13.06.2025
2 min
549
The privacy ombudsman in 23andMe’s bankruptcy case has called for the company to be required to obtain separate, explicit consent from customers before selling their genetic data. This could set a precedent for protecting digital rights in medical technology. Nearly 2 million consumers have already requested the deletion of their data following the leak and bankruptcy.
At a hearing in the US Congress, 23andMe’s acting CEO Joe Selsavage did not confirm that the company would require users’ consent before selling data. Ombudsman Neil Richards recalled in a court filing that many customers did not even see a change to the privacy policy when a clause on the possibility of data transfer in the event of bankruptcy was added in 2022.
Since the company filed for bankruptcy in March 2025, more than 1.9 million people out of 15 million have requested the deletion of DNA data. However, according to customers, the deletion process is extremely difficult, especially for relatives of deceased individuals.
23andMe became popular thanks to a simple method: customers send saliva for genealogy and heredity analysis. But the database includes names, dates of birth, genetic information – and covers entire families. In 2023, a massive data leak occurred, after which trust in the company was shaken. When bankruptcy proceedings began in 2025, fears about the commercialization of DNA increased sharply. Critics point out: 23andMe publicly promised privacy for years, while the technical details of the policy changes were hidden at the bottom of the page.
According to the ombudsman, the 23andMe database is one of the most sensitive collections of personal data in history. He proposed two options: either oblige the company itself to obtain consent before the sale, or place this obligation on the prospective buyer. Congressmen support the idea that trust does not equal acquiescence. This is not just a matter of law, but also of dignity.
