The Perils of Privatized Biometric Data: Lessons from 23andMe's Bankruptcy

The recent bankruptcy filing of 23andMe, a leading direct-to-consumer genetic testing company, has ignited serious concerns about the security and ownership of personal biometric data. With the genetic information of over 15 million individuals potentially up for sale, it's imperative to examine the risks associated with entrusting private companies with such sensitive data.

The Rise and Fall of 23andMe

Founded in 2006, 23andMe offered consumers insights into their ancestry and health predispositions through at-home DNA testing kits. The company's innovative approach garnered a substantial customer base, with millions submitting their saliva samples for analysis. However, the company's trajectory took a downturn following a significant data breach in 2023, where hackers accessed the personal information of approximately 7 million users. This breach not only compromised sensitive data but also led to a $30 million settlement in class-action lawsuits.

Bankruptcy and Data Ownership Concerns

In March 2025, 23andMe filed for Chapter 11 bankruptcy protection, aiming to facilitate a sale that would maximize its business value. This development has raised alarms about the fate of the extensive genetic data the company holds. The potential sale of such data to unknown entities poses significant privacy risks, as there is no certainty about how the information will be used or who will have access to it.

The Inherent Risks of Commercial Biometric Data Storage

Entrusting private companies with biometric data, such as DNA, carries inherent risks:

1. Data Breaches: As demonstrated by the 2023 incident, even companies with robust security measures can fall victim to cyberattacks, leading to unauthorized access to sensitive information.

2. Uncertain Data Use: Companies may change ownership, business models, or data usage policies over time. Customers have limited control over how their data is utilized, especially if the company undergoes financial distress or changes hands.

3. Legal and Ethical Implications: The use of genetic data by third parties, including law enforcement and insurance companies, raises ethical and legal questions about consent and privacy.

Protecting Your Genetic Information

Given these risks, individuals should exercise caution:

• Stay Informed: Regularly review the privacy policies and terms of service of companies handling your genetic data.

• Exercise Your Rights: In certain jurisdictions, laws like the Genetic Information Privacy Act empower individuals to request the deletion of their genetic data. For instance, the California Attorney General has urged 23andMe users to delete their data amidst the company's financial instability.

• Consider Alternatives: Explore options that allow for genetic testing without relinquishing control over your data, such as services that enable local analysis without data storage.

Conclusion

The 23andMe bankruptcy serves as a stark reminder of the vulnerabilities associated with storing personal biometric data with private companies. As the digital landscape evolves, it is crucial for individuals to remain vigilant and proactive in safeguarding their most personal information.