23andMe, the pioneer of at-home DNA testing, is now facing a financial cliff that could redefine data privacy in the genetic age. Once valued at $6 billion, the company has been hit by plummeting stock prices, a massive data breach affecting millions, and a mass resignation of its board. With the specter of bankruptcy looming, the fate of 15 million users’ genetic data hangs in the balance.
The Big Questions: Where Does Your DNA Go Now?
Unlike a password or credit card, DNA data is unchangeable. You can’t reset your genome, which makes genetic data one of the most sensitive types of information, with potentially long-lasting impacts on privacy, health, and family history. Yet genetic data held by direct-to-consumer companies like 23andMe isn’t safeguarded by federal protections like HIPAA, which applies only to healthcare providers. This means that if 23andMe goes bankrupt or is acquired, user data could legally be sold or transferred to third parties. While the company claims privacy terms would remain intact, legal experts warn that future owners could amend those terms—potentially placing your genetic data into the hands of an entity with entirely different priorities.
A History of Data Breaches
Compounding the issue, 23andMe has shown itself vulnerable to data breaches. In 2023, a breach exposed nearly seven million accounts, spurring a wave of privacy concerns and questions about the company’s security measures. For a financially struggling company, investing in data protection becomes more challenging, heightening the risk of additional breaches. This leaves users in a precarious position: not only could their data be sold off in bankruptcy, but it also remains susceptible to malicious access.
What About Your Data?
For privacy-conscious customers, deleting their account might feel like the best route. However, 23andMe’s privacy policy states that even deleted accounts may have some genetic information retained, often for compliance reasons. This means opting out may only be a partial solution.
Additionally, a significant portion of users—about 80%—have consented to allow their data to be used for research. This anonymized data is shared with research partners, including pharmaceutical giants like GlaxoSmithKline, which use it to explore new treatments. Once anonymized, however, data can’t be retracted from research databases, even if users later request deletion.
How to Delete Your 23andMe Account Data
- Log in to your 23andMe account.
- Navigate to “Settings” in the top right menu.
- Scroll to “Delete Your Data & Account” at the bottom.
- Select “Permanently Delete Your Data and Account.”
- Confirm by following the on-screen prompts.
Note: Deletion is irreversible, and some genetic data may be retained for legal compliance.
The Geeky Takeaway
23andMe’s precarious position is a powerful reminder that handing over something as personal as your genetic information comes with trade-offs. In the rush to uncover ancestry secrets or health insights, users may not have fully considered the long-term implications. Now, with 23andMe potentially on the brink, the value—and vulnerability—of our genetic data has never been more apparent.
As 23andMe’s story unfolds, this episode should prompt broader discussions around the safeguarding of genetic data. After all, in a world where data often outlives the companies that collect it, who will ultimately control your DNA?
Leave a Reply