Your data security and privacy is important. The data agreement you will be entering into by participating in this project can be found on the data upload page. The information below will help guide you through the some of the implications surrounding submitting your data, and what options you have to safeguard your privacy. It also describes our standard procedures, and the logic behind the ethical decisions we have made regarding your data privacy. It is important that you understand these before submitting your raw data, or submitting raw data on someone else's behalf.
At the end of the day, the project administrators are known, named invidiuals. For us, the link between our full genetic data and ourselves is plain for all to see. We have chosen to put our genetic data in the public domain because we consider the risks associated with this to be very small, and the return on the understanding of our origins to be much greater. We hope, having understood the risks and benefits, that you will feel the same.
Disclaimer: The information here does not represent legal or medical advice. It is prepared in good faith for informative purposes, and is complete within the bounds of conciseness and of our personal knowledge.
Data processing for this project will take place in the United Kingdom and United States. However, the centralised data storage means it will be available to a selected few other administrators (currently [11 Mar 2018] US-based James Kane and Alex Williamson). Additional administrators may join in future from additional countries, who will have access to raw data.
Submitters' consent is made via that data submission form for anonymised, processed data to be sent to third parties. These are selected by the project administrators, with the expectation (and, depending on circumstances, legal requirement) that these are limited to people with a genuine research interest.
UK and EU law: The UK Data Protection Bill (DPB) and EU General Data Protection Regulation (GDPR) are among the laws covering the treatment of personal and genetic material within the United Kingdom and European Union, respectively, and the latter will continue to be part of UK law following the UK's exit from the EU.
UK and EU users should be aware that the Haplogroup R Data Warehouse is run by James Kane, not directly by us, they are sending data for storage in the United States. This archive is open to other researchers (currently [11 Apr 2018] only Alex Williamson and Jef Treece) who are based in the US: EU/UK laws may not apply (or may not apply in full) to data that the user personally exports outside the EU. While we aim to abide by the full principles and guidance of the GDPR and DPB, as "hobby" projects (i.e. not necessarily under the "large scale" definition of the GDPR), our liability under the GDPR, the DPB, and the associated US implementations via the Privacy Shield Programme, may be limited.
US law: In the US, laws may be applicable on either the national or state level (see a lay summary on privacy law and genetic data). The US has a less-well-developed body of legislature guaranteeing personal privacy than the UK or EU: fewer than half of states even require written consent to disclose genetic information.
Note that some US law-enforcement agencies are using genetic data from genealogical databases (e.g. GedMatch) to trace victims or perpetrators of crime. It is unlikely that our database would be used for such a purpose but we may theoretically, under certain circumstances, be requested to co-operate with law enforcement agencies in any country on such ground. Such requests will be considered individually, with due consideration to the balance of users' privacy, national and international law, and the rights of (and due respect for) victims of crime.
In the event of a problem: Regardless of the legal situation, if you feel your data security has been (or may be) compromised by this project, we would welcome correspondence. Security issues regarding data storage in our Warehouse may be addressed to James Kane; issues regarding data processing and release may be addressed to Iain McDonald. Data can be edited or fully removed or from our storage and analysis facilities and, on receipt of a request to do so, we will aim to do this in an expedient manner.
If you are uploading genetic data that is not yours, as a kit holder you must take responsibility for obtaining informed consent from the person whose DNA is being tested, unless that person is deceased. Informed consent can only be made by persons above the age of legal consent and with mental capacity to manage their own affairs. (See EU General Data Protection Regulation (GDPR) Article 7, Article 9 Section 2(b); UK Data Protection Bill (DPB) Article 84(2), among others.).
Furthermore, testers must take some personal responsibility for the secrets in their own family. This may include situations where revealing their own identity could impact on the lives of others in their family and beyond, e.g. through adoptions, infidelity, etc. Please be considerate of others when publicising the results of your own DNA.
Aside from this, you should be aware that any copy of data placed on an internet site may be subject to malicious attacks, including hacking. Safeguards are meant to prevent this from happening, but can never be completely secure. The small but inevitable risk of this is that data may be stolen.
Testers with other companies (e.g. YSeq WGS and FGC YElite/WGS) will have similar sets of results. Whole Genome Sequencing (WGS) tests will contain autosomal, mitochondrial and (depending on the test) exome DNA results. These are not relevant to us, so we remove them from the analysis and do not make them public.
Our reasons for using your kit number is that it allows your uploaded data to be connected back to your ancestral information and STR profile at Family Tree DNA. This provides an independent check for all administrators and users that the data being uploaded are assigned correctly to an individual, minimising errors, and so that people can identify relevant genetic information about the people in their haplogroup. The MDKA surname provides an additional check (e.g. to make sure we haven't made a typo in the kit number anywhere), and acts as a useful indicator of close relationships to other testers looking for matches. Geographical information about your MDKA is used to map historical migrations in a statistical sense. This data can be anonymised (see Can my information be included more anonymously?).
We ask that your kit is represented by an ancestral surname and your assigned kit number (see also Can my information be included more anonymously?). This information alone cannot identify you as an individual, but could be used to identify you if you create a paper trail leading back to it. If you are worried about being identified personally, you should take normal online data precautions to avoid creating a paper trail that leads back to personal information. An example might be posting your kit number or a family tree online, under a username that you use on social media, which can then connect you back to an organisation or institution. If you remain concerned by this, you can anonymise some of your information when it is input.
The ability of your genetic information to identify you as an individual is remote. Depending on the commonness of your Y-DNA haplogroup, the genetic information you supply could be linked to a branch of your family (e.g. as a descendant of a specific person): indeed, that is a specific goal of this project. However, you can only be securely identified as a specific person from this data if every other male line within the last handful of generations can be ruled out by death or direct DNA testing.
Currently, there is normally negligible risk in associating your Y-DNA genetic data with you as a person, to the extent that the administrators of this project are happy to have that information made public, and we encourage you to take that as a guide. While different circumstances may apply to your own situation, we encourage users to learn about what information they are sharing and the small relative risk they are exposing themselves to. The information you reveal here and elsewhere is your choice, and you retain the right for your submitted personal and genetic to be removed entirely from this site.