There is no way to know what a buyer will want to do with the reams of genetic information it has collected. Customers, meanwhile, still have no way to change their underlying genetic data.
  • surph_ninja@lemmy.world
    12·
    8 hours ago

    I hate this understatement so fucking much. No, those 15 million are just the people that directly gave their dna to 23 & me.

    In reality, you only need to sample the genetic data for a small sample of the population to get the genetic information for the majority of the population. These people have relatives, and 23 & me has their data, too. They have most of ours.

    Saying it just affects those 15 million is such an abysmal misunderstanding of genetics.

  • udc@lemmy.world
    3·
    8 hours ago

    Does whoever purchase the company’s assets have full rights to the DNA data though? Wouldn’t there be some kind of restriction for that kind of thing?

    • FriendBesto@lemmy.ml
      71·
      18 hours ago

      Why would anyone expect anyone to risk getting sued or risk going to jail for that? Fully get want you are saying, though.

      The smart thing was to never trust some random upstart company with a cutsie name with the code of our literal DNA. Caveat emptor and all that.

      So much wrong can be done if it ends up in the wrong hands in any of a multitude of sectors, from military contractors to insurance companies who could literally up premiums based on DNA profiles and propensity for illnesses. And that latter one would be one of the most docile of outcomes.

  • RaptorBenn@lemmy.zip
    1212·
    14 hours ago

    No one has any right to complain, this possibility is clearly outlined in the t&c’s every person agreed to.

    Shouldn’t have handed out your defining essence to a corporation.

    • blind3rdeye@lemm.ee
      2·
      37 minutes ago

      I don’t think it is reasonable to expect every individual to become a privacy / legal expert. I think people should have reasonable protections and assurances given to them without needing to study the details of everything they do on a case-by-case basis.

      We have laws about what food can and cannot be sold - so that individuals don’t have to personally test and monitor every product for safety. Privacy & data could be done like that too.

    • surph_ninja@lemmy.world
      8·
      8 hours ago

      What about those of us who are related to the people who took the test, and never consented to the t&c? They have our data, too.

      • Isaac@waterloolemmy.caEnglish
        42·
        14 hours ago

        While I do agree its a bit whack, I question if everything needs 100% safety to be legal?

        If someone offers a dangerous thing and you sign a waiver, maybe motocross, if you get injured is it the owners fault? Why should an individual be free from onus?

        • RaptorBenn@lemmy.zip
          1·
          14 hours ago

          New Zealand understands this, you can sign away a companies liability to yourself. For adventure tourism stuff mostly. It’s a good and fair way to do things I think.

      • RaptorBenn@lemmy.zip
        22·
        14 hours ago

        Who should be responsible for these people agreeing to a contract and then not wanting to honour the contracts terms?

        If personal responsibilty is “a whacked out take” then I’ll take that.

    • renzev@lemmy.world
      21·
      13 hours ago

      “The fuck else were these people expecting” is also my visceral reaction whenever shit like that happens, but if I think about for a bit longer, I realize that it’s not much different than saying “The fuck else were you expecting” to a rape victim who went alone into a dark alley. Sure, people are stupid for engaging with this obvious scam, but the bad guy is still the scammer, not the victims.

      • RaptorBenn@lemmy.zip
        32·
        12 hours ago

        A rape victim didn’t sign a contract saying that would happen if they went dont that alley. That’s the difference.

        There is no bad guy in this case, just an idiot and a company.

  • SocialMediaRefugee@lemmy.ml
    421·
    1 day ago

    I knew the whole idea of letting a company get your genetic fingerprint was a bad idea from the start. Being curious about my ancestry wasn’t worth it.

    • iamdefinitelyoverthirteen@lemmy.world
      8·
      17 hours ago

      Not just yours, but your family 's DNA. You are not much different from your siblings and parents. I was pissed when my brother told me he did one of those stupid DNA tests.

    • FriendBesto@lemmy.ml
      2·
      18 hours ago

      Yeah, I feel like I dodged a bullet. As I knew some family members who tjpigbt about it but declined to do it because of the for-profit angle in case the company flopped.

    • iamtherealwalrus@lemmy.world
      211·
      1 day ago

      That’s great but all it takes is some of your blood relatives to submit their genetic data and they can calculate your genetics to a degree that is accurate enough.

      • FriendBesto@lemmy.ml
        21·
        18 hours ago

        Luckily for us, all family members either saw what OP saw ahead of time, or the few that were curious listened to others and didn’t go through with it. Exactly because of the reason that you stated.

    • The Menemen@lemmy.ml
      19·
      1 day ago

      Hmm.

      One of the notable issues is that this process also won’t delete all of your data — according to 23andMe’s privacy disclosure, your genetic information, date of birth, and sex will be retained for an undisclosed amount of time to comply with the company’s legal obligations,

      • biofaust@lemmy.world
        71·
        24 hours ago

        A merger or liquidation is not a valid purpose to store personal, and especially Art. 9, data, as covered by the legal basis of legal obligations, according to GDPR. So, if you are in Europe, they would have to delete it.

