23andMe’s Data Sold to Nonprofit Run by Co-Founder Amid Privacy Concerns
Nearly 2 million users of 23andMe opted out of the service after the company declared bankruptcy in March 2023, citing privacy concerns. However, the remaining 10 million customers now face the possibility that their genetic data has been sold to TTAM Research Institute for $305 million. This nonprofit, run by 23andMe’s co-founder Anne Wojcicki, has raised eyebrows among customers and privacy advocates. As a Washington Post technology columnist puts it, ‘And I Still Don’t Trust It.’
Despite claims that the company will adhere to its existing privacy protocols, there are significant concerns about the sale. Wojcicki’s leadership during the company’s earlier years was marked by questionable privacy practices that led to the initial distrust. The legal obligation to maintain privacy policies and data protection measures is in place, but critics argue that this doesn’t address the broader issues of consent and transparency. TTAM has also agreed to provide annual privacy reports and establish a privacy board, yet the absence of opt-in consent for the data transfer remains a critical oversight.
Existing customers have the right to delete their data or opt out of TTAM’s research, but the new company has not sought new permissions. This raises ethical concerns, particularly for long-inactive users who may not be aware of the data transfer. Neil M. Richards, a legal expert, notes that a significant number of these users may have no idea what is happening with their genetic data. Furthermore, some users may never have agreed to the terms allowing their data to be sold, with the bankruptcy clause added to the privacy policy only in 2022. The presence of deceased users’ DNA, which could impact their living relatives, further complicates the issue.
Several states, including Virginia and California, have taken legal action to address these concerns. They argue that privacy laws require explicit consent from all users before their data can be used for research. The California attorney general’s office has stated its intention to continue fighting to protect consumer rights. Additionally, there are concerns about the potential for TTAM to sell or transfer the data to other organizations, as the bankruptcy agreement does not prohibit such actions.
The recent data breach affecting 6.9 million users adds another layer of concern. The breach highlights the company’s struggles with data security, raising questions about its ability to maintain robust cybersecurity measures given its financial challenges. These issues collectively underscore the complex and contentious landscape surrounding the management of genetic data, emphasizing the need for greater transparency and user control.