How To Delete Your 23andMe Data (And Why You Might Want To)
For nearly a decade, 23andMe has been one of the most popular services offering ancestryreports and even health riskprofiles based on a person’s genetic sample. Or in this case, a saliva specimen. In a world where a person is always at the risk of a bad actor scooting off with stolen user data and digital fingerprints, 23andMe upped the ante by storing genetic and ancestry information — ripe for serious identity theft risks.
The risks were always there, and the hammer finally came down with a hack in 2023 that exposed the data of nearly 7 million customer profiles. Multiple lawsuits later, and en-masse board resignation, 23andMe is on the verge of imploding. For a company that boasts 14 million customers and is now facing a delisting threat, the biggest question right now is what happens to all the genetic and ancestry profiles of its customers.
Now, we don’t know if 23andMe will find a savior, but the data will likely change hands and they may not survive the tides of commercial deals. “If we are involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your Personal Information may be accessed, sold or transferred as part of that transaction,“notesthe company’s privacy policy.
Nevertheless, if scandals likeFacebook-Cambridge Analyticaand the shadyshutdown of Google+have taught us anything, the best way forward is to delete your data instead of entrusting it to the hands of a corporate entity.
How to erase your 23andMe footprint
Users who have used 23andMe services in the past, and are now concerned about the safety of their personal data, can follow these steps to submit an erasure request:
Do keep in mind that 23andMe will still retain some of the data associated with your account. “While we will delete the majority of your Personal Information, we are required to retain some information to comply with our legal obligations,” says the company. However, if you had initially consented to the company storing your genetic samples, they would be discarded, as well.
Bold warnings in a sea of uncertainties
The United States Federal Trade Commission is not oblivious to the situation, and has issued a stern warning to all companies engaged in DNA testing and related business, especially when it comes to protecting such sensitive information. Citing cases like Genelink and 1Health/Vitagene, the agency says these companies were allegedly found engaging in shoddy security practices; such as storing data in a public cloud bucket without even being aware of it, lacking encryption or access safeguards, ignorance of security warnings, storing files in plaintext format, and not creating access guardrails for partners. “If your customer accounts offer data thieves a similar gateway to sensitive data … properly secure those accounts,” adds the agency.
However, warnings aren’t always sufficient. American Civil Liberties Union’s Vera Eidelman, talking withNPR, pointed at famous cases involving the Golden State murders and a similar incident in Idaho where law enforcement relied on publicly available genetic databases to identify the perpetrators. “This has happened without people’s knowledge, much less their express consent,” Eidelman was quoted as saying.
23andMe, on the other hand, says it has received multiple requests from authorities seeking access to certain data and genetic profiles, but claims it has resisted all such efforts using legal measures. However, according to theElectronic Frontier Foundation, there are no federal laws currently in place that “clearly protect users of online genetic testing sites like 23andMe,” save for exceptions like the Genetic Information Privacy Act passed by the state of Montana last year.
