Gentesting Company 23andme, once worth 6 billion US dollars, has filed for bankruptcy. General Prosecutors urge concerned customers to delete their data, while experts warn that state and federal laws may not fully protect their privacy. (Justin Sullivan | Getty Images)
The fate of the genetic data of more than 15 million customers remains in the suspension after the popular DNA test company 23Andme was filed for bankruptcy in March. The data is for sale to conquer fears about how to apply it and to maintain the lawyers from more than a dozen countries to the general lawyers to warn 23Andme users: Delete your data.
“Your genetic data is your most personal and confidential data, and you should be able to have access to it,” said North Carolina, the Attorney General in a Democrat in March.
“You have the authority to delete your data now – please act quickly.”
Dr. Adam Brown, an emergency doctor and founder of a health strategy company in Washington, DC, deleted his information to 23andme as soon as he learned about the bankruptcy registration, he told Stateline.
For him, the bankruptcy An significant question arises that federal and state laws do not tackle: What happens to your genetic data when the company collapses collapses?
Federal protection are flimsy. The states have strengthened their genetic data protection laws in recent years, but many experts say that they are not going far enough.
There are actually not many data protection protection for consumers, especially for these company business of the Type Direct-to-Customer.
– Dr. Adam Brown, emergency doctor and founder of a company for health strategy
23andme has said The bankruptcy will not change, as it is saved, manage or protects sensitive customer information. In a press release shortly after the bankruptcy announcement, the company said that potential buyers should be agree to fulfill with 23andmes consumer data protection guideline and all applicable laws. When the Steline company was contacted, it refused to comment on what it published in news publications and information for customers On his website.
However, as soon as the data is in the hands of another company, this company could change its data protection directive at any time, according to experts.
“As soon as you have summed up the insolvency court, there may not be the same guarantees or the same ethos that has a new company for the protection of data protection for consumers,” said Brown.
“I want people to understand that there are actually not many data protection protection for consumers, especially for these company business of the Type Direct-to-Customer.”
Hipaa doesn’t aid
Companies such as 23Ande offer their users potentially changing revelations about their health and ancestors. The process is plain: mail in a saliva sample and the company uses it to create an individual genetic profile that can not only show the family connections of a person, but also health knowledge such as their risk of illness such as cancer or Alzheimer’s.
These valuable personal data support a market for direct and customer gent tests that have been evaluated 1.93 billion US dollars Global in 2023 and is expected to grow, according to the market research company Grand View Research.
23Andme was an industry giant until his share price after a massive 2023 data injury This affected the accounts of almost 7 million customers. Then the lawsuit came for $ 30 million class procedures settlement.
The company declared bankruptcy at the end of March this year and explained announced It is for sale.
A flood of warnings from the Attorney General across the country soon followed. AGS from states, including Alabama, Arizona, California, Kentucky, New Hampshire, North Carolina and Texas, published similar press releases that have recommended customers to delete the company and to destroy the saliva sample used for the creation of IT sample.
“We have hearty federal data protection laws opinion.
The fear is that a fresh 23Andme owner could apply or share sensitive personal genetic data in a way that does not allow the company’s current data protection directive. It is concerned that it could be used, for example, to inflate the life insurance premiums of the people or to expose them to discrimination based on the employment relationship.
And there are not many guardrails that prevent this from happening.
Hipaa, the law on the portability and accountability of health insurance, does not apply to companies such as 23 and 23 and 23Andme. The pioneering federal law protects the sensitive health information of the patients when treated by doctors, hospitals and health insurers. However, direct-to-customer companies such as 23Andme or Ancestry are not regarded as a provider of health service providers, and their non-invasive saliva collection are not regarded as a medical test.
The main law of the federal government, which protects people from discrimination based on their genetic information, is almost 20 years elderly. The Genetic Information Discrimination Act (Gina) was adopted in 2008, long before the rise of test kits at home. This applies to employers and health insurers, but not to life insurance companies, mortgage agents and other non-health companies. And it does not explicitly protect epigenetic information, namely information about the way the genes of a person – and in a broader sense – are affected by external factors such as smoking, illnesses or stress.
What states do
In the past five years, at least 14 countries have passed laws that are regulated by companies such as Ancestry and 23Andme by Direct-to Consumer Gentest. There are deviations, but in general the laws must expressly obtain the express consent of customers before using or sharing their data, and enabling customers to delete their genetic data and the destroyed biological samples.
It is a good start, but it doesn’t go far enough, said Anya Prince, a law professor from the University of Iowa, whose research lies on health and genetic privacy.
Many of these government efforts were built on a model law, which was developed by the coalition for genetic data protection, an industry group with two member companies: 23Andme and Ancestry.
As DNA test kits, increasingly popular exploded and increasing the legislator, the coalition urged to influence the legislation and determine industry standards. The data protection protection in the laws reflects what 23Andme and Ancestry have already done with their own data protection guidelines, say experts.
“You have some really reasonable privacy,” said Prince. “It is great that people can extinguish their genetic data, and it is great that the law enforcement authorities need an arrest warrant to access it. However, if a data protection lawyer had written a model law, there would be potential for more and wider protective measures.”
For example, she said, many of the state laws correspond to data protection requirements for DNA test companies for direct consumers. If, for example, the data from 23Andme are bought by a pharmaceutical company, these state laws no longer apply.
The coalition now seems to be inactive, the website of which is nothing more than able.
Since 2020, more than a dozen states have handed over a version of a genetic data protection law for information, including Alabama, Arizona, California, Florida, Kentucky, Maryland, Montana, Nebraska, South Dakota, Tennessee, Texas, Utah, Virginia and Wyoming based on a Steline analysis. This year the legislative of Indiana A said goodbye The invoice This now goes to the governor’s desk. This year, invoices were introduced in other states, including West Virginia.
Prince said that government laws are too dependent on consumers to manage their data privacy themselves. You are expected to understand a company’s policy if studies have often shown to the public Do not read data protection announcements You also do not fully understand how companies apply their data. In addition, many state laws do not deal with how third parties and law enforcement authorities access consumer genetic data.
It is also not always clear how the laws are enforced or who is responsible for the supervision.
“In general, I think that there is a separation between people’s opinion, how their privacy is protected and how it is actually protected,” she said.
However, some states have enacted laws that are more hearty. In California, for example, a genetic data protection law, but also a General Data Protection Act and a state version of the Gina Act of the Federation, which extends the genetic anti-discrimination protection into areas such as living space, education and licensing.
Florida has strengthened its DNA data protection laws in recent years and has made the DNA of an individual without a declaration of consent with a crime of up to 15 years in prison and a fine of up to 10,000 US dollars. Florida was also the first state to prohibit life, disability and long-term insurance companies to apply genetic information to determine the cover.
The Stateline reporter Anna Claire full of can be achieved aollers@stateline.org.
