23andMe's Data Sold to Nonprofit Run by Its Co-Founder - 'And I Still Don't Trust It' (msn.com) 24
"Nearly 2 million people protected their privacy by deleting their DNA from 23andMe after it declared bankruptcy in March," writes a Washington Post technology columnist.
"Now it's back with the same person in charge — and I still don't trust it." As of this week, genetic data from the more than 10 million remaining 23andMe customers has been formally sold to an organization called TTAM Research Institute for $305 million. That nonprofit is run by the person who co-founded and ran 23andMe, Anne Wojcicki. In a recent email to customers, the new 23andMe said it "will be operating with the same employees and privacy protocols that have protected your data." Never mind that Wojcicki and her privacy protocols are what put your DNA at risk in the first place...
The company is legally obligated to maintain and honor 23andMe's existing privacy policies, user consents and data protection measures. And as part of a settlement with states, TTAM also agreed to provide annual privacy reports to state regulators and set up a privacy board. But it hasn't agreed to take the fundamental step of asking for permission to acquire existing customers' genetic information. And it's leaving the door open to selling people's genes to the highest bidder again in the future...
Existing 23andMe customers have the right to delete their data or opt out of TTAM's research. But the new company is not asking for opt-in permission before it takes ownership of customers' DNA... Why does that matter? Because people who handed over the DNA 15 years ago, often to learn about their genetic ancestry, never imagined it might be used in this way now. Asking for new permission might significantly shrink the size (and value) of 23andMe's DNA database — but it would be the right thing to do given the rocky history. Neil M. Richards [the Washington University professor who served as privacy ombudsman for the bankruptcy court], pointed out that about a third of 23andMe customers haven't logged in for at least three years, so they may have no idea what is going on. Some 23andMe users never even clicked "agree" on a legal agreement that allowed their data to be sold like this; the word "bankruptcy" wasn't added to the company's privacy policy until 2022. And then there is an unknown number of deceased users who most certainly can't consent, but whose DNA still has an impact on their living genetic relatives...
[S]everal states have argued that their existing genetic privacy laws don't allow 23andMe to receive the information without getting permission from every single person. Virginia has an ongoing lawsuit over the issue, and the California attorney general's office told me it "will continue to fight to protect and vindicate the rights" of consumers....
Two more points of concern:
"Now it's back with the same person in charge — and I still don't trust it." As of this week, genetic data from the more than 10 million remaining 23andMe customers has been formally sold to an organization called TTAM Research Institute for $305 million. That nonprofit is run by the person who co-founded and ran 23andMe, Anne Wojcicki. In a recent email to customers, the new 23andMe said it "will be operating with the same employees and privacy protocols that have protected your data." Never mind that Wojcicki and her privacy protocols are what put your DNA at risk in the first place...
The company is legally obligated to maintain and honor 23andMe's existing privacy policies, user consents and data protection measures. And as part of a settlement with states, TTAM also agreed to provide annual privacy reports to state regulators and set up a privacy board. But it hasn't agreed to take the fundamental step of asking for permission to acquire existing customers' genetic information. And it's leaving the door open to selling people's genes to the highest bidder again in the future...
Existing 23andMe customers have the right to delete their data or opt out of TTAM's research. But the new company is not asking for opt-in permission before it takes ownership of customers' DNA... Why does that matter? Because people who handed over the DNA 15 years ago, often to learn about their genetic ancestry, never imagined it might be used in this way now. Asking for new permission might significantly shrink the size (and value) of 23andMe's DNA database — but it would be the right thing to do given the rocky history. Neil M. Richards [the Washington University professor who served as privacy ombudsman for the bankruptcy court], pointed out that about a third of 23andMe customers haven't logged in for at least three years, so they may have no idea what is going on. Some 23andMe users never even clicked "agree" on a legal agreement that allowed their data to be sold like this; the word "bankruptcy" wasn't added to the company's privacy policy until 2022. And then there is an unknown number of deceased users who most certainly can't consent, but whose DNA still has an impact on their living genetic relatives...
