FTC Chairman Expresses Worries About Sale of 23andMe DNA Information
The organization that recently initiated Chapter 11 bankruptcy proceedings has stated that “data privacy will play a crucial role in any potential transaction.”
The Federal Trade Commission (FTC) has expressed concerns regarding the safety of the personal data belonging to Americans who were once clients of the genetic testing firm 23andMe.
“I understand that user data from 23andMe may be treated as an asset that could be sold,” he noted.
Since its inception in 2007, 23andMe has gathered various data points from U.S. customers, such as “genetic data, biological DNA samples, health details, ancestry and genealogy information, personal contact data, payment and billing information, and other particulars,” as stated in the letter.
Related Stories
Throughout its time in operation, the company assured customers of its commitment to safeguarding user data and refraining from sharing it with unauthorized third parties.
As per the company’s privacy statement, updated on March 14, if 23andMe finds itself in bankruptcy proceedings and customers’ personal data is sold as part of the process, the privacy commitments made by 23andMe will still be honored.
Ferguson stated the FTC “believes that, under Section 363(b)(1) of the Bankruptcy Code, these promises to consumers must be upheld.”
Thus, any sale during 23andMe’s bankruptcy that involves users’ personal data and biological samples must adhere to the privacy and data security obligations previously established by the company, he noted, adding that customers provided sensitive data based on these assurances.
Opting Out
23andMe filed for bankruptcy with the expectation that the sales process would address its operational, financial, and legal issues, according to Mark Jensen, a board member.
As stated in its March 23 open letter, 23andMe informed customers they can opt out of the company’s research at any point.
This can be achieved by modifying the consent settings within users’ account preferences. Once customers decide to opt out, the company will cease using their data within 30 days.
Moreover, “customers retain the option to delete their data and 23andMe account,” the company mentioned.
“New Yorkers can follow the guidance provided by my office to delete their data or destroy any DNA samples retained by 23andMe. Anyone encountering difficulties in deleting their information stored with 23andMe should reach out to my office,” she stated.
On March 21, California Attorney General Rob Bonta further urged individuals to utilize state privacy legislation to ensure their data is erased and any genetic samples held by the company are destroyed.
“The threat actor accessed the information of a significant number of DNA Relatives profiles (roughly 5.5 million) and Family Tree feature profiles (approximately 1.4 million), which were linked to the compromised accounts,” the company reported at that time.
In September, 23andMe announced plans to offer $30 million in settlement for the millions of affected customers due to the data breach.
