Guide7 min read

Is It Safe to Share Your DNA or Genetic Data With AI?

DNA is the most permanent personal data there is, and it exposes relatives. Never paste an identifiable genetic report into a consumer AI like ChatGPT.

By Pierre de ONYRI

The short answer: yes for general questions, no for your raw DNA files. AI can explain a genetic term with no personal data at all. But DNA is not like other data. It is permanent. You cannot change it or reissue it. And it is not only about you: your siblings, parents and children share your DNA. Under the GDPR, genetic and health data are “special category” data (Article 9). In the US, the GINA law limits genetic discrimination, but it leaves gaps. Never paste an identifiable genetic report into a consumer ChatGPT.

Why DNA is unlike any other data

A leaked password can be changed. A card number can be reissued. DNA cannot. Once it is exposed, it is exposed forever. It is the most permanent personal data there is.

It gets worse. Your DNA is not only yours. Your blood relatives share much of it. So disclosing your genome reveals information about them too. And they never gave their consent. No other data works this way.

The law: DNA is sensitive by default

The law treats DNA as a category apart. Under the GDPR, genetic and health data are “special category” data under Article 9. Processing them is prohibited by default. It is allowed only under strict conditions, such as explicit consent. The ICO, the UK data protection regulator, spells it out. Genetic data comes from analysing a biological sample. It gives unique information about your physiology or health. A controller must meet two tests: a lawful basis (Article 6) and a separate Article 9 condition.

In the US, the key law is GINA (the Genetic Information Nondiscrimination Act). Enacted in 2008, it bars health insurers and employers from using your genetic information to discriminate. That is the analysis of the National Human Genome Research Institute (genome.gov). But GINA has precise limits. They must be named. It covers health insurance and employment. It does not cover:

  • life insurance;
  • disability insurance;
  • long-term-care insurance.

Those insurers can still weigh your genetic or family-health information. Some US states go further. But the federal baseline keeps these gaps. Do not overstate the protection. Insurers have an interest in this data. So do law-enforcement bodies, through familial DNA searches in some countries. A consumer AI is one more third party you hand it all to.

The 23andMe lesson

One concrete case shows the stakes. 23andMe is a large consumer-genetics company. In April 2023, customer accounts were accessed without authorisation. The attack used “credential stuffing” (reusing stolen passwords) and ran for about five months. It affected roughly 7 million customers. About 6.4 million were in the United States. The exposed data included names, ancestry results and genetic-relative information.

What followed speaks volumes. In March 2025, 23andMe filed for Chapter 11 bankruptcy protection. The data-breach class-action settlement rose from about $30 million to $50 million, per HIPAA Journal reporting. The lesson is simple. Handing your DNA to a company is a long-term bet on its security and survival.

You assumeThe reality
“My DNA is data like any other”It is permanent and exposes your blood relatives, without their consent
“GINA protects me everywhere”It excludes life, disability and long-term-care insurance
“An AI is a protected medical setting”HIPAA doesn't cover most consumer apps or general AI
“I can delete my data later”Exposed DNA can't be taken back; a leak is permanent
The risk isn't talking genetics with an AI — it's the identifiable file you leave behind.

The fix: never expose a raw DNA file

Good news: AI is still useful. It can explain a gene, a term or a result in general. For that, it needs no identifiable data. Ask the question in the abstract. Keep your DNA file and your reports out of the prompt.

Two-part diagram: at top, a DNA double helix with amber chips (exposed identity) and a branch to two relative silhouettes also lit amber, feeding a dark AI card that receives an exposed document and an amber risk alert; at bottom, the same helix reduced to cobalt token chips feeds an AI card showing a shield with a checkmark.
After the ICO's special category data guidance (Article 9), the National Human Genome Research Institute's GINA page (genome.gov), and HIPAA Journal (23andMe breach and bankruptcy).

When you want to understand a specific point, do it cleanly. Strip the names and identifiers. Describe the question in general terms rather than uploading the file. And remember one thing: shared DNA can never be taken back.

  1. 1Never paste a raw DNA file or an identifiable genetic report into a general AI.
  2. 2Strip names, dates and identifiers before you ask anything.
  3. 3Phrase the question in the abstract, without uploading the file.
  4. 4For the most sensitive interpretation, prefer an offline or local tool.

That's what ONYRI Sanitize is for. The engine detects sensitive data — names, identifiers, health markers — and replaces it with reversible tokens before sending. Detection and the mapping stay in your browser. Only anonymized text reaches the model. The AI sees only tokens, never your real identity. You get the help, without handing a third party data you could never take back.

Frequently asked questions

Is it safe to share your DNA or genetic data with AI?
No for a raw DNA file or an identifiable report, yes for general questions. DNA is permanent: once exposed, it stays exposed forever. It also reveals information about your blood relatives. Under the GDPR, genetic and health data are special category (Article 9). Anonymise before you send and keep the file out of the prompt.
Why is DNA more sensitive than any other identifier?
Because it cannot be changed. A password resets and a card reissues, but your genome does not. On top of that, your relatives share your DNA. Disclosing it exposes people who never gave consent. That is what makes this data unique.
Does GINA really protect my genetic data in the US?
Only partly. GINA bars health insurers and employers from discriminating based on your genetic information. But it does not cover life, disability or long-term-care insurance. Those insurers can still use it. Do not overstate the federal protection.

Sources & references

Keep your sensitive data in your browser

ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.

Anonymize my prompt

Read next