Family heritage / geneaology sites are not medical, therefore not protected under HIPPA guidlelines, so it is subject to a warrant, just like phone records, EasyPass data showing car travel etc., no issue with that at all. Also, if the company that is storing the DNA data reveals in whatever user agreement is signed by the customer, I have no issue with it ... catch is almost noone reads those things in their entirety.
The recent dustup about Facebook / Cambridge Analytica is an example of this ... If you actually read the Facebook user agreement ... Facebook users, by virtue of agreeing to the Facebook Terms of Service authorize Facebook to conduct data collection, aggregration and to sell portions of that data to third parties, but ... no one reads the rules before they start using it, then pitch fits when they didn't understand what they signed up for.