[ad_1]
DNA and genetic testing company 23andMe is in turmoil after a data breach last year and its ongoing financial decline. The once-leading giant faces an uncertain future amid efforts to take the company private, raising concerns about what might happen to the genetic data of some 15 million 23andMe customers.
Best known for its saliva-based test kits that offer a glimpse into a person’s genetic origin, 23andMe has seen its value fall more than 99% from its peak of $6 billion since going public in early 2021 after failing to turn a profit.
This revenue shortfall was attributed to declining consumer interest in 23andMe’s disposable test kits and lackluster growth of its subscription services. The company also suffered a massive data breach that lasted several months, with hackers stealing the ancestry data of nearly 7 million users throughout 2023. Agreed in September To pay $30 million to settle an infringement lawsuit.
Less than a week later, Anne Wojcicki, founder and CEO of 23andMe, said she was “considering proposals for a third-party acquisition” of the company. Wojcicki quickly retracted the statement, saying instead I planned to take the company private. But the damage was done, and all independent directors of the company resigned with immediate effect.
Where does that leave the genetic data of millions of people?
23andMe is largely bound by its own rules
As evidenced by a data breach last year, which saw hackers steal information such as users’ genetic predispositions and genealogy reports, 23andMe collects a lot of information about its users.
If you’re one of the millions who have sent your saliva to 23andMe to learn about your ancestry, you may have assumed that this data would remain private under law, such as the Health Insurance Portability and Accountability Act. HIPAA, as it is known, sets standards to protect sensitive health information from being disclosed without a person’s knowledge or consent.
However, 23andMe is not a HIPAA covered company. As such, 23andMe adheres largely only to its own privacy policies, which it may change at any time.
The company believes this is “a more appropriate and transparent model for the data we handle, rather than the HIPAA model used by the traditional healthcare industry,” 23andMe spokesman Andy Keil told TechCrunch.
The lack of federal regulation and the chaotic mess of state privacy laws ultimately means that if 23andMe faces a sale, the data of millions of Americans is also on the table. The company’s privacy policy states that its customers’ personal information “may be accessed, sold, or transferred” as part of a bankruptcy, merger, acquisition, reorganization, or sale.
The fact that customer data is a sellable asset was also highlighted by Wojcicki He reportedly told investors 23andMe will no longer pursue its expensive drug development programs and will instead focus on marketing its vast database of customer data to pharmaceutical companies and researchers.
23andMe confirms that its data privacy policies will not change in the event of a sale. These policies state that the company will never share user information with insurance companies, or with law enforcement without a court order. The latter has increasingly turned to third-party DNA companies to obtain genetic information, but 23andMe has so far resisted all US law enforcement requests for such data, according to To the long-term transparency report.
Potential buyers of 23andMe may have very different ideas about how to use the company’s potentially valuable DNA dataset. said privacy advocates at the digital rights group Electronic Frontier Foundation It has already urged 23andMe to resist the sale To any company with ties to law enforcement, warning that customers’ genetic data could be used by police to randomly search for evidence of crimes.
“Our commitment to applying the terms of our Privacy Policy to our customers’ personal information in the event of a sale or transfer is clear: 23andMe’s Terms of Service and Privacy Statement will remain in effect unless customers are provided with the following: “and agree to the new terms and statements—and only after receiving appropriate notice of any terms.” new, under applicable data protection laws,” Keil told TechCrunch.
Proactively delete your account
While 23andMe appears to be resisting selling to an outside company for now, Wojcicki’s retracted comments have already set off alarm bells among privacy advocates, who are urging 23andMe customers to take action now to protect their data from being sold by asking 23andMe to delete it. Their data.
said Meredith Whittaker, head of end-to-end encrypted messaging app Signal Share on X: “Not just you. If anyone in your family gives their DNA to (23andMe), for all of your sake, close your/their account now.
Eva Galperin, Director of Cybersecurity at EFF, also warned users to take action. “If you have a 23andMe account, today is a good day to log in and request that your data be deleted,” Galperin said in a message. Share on X.
Requesting to delete your data on 23andMe is relatively easy.
Log into your 23andMe account and go to Settings > Account information > Delete your account. 23andMe will ask you to confirm your decision, warning that deleting your account is permanent and irreversible.
There is an important caveat. As stated in 23andMe’s privacy policy, account deletion is “subject to certain retention requirements and exceptions,” which means the company may retain some of your data for an indefinite period of time.
For example, 23andMe will retain your genetic information, date of birth, and gender “as required for compliance” and will retain limited data related to your deletion request, “including, without limitation, your email address, account deletion request ID, and communications.” Related to inquiries, complaints and legal agreements.
Likewise, if you have already consented to 23andMe sharing your data for research purposes, you can revoke that consent, but there is no way for you to delete that information. Kill tells TechCrunch that about 80% of 23andMe customers — roughly 12 million people — agree to participate in its research program.
[ad_2]