This week, it was announced that 23andMe, the company that analyzed your DNA to find out ancestry and health information, is declaring bankruptcy. After a large data breach in 2023 and declining financials since, this isn’t a shocking revelation. What is shocking to many, especially former users, is that user data is available to be sold in bankruptcy proceedings. So, what happens to the DNA you trusted the company to keep private? Is your data really ever private?
If you submitted your saliva for testing to 23andMe, you probably don’t remember the pages of disclosures and privacy statements that you agreed to. You likely assumed that your data would remain protected, but as this case shows, privacy agreements are often complex, and companies retain rights to use or transfer data in ways users may not have anticipated. When a company files for bankruptcy, its assets—including customer data—can be sold to satisfy creditors. This raises troubling concerns about who may gain access to highly personal information, such as genetic data, and how it might be used in the future.
This isn’t the first time sensitive data has been at risk. Cell phone location data is another example of how our personal information is constantly being tracked and, in some cases, sold. Mobile apps collect vast amounts of data on our movements, often without us fully realizing it. Deep in the user agreement is often information about allowing the app to track you, though few stop to think about what that means. Even when companies claim that location data is anonymized, researchers have demonstrated that it’s often easy to de-anonymize individuals based on their patterns of movement. While this data has proved useful for many in the commercial real estate industry, its future remains unsteady. Many countries, like those in the European Union, Australia, China, Canada and India all have some restrictions in place today, with talks of strengthening those restrictions. At some point, the United States will likely form similar policies to protect Americans from this unnecessary tracking, and end users that rely heavily on this data to make decisions could be left without the insights they have relied on.
These privacy risks—genetic data being sold in bankruptcy cases and location data being traded in the open market—highlight a fundamental issue: our personal data is rarely as private as we believe it to be. Many users assume that companies will protect their data indefinitely, but the reality is that privacy policies often prioritize corporate interests over consumer protections.
As we have discussed in great detail over the last five years, the Census Bureau changed its policies for the 2020 Census, adding in intentional error for privacy concerns. For our purposes, the data became mostly unusable in it’s reported state, it hopefully prevented the average American from identifying people from the raw data.
Ultimately, the 23andMe bankruptcy and ongoing concerns about location data illustrate an uncomfortable truth: in today’s digital world, true data privacy is an illusion. Reading terms of service may not be realistic for every app or service, but understanding the basics of how a company handles and potentially sells data is essential. Until stronger protections are in place, individuals must assume that any data they share can be accessed, sold, or exploited down the line. The question is no longer whether our data is private, but how much we are willing to risk when we give it away.
By the way, if you are one of the 15 million people who participated in 23andMe and want to know how to delete your data, instructions can be found here. https://www.cnn.com/2025/03/25/tech/23andme-bankruptcy-how-to-delete-data/index.html
Recent Comments