[S]everal states have argued that their existing genetic privacy laws don't allow 23andMe to receive the information without getting permission from every single person. Virginia has an ongoing lawsuit over the issue, and the California attorney general's office told me it "will continue to fight to protect and vindicate the rights" of consumers....
Two more points of concern:
- "There is nothing in 23andMe's bankruptcy agreement or privacy statement to prevent TTAM from selling or transferring DNA to some other organization in the future."
- The article also notes a 2023 data breach affecting 6.9 million users, arguing "They haven't shown they can keep your data safe... 23andMe's financial struggles could make it hard to run a robust cybersecurity program."
Re: (Score:3)
Customers could delete their data? (Score:2, Interesting)
"That's not entirely accurate" - Independence Day (1996)
Sen. Josh Hawley rips 23 and Me CEO a new one and exposed the lie that customers could delete their data.
RSS Feed Not Working For Days ... (Score:2, Offtopic)
Hey Slashdot ...
The RSS feed stopped working on the 17th of July.
Check the feed [slashdot.org] out yourselves ...
Or the alternate feed [slashdot.org], same problem.
Unless you don't care about traffic from the feed then ...
The idea of giving your genetic data (Score:3)
That data could easily be handed to the police and they could use it to tie you to a crime. You're then going to have to spend tens if not hundreds of thousands of dollars fighting them off while a prosecutor tries to get a notch in his belt for his upcoming political run.
Every year crime goes down but every year we put more cops on the street and give prosecutors more money.
Voters expect results but if crime is going to keep going down the only way to get those results is to start locking up innocent people.
I'm sure they will start with minorities but well, they are a minorities by definition that won't be enough so they're going to start harassing The general public.
You can already see it with DUI stops where cops are pulling people over who are perfectly sober but the way the laws are written you're guilty until proven innocent.
Too slow, they're already past that. (Score:5, Interesting)
Okay, some thoughts on this:
1. The data has already been handed to the police. They've been using it to solve decades old rape cases and such.
2. Unless YOUR DNA turned up at a crime scene, it is unlikely that the police are going to arrest you over it. Unless you have an evil twin out there, it's not a very realistic problem.
3. The problem is also actually WORSE than you state. You see, YOU don't need to submit data to be found. In a number of the cases, a semi-distant relative, like a niece, submitted their DNA. This gave them a match with their suspect as a relative. So they go looking for family members who might have been in the appropriate area at the appropriate time. At least for now, only really used for rape and murder cases, where they're willing to expend a lot of funds to solve it. Between the relational DNA match and the location, they can often get a warrant for an actual DNA sample.
I've also seen video of where the suspect blew a 0.00 on the breath test and was promptly arrested for DUI despite it. Then a full test and workup at the police station, only for the police to have to release him because they found nothing. The teen was in high school sports and drug tested like every other week anyways. Of course, he ended up suing for stuff including the arrest after the 0.0 (what reasonable suspicion was there other than him being a snarky and somewhat cold teen?) and the police ended up giving him city money (because that doesn't affect the police budget at all) to go away.
Re: (Score:1)
Unless YOUR DNA turned up at a crime scene,
Many times the initial match is made from a consanguinity/divergence comparison. Then the cops come banging at the door, then the lawyers get involved, the expenses mount, and even when you're found innocent and not a match, you still have the legal bills, the loss of reputation because you are a "person of interest", maybe you lost your job when they put you in jail pending trial and you can't afford bail (remember that bail charges are a fee and you don't get them back, ever) and the strife and stress of
Re: (Score:2)
The police can screw anything up, of course, and prosecutors are sometimes little better. However, I'm not aware of any actual arrests based 'solely' or even mostly on a cosanguinity comparison. Instead, they use the cosanguity match along with other evidence to get a warrant for the suspect's DNA.