        • FriendBesto@lemmy.ml
          21·
          13 hours ago

          Uh… nope. Sorry. They specifically touch on it:

          “Commonly owned entities, affiliates and change of ownership: If we are involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your Personal Information may be accessed, sold or transferred as part of that transaction and this Privacy Statement will apply to your Personal Information as transferred to the new entity. We may also disclose Personal Information about you to our corporate affiliates to help operate our services and our affiliates’ services.”

          If you request to delete your data as per the GDPR, they will delete some data, but as per their legalese they will not delete all and what is not deleted falls under their Privacy Statement, where you find the above, quoted text. Worth noting that in above the use of may in practice means “will”.

          On top of that, once the data is out of the the EU, which they make a point to state numerous times, they rely on the DPF which focuses on how data is used or transfered to outside the EU. So, if a company is already signed to the DPF, then they can totally keep some of your data as well. Or if they transfer it using it the same framework. So the DPF does not help either. The GDPR focuses on common identifying information, off the cuff it does not seem to address the notion of how DNA can literally be used for exactly that, so, legally, as it stands the DNA data is out of scope of the GDPR. Or, at least that is what they seem to be claiming, indirectly.

          So yeah, you can delete some data, but with a bunch of asterisks followed by that statement. So, sadly, your argument is not fully correct. They will delete some identifying information. But they seemto keep the most important of the data.

          • biofaust@lemmy.world
            1·
            15 hours ago

            What I meant is that “this Privacy Statement will apply to your Personal Information as transferred to the new entity”, so by itself the sale of assets is not a reason to exclude any data from anything stated there.

            I am deleting my account as soon as I get transferred all the data, but what happens when I request the deletion is still valid whether or not they sold the assets.

            And genetic data of any kind is absolutely covered by GDPR: https://gdpr-info.eu/recitals/no-34/

            • FriendBesto@lemmy.ml
              1·
              13 hours ago

              Thanks for the link. We may be slightly speaking past each other. On one hand, the link you sent is of course, correct. I had read that before and is not that I did not believe that the GDPR would include it, more so on not fully trusting 23andMe to comply.

              What you may be overlooking is that in the real world, possible buyers will have access to data as part of any Due Diligence terms, whether they purchase or not. In a perfect world it should not change things but in practice it can, or does. Apparently, that bit I quoted earlier was a very recent update to their T&Cs, as they are protecting themselves for any future lawsuits. Also, I just do not trust 23andMe to have your best interest at heart and to fully comply with privacy issues at the current time, either due to willful BS or mistake. It might just not be a priority. The whole thing could collapse tomorrow, but they are still full on taking people’s money. Any promise of compliance are just words at this point. I have known enough large companies collapse to see this as no different. GDPR or not. On a privacy concern, is not as if they asked everyone who is blood related for any consent, either.

              This was releseased not to long ago, so the USA Feds are not really confident, either:

              oag.ca.gov/news/press-releases/attorney-general-bonta-urgently-issues-consumer-alert-23andme-customers

              ag.ny.gov/press-release/2025/attorney-general-james-urges-23andme-customers-contact-company-delete

              But on paper, I agree that Europeans seem to have sturdier protections. Albeit Americans may have more legal options. Cheers and hope they fully delete your data without any BS.

              • biofaust@lemmy.world
                1·
                4 hours ago

                I take the (you may call it Stoic) decision not to think about what I cannot affect. 23andMe is not a good company, it is tied to Google etc. and they are sloppy with security. I am not even trying to justify myself not taking my data away from there earlier, that is my fault, and I have been stupid and lazy.

                That said, their Privacy Statement is quite clear about what should happen and none of the exception listed there apply, also because genetic data is anyway Art. 9 data.

                I will act at the best of my possibilities and not concern myself more than needed with how bad of an actor anyone may be in the US (it is a bit overwhelming as an exercise, especially nowadays).

  • Kng@feddit.rocksEnglish
    26·
    2 days ago

    This is the perfect example of why privacy matters. No matter how much you trust a parent company one day when the investors come knocking they are legally obligated to liquidate all assets to the highest bidder. Today its 23andme tomorrow it could be discord, google, amazon, Facebook or any other tech company.

    • sqgl@beehaw.org
      9·
      1 day ago

      In case people only saw the headline…

      The sale is because a breach already happened: “hackers obtained personal data of about seven million of its customers in October 2023”.

      They cannot afford the lawsuits.

    • FriendBesto@lemmy.ml
      2·
      17 hours ago

      I am surprised it took this long. But they got hacked 2 years ago, so data on millions of people had already been leaked.

      They were surviving on fumes since since they were still dealing with the fallout of that.

    • Kongar@lemmy.dbzer0.comEnglish
      66·
      2 days ago

      I’ve been telling people since this dna testing started that sooner or later that data will be for sale, an insurance company will buy it, and then get used against people to increase their health insurance rates or deny claims.

      But I’m a crazy conspiracy theorist according to everyone ;)

      Same reason I don’t want to buy a new car anymore…