anywhere else). You’d probably have to block all of the IP addresses from those countries even to have a chance to argue that. But this is just me ruminating, it isn’t legal advice, yadda yadda yadda…
Bill, if a citizen of the EU chooses to use a site, and that site chooses to serve them, you are effectively “doing business” with a citizen of the EU.
here is some additional info. https://www.forbes.com/sites/forbestechcouncil/2017/12/04/yes-the-gdpr-will-affect-your-u-s-based-business/#3e4b11b76ff2
How does this affect sites within the USGENWeb?
I don’t know how or whether USGenWeb sites collect personally-identifying information on people. If they don’t, this isn’t an issue. But everybody, USGenWeb included, ought to do a self-assessment on data policies, and at least have a privacy policy, anyway. (See today’s post for what I did.)
Ever wonder why the major credit cards are using chips now? A few folks in a back room in Brussels decided that that was a good idea, et voila! And that was/is a major blow to restaurants and staff…
Chuckle – many US credit cards do not even use “chip ‘n’ pin” and so the owners need to sign. I haven’t signed a “slip” for many years. Now we have RFID “touch” which, for amounts under a given sum, you just tap your card on a device. [Wallets available to screen the cards from naughty people.]
For the “chip ‘n’ pin” – most devices have the ability to add a gratuity at your discretion. For the “touch ‘n’ run” it is less easy.