The apocalypse of genetic privacy has arrived, and it bears a name we know all too well: 23andMe. The company that convinced millions of people to happily spit into a test tube to find out if they have “Viking blood” in their veins or a predisposition to lactose intolerance has officially gone bankrupt. Sure, it promises that the genetic data it collects is safe, secure, inviolable. But allow me to be skeptical when a company that literally owns the code of millions of people is about to be sold to the highest bidder like an old piece of furniture at auction. 23andMe’s bankruptcy isn’t just the end of a company; it’s the beginning of a potential nightmare for everyone who’s ever entrusted their DNA to these suddenly insolvent “gatekeepers.”
What Really Happened to 23andMe
In short words: 23andMe filed for bankruptcy, and Anna Wojcicki (the company's founder and CEO for nearly two decades) has resigned effective immediately. Wojcicki herself now intends to make an offer to buy the company back during the bankruptcy process. A move that smacks of financial strategy rather than a real emergency. The company, meanwhile, says that the bankruptcy will make the sale easier and that it intends to continue operating during this delicate process. Yes, just like a patient who assures you that he is fine as he is being taken away in an ambulance with sirens blaring.
The issue of real estate gives food for thought: 23andMe asked the court to throw out leases in San Francisco, Sunnyvale and elsewhere to cut costs. Fewer offices, fewer staff, less security for our data? The question, said a famous TV presenter from a few years ago, arises spontaneously.
Genetic sequence is not a password
The key point here is that we are talking about particularly sensitive data. DNA is not a simple email address that you can change after a data breach.
At a fundamental biological level, your DNA is you and only you. If you have a compromised email address, you can find another provider and use a new address. But you can't do that with your genetic code.
Words of David Choffnes, professor of computer science at Northeastern University and executive director of its Institute of Cybersecurity and Privacy. And he is absolutely right: your genetic sequence is unchangeable, it is our biological “score”. Once compromised, there is no possible update. How do you solve it now, with 23andMe?
How to delete your data (if it's still possible)
If you have an account on 23andMe, you can still save what you can. Go into your settings, scroll down to the “23andMe Data” section, click “View,” download a copy if you want one, then go to the “Delete Data” section and click “Permanently Delete Data.” You will receive a confirmation email and will need to follow the link to complete the request.
If you asked to keep your saliva and DNA sample, you can also ask for it to be destroyed by going to your account settings and clicking on “Preferences.” And you can withdraw consent for third-party researchers to use your genetic data in “Research and Product Consents.” The real question, though, is: to what extent can we trust that this data will actually be deleted? In a company on the brink of bankruptcy, with employees who are probably already updating their resumes because they are “on the landing list,” who guarantees that the deletion procedures are followed correctly?
The whole story of 23andMe reminds us that we are just at the beginning of the digital genetic age, and our laws and protections are woefully inadequate. Our data, our DNA, even our intentions They have already become a commodity, long before we had the good sense to determine how to adequately protect them.
