March 25, 2025 - The once-celebrated consumer genetics company 23andMe has filed for Chapter 11 bankruptcy, sending shockwaves through the tech and privacy communities. Known for making at-home DNA testing mainstream, 23andMe amassed genetic data from more than 14 million customers. Now, with the company in financial freefall, critical questions arise about what will happen to its trove of biometric and personal information.

The company’s assets include vast databases of DNA, health profiles, family trees, and ancestry information - some of the most intimate data a person can share. As part of bankruptcy proceedings, such assets may be evaluated and potentially sold to satisfy creditors. This possibility has raised red flags among privacy advocates, who warn that consumers' sensitive data could be transferred to unknown third parties.

“This isn’t just about losing your email address to a spammer,” said privacy attorney Sheila Adami, speaking to Bloomberg News. “This is biometric data that could be used to infer medical conditions, family relationships, even racial and ethnic identity. Once it’s sold, there’s no putting that genie back in the bottle.”

If you’re a 23andMe user and concerned about your data, the company does offer the ability to delete your genetic information and account. According to its website, users can log in and request permanent deletion under account settings. However, timing is critical—once bankruptcy proceedings advance, the ability to delete data may be frozen or limited.

"Customers should act immediately if they want their data erased," Adami added in the Bloomberg interview. "There's a risk the bankruptcy court could consider that data part of the company's assets and restrict any modifications."

Federal privacy laws in the U.S. remain limited when it comes to genetic data. The Genetic Information Nondiscrimination Act (GINA) prevents health insurers and employers from discriminating based on genetic information, but it does not address data sharing or sales.

However, consumers in certain states may have stronger protections. California residents are covered under the California Consumer Privacy Act (CCPA) and its expanded version, the California Privacy Rights Act (CPRA). These laws grant consumers the right to access, delete, and limit the sale of their personal information, including biometric data.

"CCPA defines genetic data as personal information," said Alana Frieberg, a data privacy consultant interviewed by The Verge. "In theory, that gives Californians the right to delete their DNA data and prevent its sale—but whether that holds up during bankruptcy proceedings is untested."

Illinois residents may also benefit from the Biometric Information Privacy Act (BIPA), which imposes strict requirements on the collection and sharing of biometric data, including DNA.

23andMe’s downfall raises urgent questions about how companies handle our most personal information—and what happens when those companies fail. For consumers who once embraced the promise of unlocking their ancestry and health risks, the current moment serves as a stark reminder: the cost of convenience may be long-term loss of control.

If you’re a 23andMe user, the time to act is now. Delete your data if you can, and monitor bankruptcy developments closely. Because your DNA, unlike a password, can’t be changed.

by Jim Malmberg

Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.

Follow ACCESS