DNA Data for Sale: 23andMe’s Potential Acquisition Raises Privacy Concerns
The company 23andMe, renowned for its genetic testing services, finds itself in a precarious situation. Its shares face the risk of being delisted, and the drug development division has recently been shut down altogether. Furthermore, nearly the entire board of directors has resigned, leaving only co-founder and CEO Anne Wojcicki at the helm. She is now contemplating the sale of 23andMe, which could result in the DNA data of 15 million customers becoming part of the transaction.
DNA data is an immensely valuable asset. Over the past two decades, genetic information has helped reunite families, uncover secrets of ancestry, and even apprehend criminals. Despite this, most users of such tests receive only a superficial glimpse into their heritage and genetic traits. The company’s inability to demonstrate the true worth of its data has led to a point where 23andMe is now seeking options to salvage the business, including the possibility of a sale.
Unlike medical institutions, 23andMe is not bound by the Health Insurance Portability and Accountability Act (HIPAA). The company’s privacy policy allows for the sale of data in the event of a merger or acquisition. Moreover, new owners could potentially alter the terms of data use, introducing additional risks. A company representative has stated that any changes would be carefully considered, yet it is impossible to guarantee complete security of customer data.
Genetic information is of interest to a wide array of companies. For instance, insurers could use DNA data to assess risks, such as a client’s predisposition to diseases or early death. Law enforcement agencies might also find this data useful in investigations. It is known that some similar companies have already provided confidential DNA information to U.S. police forces.
The consequences of selling DNA data remain uncertain. Genomic science is still evolving. Experts caution that new owners could use the information for unforeseen purposes. Unlike a password, DNA cannot be changed — even a single data breach is irreversible and may be used against the individual who disclosed their genome.
In some states, such as California, consumers have additional privacy rights over genetic data. Local companies’ clients can request the deletion of their information before a company is sold.
23andMe also allows users to download and delete their data, and it provides notifications of new privacy terms. However, changes to the user agreement often take effect automatically, even if the user has not reviewed them. This means that everything can change in the blink of an eye.
Customers share their data, risking it for questionable benefits. Expectations for genetic analysis were high — it was assumed that the genome would help each person develop a personalized health plan. Yet many diseases are not linked to individual genes, and most people do not possess striking mutations. This contributed to the decline in 23andMe’s sales.
Anne Wojcicki has previously saved the company when the FDA banned the sale of genetic tests in 2013. Today, she is exploring various strategies to sustain the business, including dividing its operations. However, if the stock price does not rise to $1 by November 4, the company will face delisting. A sale of the firm is becoming an increasingly likely outcome.
The risks of DNA data misuse have always existed. Third parties have long had access to anonymized genetic information for research purposes, but sometimes this data can be traced back to an individual. Notably, last October, 23andMe became the central figure in a data leak scandal and agreed to a $30 million settlement in response to a lawsuit.
