23andMe Bankruptcy: Implications for Genetic Data Privacy
In March 2025, 23andMe, a key player in the genetic testing industry, filed for bankruptcy, leaving the future of more than 15 million customer profiles uncertain. As state attorneys general advise users to delete their genetic data, concerns grow over how this sensitive information might be repurposed under new ownership.
The State of Genetic Data Security
As discussions unfold, several state attorneys general, including North Carolina’s Jeff Jackson, have emphasized the personal nature of genetic data and the need for consumers to protect their privacy. Jackson stated, “Your genetic data is your most personal, confidential data, and you should be able to protect who has access to it.” He urged individuals to take immediate action to secure their information.
What Happens to Your Data in Bankruptcy?
The bankruptcy raises crucial questions regarding the future handling of consumer data. Federal regulations provide minimal protection for genetic information. Although states have begun to enhance their privacy laws, many experts believe that these measures are still insufficient. Dr. Adam Brown, an emergency physician in Washington, D.C., remarked on the lack of guarantees that a potential new owner would maintain the same privacy standards as 23andMe had previously promised.
Federal Protections: Are They Enough?
Current federal laws like the Genetic Information Nondiscrimination Act (GINA) offer limited protections. While GINA restricts genetic discrimination in employment and health insurance, it does not extend to life insurance companies or other non-health related fields. Additionally, HIPAA, which regulates health information privacy, does not apply to direct-to-consumer genetic testing companies, adding another layer of vulnerability for consumers.
State Responses to Privacy Concerns
In light of these events, at least 14 states have enacted laws to regulate genetic testing companies like 23andMe and Ancestry. These laws generally require companies to obtain explicit consent before using or sharing genetic data and grant consumers the option to delete their data. However, experts argue these measures do not go far enough. Anya Prince, a law professor at the University of Iowa, noted that many recent state laws are influenced by a model developed with input from 23andMe and Ancestry, which stifles more ambitious privacy protections.
Steps to Secure Your Genetic Data
Following the bankruptcy announcement, the urgency to secure personal genetic data has intensified. The Nevada Attorney General, Aaron Ford, has advised residents to access their 23andMe accounts and consider deleting their genetic information. To assist users, here’s how to delete your data:
- Log in to your 23andMe account at 23andme.com.
- Navigate to “Settings” under your profile.
- Locate the “23andMe Data” section, then click “View.”
- If desired, download a copy of your data prior to deletion.
- In the “Delete Data” section, click “Permanently Delete Data.”
- Follow the confirmation link sent to your email to finalize the deletion.
Conclusion: Navigating the Future of Genetic Privacy
As the situation evolves, consumers are left to navigate the complexities of genetic data privacy amidst increasing scrutiny of the practices of direct-to-consumer companies. The intersection of genetics, privacy, and corporate responsibility is becoming ever clearer—as are the potential ramifications for individuals who may become vulnerable as a result of corporate failures. It is crucial for users to understand their rights and take proactive steps in securing their personal information.
For more information on genetic privacy laws and consumer protections, consult your state attorney general’s office.