In October, we examined the uncertain future of 23andMe, a company that helped popularize direct-to-consumer genetic testing. On Sunday, the company filed for bankruptcy and announced the resignation of its founder, Anne Wojcicki. The bankruptcy raises urgent questions about the privacy of sensitive DNA data provided by more than 15 million customers. Since the data isn’t protected by health-privacy laws, it’s unclear what that would mean for people who have used 23andMe. For example, insurance companies could buy and use genetic predispositions data to deny a life, disability, or long-term-care policy to someone even if they never actually develop the condition. 

Concerned customers flooded 23andMe’s website trying to delete data for themselves as well as deceased relatives. Many encountered technical issues such as delayed verification emails, system crashes, and unclear confirmation about whether their deletion requests were processed. When customers couldn’t delete their data, they raised concerns that the company was trying to keep as much DNA information as possible to make the business more valuable to buyers. “The fact that consumers cannot sign in to access their information to even request the deletion of personal data creates a perception that the company may be trying to limit their exposure in losing valuable assets,” said one customer who tried to delete his account.

Although 23andMe claims its privacy policy will still apply after a sale, legal experts say a new buyer could attempt to change those terms with user consent. Since 23andMe is not a healthcare provider, the company’s genetic and health data is not protected under federal health privacy laws like HIPAA. This case raises important issues about the limits of data protection in the private tech sector. When a company’s most valuable asset is user data, a business failure can put personal information at risk. For consumers, the situation is a reminder that data shared with private companies may not stay private—especially in times of financial instability.

Questions:

1. Why are former customers of 23andMe concerned about the privacy of the data they shared with the company?
2. Do you think startups like 23andMe should be subject to the same data regulations as health care providers? Why or why not?

Sources: Alicia McElhaney, “23andMe Site Went Down as Customers Struggled to Delete Data,” The Wall Street Journal, March 25, 2025; Kevin Williams, “23andMe Bankruptcy: With America’s DNA Put On Sale, Market Panic Gets New Twist,” CNBC, March 30, 2025.