My dad, before he passed, got big into genealogy and ancestry. A 4% match, while a low percentage, is still enough to reliably indicate relationship. We have stenography systems that can still make a match wit
So the odds of a mismatch (Score:2)
Now what they should be doing at that point is looking for corroborative evidence but that's not what's going to happen. We already have a couple examples of people being picked up on the basis of DNA evidence and having to fight off a murder charge.
The real problem here is every year crime goes down but every year the media tells you it goes up. So
Re: (Score:2)
Looking, I'm not seeing much. Can you name a few cases so I can see what happened?
I'm actually seeing more exonorations because of DNA. I did find one case, but that was a police lab contaminating a sample by not properly cleaning equipment, not a DNA database problem.
I've read write-ups where they find a relative of a suspected offender in the DNA database, but in those cases the officers DID go for collaborative evidence. More DNA from more relatives, for example, to nail down the actual suspect.
For exa
Re: (Score:2)
It's actually *easier* to invade someone's privacy by tracking their web browsing history, than by getting their hands on their DNA profile.
Nobody's going to impersonate or track you by obtaining your DNA raw data. What kind of scheme could possibly even make use of your DNA data? Anybody who would go that far to impersonate or track you, could do so much more easily and cheaply by picking up your trash and doing DNA swabs of things you threw away. That's exactly how they caught the Golden State Killer, and
EditorDavid proving once again he's not an editor (Score:2, Insightful)
"Never mind that Wojcicki and her privacy protocols are what put your DNA at risk in the first place."
No one's DNA is at risk, their personal information is. Why do people say such stupid things, and is is too much to ask for "editors" to do their job? This is literally what editors do, they identify these kinds of errors before they get published.
Re: (Score:2)
No one's DNA is at risk, their personal information is
I can only imagine in this day and age, some unique aspect of your DNA going into a proprietary process or treatment with big money potential to not only get no financial compensation, but receive a cease and desist order too.
that would be quite a trick (Score:2)
"And it's leaving the door open to selling people's genes to the highest bidder again in the future..."
How exactly can a person's genes be sold? Do we have slavery once again? Unless you can buy and sell people, people's genes cannot be sold.
Re: (Score:2)
"And it's leaving the door open to selling people's genes to the highest bidder again in the future..."
How exactly can a person's genes be sold? Do we have slavery once again? Unless you can buy and sell people, people's genes cannot be sold.
Someday they will find the gene for autism.
Privacy. Ha! (Score:2)
>"Nearly 2 million people protected their privacy by deleting their DNA from 23andMe"
If these people cared about their privacy, and thought about it for a few minutes, they wouldn't have submitted samples to some DNA company in the first place without the ability to do it anonymously. And THEN thinking they could actually "delete" the information after the fact- HA!
Yes, I even investigated if there were a way to do this DNA stuff actually privately. And that would mean submitting anonymous samples that
Wife Of Google Founder (Score:3)
Not sure why they always fail to mention that Anne Wojcicki, the former CEO and co-founder of 23andMe was married to Google co-founder Sergey Brin for years. Your 23andMe data went to Google from day one.
Re: (Score:1)
Gross incompetency in IT security (Score:2)
Very few businesses that are involved in IT in any way have anything remotely close to decent security.
Basically, they need to reintroduce the US' Internet Czar, who should have meaningful authority and who should impose meaningful IT security standards. That small companies can't afford to hire security staff is irrelevant as they mostly either work in the cloud using SAAS, at which point their provider should be handling all the security. If you want to roll your own, then you should accept the burden of
Like Real Estate Bankruptcies (Score:2)
A common pattern in expensive real estate developments (say, hotels) that get built then go bankrupt, unable to pay off their construction loans. The development gets sold at auction, for deep discounts on the dollar, to another entity that takes over with much less debt and can then operate the facility profitably. This "other entity" taking ownership may in fact be controlled by the original owner but is separate by legal incorporation fiction.
Seems to be the case here. Same owner, same company, still ope