... from California's attorney general.
California’s attorney general has urgently warned customers of 23andMe to purge their genetic data from the company’s databases over uncertainty where it may end up if the firm goes bankrupt.
“Given 23andMe’s reported financial distress, I remind Californians to consider invoking their rights and directing 23andMe to delete their data and destroy any samples of genetic material held by the company,” AG Rob Bonta said in a statement Friday.
. . .
The bottom dropped out for the one-time Silicon Valley darling as its share price has cratered, and the firm is now in danger of collapsing ... Now thorny questions are being raised about the fate of millions of customers’ most sensitive data if the business goes belly-up ... Under California’s Genetic Information Privacy Act, companies must obtain explicit consent for the collection, use and disclosure of any genetic data. The 2022 law also guarantees consumers the right to access or delete their data at will.
Bonta said customers can permanently delete their 23andMe data by logging into their account, accessing the “settings” menu and navigating to the data section.
Clicking “view” will give users access to the “delete data” section, where the option to “permanently delete data” will appear.
Going through this process will auto-generate an email from the company confirming the request — which users must click to verify before the data will be deleted, Bonta noted in his statement.
There's more at the link.
I know that procedure is valid for California customers of 23andMe, but I'm not sure whether it also applies to customers in the other 49 states, or abroad. I hope it does, because 23andMe is registered in California and so presumably applies California law to its entire customer base, but one never knows.
If the company goes bankrupt and its assets are bought by anybody else, those assets are likely to include its depository of DNA information about every customer it's ever had. That can be misused by criminals in all sorts of ways, from blackmail ("You wouldn't want your kid to find out he/she was conceived in adultery, would you?") to health care issues later in life ("I'm sorry, but you're listed on a public database as having this pre-existing health condition, therefore we can't offer you health insurance to cover it").
I know millions of people have used such DNA testing services. I've always refused to do so for precisely the reasons given above. I hope and pray customers won't suffer for it . . . and I hope they're able to permanently delete their data from their service provider in this or similar ways.
Peter
13 comments:
I've heard they share that data with any law enforcement agency that asks, no warrant required.
If they do that, I bet they've shared it elsewhere as well, especially now that they are in bankruptcy and looking for money.
I suspect it's too late to delete it, since that won't affect what has already been shared elsewhere.
And as far as your data not being in there - if a close family member is, you are effectively in there, as some court cases have demonstrated.
Jonathan
If it's actually in bankruptcy, that's too late because there's no money left to pay people to delete it.
It would also be destroying assets that could be sold...
They have my data. Health and DNA. But because I can link it to different site that collect DNA so deleting from 23 isn't going to solve anything. There is a big collection site that many people looking for family will submit whoever they used to this site. Just because I used 23 doesn't mean my bio half sister/brother used my site. And that is my goal as I have a bio father we know, so far, of 8 marriages. There are 4 of us by his first 3 wives so how many more are out there.
Never used one of these for the same reason I don't store any data in "the cloud". Who owns the data and what can they use it for? I don't want to have to fight that battle.
Get this deleted if you can and do it now.
There is legal precedent (bankruptcy court case) holding that agreed restrictions on release of data held by a company in bankruptcy are not binding on the purchaser of the assets from the bankruptcy Court.
Yes, if you're in the database, you probably can't get out, bur still, try.
John in Indy
The Privacy Act of 1974 already allows for the collection of any personal information, anywhere, in the United States, for a barely defined (for legal purposes, not defined at all) "law enforcement purpose." So, it's not new or novel.
WRT to deletion of data, the link is still there as of this morning from Texas. The Army collected my DNA 30 years ago, and OPM already released everything about me that wasn't DNA related to the Chinese 20 years ago.
Eh, if you are a US veteran from anytime in the last 30ish years the government has your data on file and we all know how well they are at keeping data secret.
As if the .gov didnt scoop up every DNA profile submitted. Probably before you, the customer, received the results.
And we know how well the .gov protects our data.
I hate being this cynical but here we are.
Remember, when you do the deletion protocol online, you're not actually deleting anything.
You're sending a request, along with many many others who have read about this this week, that its employees spend the time deleting your data.
I'm sure those employees are super-inspired to perform such tasks right now.
(tl:dr - too late, I think)
Once you have submitted your genetic data to any of these companies it is almost immediately forwarded to multiple federal agencies, sold to anyone willing to pay and stolen by hackers. The only way to keep your genetic data confidential is to never give anyone a sample. Not an easy task these days...
We shed our DNA constantly. If someone wants it, it's ridiculously easy to get.
I don't see anywhere in the post or the comments why I should care if someone has it.
If you think you have privacy of any sort other than living off grid with zero electronic devices (ie.. no phone, computer, tablet, tv, smart anything etc.. ) then you are living in your own rose colored glasses universe. Even if you do that if someone is interested they can surveil you with drone or satellite and identify you down to the pores on your face and head. Or watch what your doing in your house through thermal imaging. a laser from a drone hitting a window in your house can hear every sound in it. Sigh.. none of this is secret or even hidden that this stuff is available to everyone from .gov down to civilians. If I can afford it I can get access to satellite data or even hiring a satellite outright at close to that resolution. (more money that my net worth so not a realistic capability for me but you get what I'm saying) You or I can buy drones with an insane amount of capability. shoot any of us with any technical ability at all could probably build one with off the shelf components to published designs on the internet.
IT, is what I do for a living and I do my best to not have everything open but I'm constantly fighting mine and my family's devices reporting and listening to everything we do daily, day and night. Mostly I keep the corporate scraping of data down to a low rumble but anything past that you can not stop without an insane amount of effort. Just read that article about the protests and the data from cell phones and GPS that they used to look at behaviors of devices to determine weather the users were paid protestors that peter just published. I have camera's here for a security system that are made in china, I have tv's that constantly turn a built in microphone on in the google tv OS. I have streaming devices that connect to dozens of companies. And those companies track everything I, my Wife and daughter's look at online. I have a vpn I use for business stuff and it doesn't truly help if you use any account tied to you to do anything. I have WiFi units inside and outside my house that have full network connectivity. NAS's, Servers, laptops, workstations, robot vacume cleaners, toy robots, and whatever device I don't know about that my wife or children recently purchased.
Beyond that every check, every digital financial transaction you have done in your life, CC, Bank, paypal, etc.. is an open book. you don't have privacy and haven't for many years.
every post here and even that fact that you simply look at this website is noted somewhere. Every purchase from Sam's, Costco, wal-mart, amazon, Barnes and noble, food lion, Lowe's foods, lowes home improvement, harbor freight etc... are out there if someone in gov wants to look. Not to mention all your health records. Ever since the hippa act you can't go to a doctor and be treated without providing ID. Even my chiropractor would photo copy it annually if I wanted to continue to get service. If you use the va, medicaid, medicare etc.. your an open book. and as we have been hearing hospitals and many health networks have been sharing your data with many corporate research initiatives including google and the gov.
With the access and power of the current search tools and servers ie (AI) not really AI even though they call it that. However regardless of what they call it it is powerful beyond your wildest dreams and fears. once they have an interest to look at you, it is only hours away from having your life and the life of everyone you intersect with laid out in more detail than you have of yourself. Including psych profiles, behavior patterns etc. And forget about whether it is legal or illegal for them to do this. With what we have been finding out about the actions of law enforcement and intelligence agencies then they have absolutely been using this at a detailed level for years, most of our lives actually.
For any who handed their genetic material over to 23 And Me in the first place, it's doubtful if they're bright enough to heed any warnings now.
Monumental stupidity is always its own reward.
Post a Comment