23andMe Is On the Brink. What Happens To All Its DNA Data? (npr.org) 28
The one-and-done nature of 23andMe is "indicative of a core business problem with the once high-flying biotech company that is now teetering on the brink of collapse," reports NPR. As 23andMe struggles for survival, many of its 15 million customers are left wondering what the company plans to do with all the data it has collected since it was founded in 2006. An anonymous reader shares an excerpt from the report: Andy Kill, a spokesperson for 23andMe, would not comment on what the company might do with its trove of genetic data beyond general pronouncements about its commitment to privacy. "For our customers, our focus continues to be on transparency and choice over how they want their data to be managed," he said. When signing up for the service, about 80% of 23andMe's customers have opted in to having their genetic data analyzed for medical research. "This rate has held steady for many years," Kill added. The company has an agreement with pharmaceutical giant GlaxoSmithKline, or GSK, that allows the drugmaker to tap the tech company's customer data to develop new treatments for disease. Anya Prince, a law professor at the University of Iowa's College of Law who focuses on genetic privacy, said those worried about their sensitive DNA information may not realize just how few federal protections exist. For instance, the Health Insurance Portability and Accountability Act, also known as HIPAA, does not apply to 23andMe since it is a company outside of the health care realm. "HIPAA does not protect data that's held by direct-to-consumer companies like 23andMe," she said.
Although DNA data has no federal safeguards, some states, like California and Florida, do give consumers rights over their genetic information. "If customers are really worried, they could ask for their samples to be withdrawn from these databases under those laws," said Prince. According to the company, all of its genetic data is anonymized, meaning there is no way for GSK, or any other third party, to connect the sample to a real person. That, however, could make it nearly impossible for a customer to renege on their decision to allow researchers to access their DNA data. "I couldn't go to GSK and say, 'Hey, my sample was given to you -- I want that taken out -- if it was anonymized, right? Because they're not going to re-identify it just to pull it out of the database," Prince said.
Vera Eidelman, a staff attorney with the American Civil Liberties Union who specializes in privacy and technology policy, said the patchwork of state laws governing DNA data makes the generic data of millions potentially vulnerable to being sold off, or even mined by law enforcement. "Having to rely on a private company's terms of service or bottom line to protect that kind of information is troubling -- particularly given the level of interest we've seen from government actors in accessing such information during criminal investigations," Eidelman said. She points to how investigators used a genealogy website to identify the man known as the Golden State Killer, and how police homed in on an Idaho murder suspect by turning to similar databases of genetic profiles. "This has happened without people's knowledge, much less their express consent," Eidelman said.
Neither case relied on 23andMe, and spokesperson Kill said the company does not allow law enforcement to search its database. The company has, however, received subpoenas to access its genetic information. According to 23andMe's transparency report, authorities have sought genetic data on 15 individuals since 2015, but the company has resisted the requests and never produced data for investigators. "We treat law enforcement inquiries, such as a valid subpoena or court order, with the utmost seriousness. We use all legal measures to resist any and all requests in order to protect our customers' privacy," Kill said. [...] In a September filing to financial regulators, [23andMe CEO Anne Wojcicki] wrote: "I remain committed to our customers' privacy and pledge," meaning the company's rules requiring consent for DNA to be used for research would remain in place, as well as allowing customers to delete their data. Wojcicki added that she is no longer considering offers to buy the company after previously saying she was.
Although DNA data has no federal safeguards, some states, like California and Florida, do give consumers rights over their genetic information. "If customers are really worried, they could ask for their samples to be withdrawn from these databases under those laws," said Prince. According to the company, all of its genetic data is anonymized, meaning there is no way for GSK, or any other third party, to connect the sample to a real person. That, however, could make it nearly impossible for a customer to renege on their decision to allow researchers to access their DNA data. "I couldn't go to GSK and say, 'Hey, my sample was given to you -- I want that taken out -- if it was anonymized, right? Because they're not going to re-identify it just to pull it out of the database," Prince said.
Vera Eidelman, a staff attorney with the American Civil Liberties Union who specializes in privacy and technology policy, said the patchwork of state laws governing DNA data makes the generic data of millions potentially vulnerable to being sold off, or even mined by law enforcement. "Having to rely on a private company's terms of service or bottom line to protect that kind of information is troubling -- particularly given the level of interest we've seen from government actors in accessing such information during criminal investigations," Eidelman said. She points to how investigators used a genealogy website to identify the man known as the Golden State Killer, and how police homed in on an Idaho murder suspect by turning to similar databases of genetic profiles. "This has happened without people's knowledge, much less their express consent," Eidelman said.
