23andMe Files for Bankruptcy: Users Urged to Delete DNA Data

Millions of people have bought DNA tests from 23andme. Now the company has applied for bankruptcy protection and the assets are being sold to the highest bidder. Exercise your right to withdraw your data and have your samples destroyed, says Professor Yann Joly.

» Published: March 26 2025

23andMe Files for Bankruptcy: Users Urged to Delete DNA Data
Photo: Barbara Ortutay/AP/TT

Silicon Valley-based 23andme, which sells DNA test kits for genealogy research and medical genetic analysis, announced on Sunday that it has filed for bankruptcy protection.

The assets, including information about up to 15 million users, will be sold to the highest bidder.

Experts on digital integrity, including Professor Yann Joly, are urging customers to request that their samples and data be destroyed and deleted.

For despite a relatively robust integrity policy, which, according to the company, will also apply to a future owner, one does not know how such an owner will act.

Will they try to find loopholes? Will they continue to conduct the same research or research that one is less comfortable participating in, asks Joly, who leads the center for genomics and policy at McGill University in Montreal, Canada.

Catastrophic Consequences

The most likely buyer is a biomedicine or pharmaceutical company that wants to use the data for research or to train its AI, believes Joly.

Even if the risk is small, sensitive information could also be used by insurance companies, police, or migration authorities – or for extortion purposes.

Tazin Kahn, head of the non-profit cybersecurity organization Cyber Collective, warns of catastrophic consequences if the data is sold.

People have absolutely no power over where their data ends up, she tells CNBC.

In a data breach in 2023, hackers gained access to information from 6.9 million of the company's user accounts. Among other things, a list of people with Jewish ancestry was put up for sale on the darknet.

GDPR Applies

Over 100,000 Swedes are estimated to have taken a DNA test for genealogy purposes. It is unclear how many are in the current database.

Sinan Akdag, expert on digital consumer law at the Swedish Consumers' Association, recommends that one requests that one's data be deleted in accordance with GDPR, which also applies to companies outside the EU that process EU citizens' personal data.

When you submitted your DNA, you gave 23andme consent to process personal data. A consent under GDPR can always be withdrawn, and then the personal data must be removed, he says.

The theory of legislation and what happens in practice can, however, be two different things.

As a private individual, you can value your DNA information in different ways. But you should be aware that no data protection is impossible to circumvent. There is always a risk.

The American DNA testing company 23andme was founded in 2006 and is one of the largest on the market.

The user sends in a saliva sample and receives information about potential health risks and their genetic ancestry.

The company's product was named Invention of the Year by Time Magazine in 2008, with investors such as Google and collaboration with Glaxo Smith Kline.

According to its own statement, the company has a total of 15 million customers worldwide and has sold over 12 million DNA kits for home testing. In Europe, the company offers its services in Sweden, the Netherlands, Ireland, Finland, and Denmark.

The tests are popular among genealogists and, for those who have given their consent, the data has also been used in medical research.

Genetic data from 23andme has, among other things, been used in several research studies at the Karolinska Institute in Stockholm.

Loading related articles...

Tags

TTT
By TTTranslated and adapted by Sweden Herald
Loading related posts...