Neither case relied on 23andMe, and spokesperson Kill said the company does not allow law enforcement to search its database. The company has, however, received subpoenas to access its genetic information. According to 23andMe's transparency report, authorities have sought genetic data on 15 individuals since 2015, but the company has resisted the requests and never produced data for investigators. "We treat law enforcement inquiries, such as a valid subpoena or court order, with the utmost seriousness. We use all legal measures to resist any and all requests in order to protect our customers' privacy," Kill said. [...] In a September filing to financial regulators, [23andMe CEO Anne Wojcicki] wrote: "I remain committed to our customers' privacy and pledge," meaning the company's rules requiring consent for DNA to be used for research would remain in place, as well as allowing customers to delete their data. Wojcicki added that she is no longer considering offers to buy the company after previously saying she was.
It gets bought by an insurance company (Score:2)
And millions of people are fucked.
What else would happen?
Re: (Score:2)
Either way, they'll keep PCR'ing all of that DNA until slashdot has enough to make another dupe.
Re: It gets bought by an insurance company (Score:2)
Re: (Score:2)
Most likely to some AI LLM although it could be Chinese indeed.
Re: (Score:2)
No, it'll get bought by Blackrock or Vanguard, and then the data will be leased to insurance companies.
Re: (Score:2)
It's illegal for insurance companies to use genetic data.
Genetic Information Nondiscrimination Act (GINA) [wikipedia.org]
But even if it were legal, for every loser, there would be a winner. Insurance companies would have an incentive to charge higher rates to people with genetic disorders, but also to offer discounts to attract healthy people who are more profitable to insure.
Re: It gets bought by an insurance company (Score:2)
Or a pension company. It could help them make a decision about much an annuity could pay out for example: those likely to live longer get paid less annually. Thatâ(TM)s why you also shouldnâ(TM)t trust companies like Vitality who want all your lifestyle data.
And then there are foreign governments who could also make long term use of such data.
What happens to the DNA? (Score:2)
They were already selling it (Score:3)
The price gets lower, that's about it.
Re: They were already selling it (Score:2)
Re: (Score:3)
Then why are they not making any money?
They're selling it for research, but researchers don't pay much.
Meanwhile, their customers are "one and done".
Most companies lose money on marketing + first sale. They make their profits on upselling and additional sales to their established customer base.
But that doesn't work for 23andMe because they have no follow-on products.
All your DNA are belong to us (Score:3)
Or likely some US government agency like the IRS who didn't get paid in time.
Re: (Score:2)
What if it is (or isn't)?
per the EULA we can change what we do at any time (Score:2)
per the EULA we can change what we do at any time even sell it to the highest bidder.
and if we go to bankruptcy they it may not even be our call any more.
Be the Match (Score:3)
Anya Prince, a law professor at the University of Iowa's College of Law who focuses on genetic privacy, said those worried about their sensitive DNA information may not realize just how few federal protections exist. For instance, the Health Insurance Portability and Accountability Act, also known as HIPAA, does not apply to 23andMe since it is a company outside of the health care realm. "HIPAA does not protect data that's held by direct-to-consumer companies like 23andMe," she said.
Or like Be the Match, which claims to be over three times as large:
https://en.wikipedia.org/wiki/... [wikipedia.org]
The Be The Match Registry is the world's largest hematopoietic cell registry, listing more than 22 million individuals and more than 300,000 cord blood units.
Slay, Queen (Score:3, Insightful)
You gotta give the CEO of the 23andMe props. The value of their data is CLEARLY worth more than their company's valuation. Those 80% of users have agreed to let 23andMe use their genetic data in any way the company wishes in perpetuity. Other biotech companies are routinely valued in billions of dollars, while 23andMe's valuation is currently ~$160 million. But the founder/CEO has enough voting shares to prevent any other outcome except their own acquisition of the company, so they're acquiring all the shares at a low price. Congrats to them.
Chancellor Palpatine will buy it (Score:2)
to create a Grand Clone army.
Re: (Score:2)
The long and the short is (Score:2)
If you ever thought sending your DNA to a for-profit was a good idea, it's too late to do anything about it now.
I know it's not always easy to foresee the consequences of decisions that seem rational at a given time, but in this case, seriously: what were you thinking?