Unbiased Information You Can Trust
infoverus hamburger menu icon

Home

Browse Articles

About

FAQ

Contact

broken piggy bank with genome code

23 and Me Personal Data Usage

icon favorite Mar 25, 2025
clock icon 3 min read
broken piggy bank with genome code
23 and Me Personal Data Usage

23 and Me Personal Data Usage

Last Updated: March 24, 2025

 

Why it Matters:

23 and Me filed for bankruptcy on March 23, 2025. Official and those whom have given their genetic information question what will happen to the genetic data collected, especially if an unknown third party acquires the business through a distressed sale. Below is a summary of the 23 and Me Privacy Policy, which explains what will happen to the data now and in the future. 

 

Executive Summary:

The privacy policy outlines describes the information collected, how it is processed, why it is processed and what happens to it in certain situations. Interestingly, the policy provides for several ways in which 23 and Me can retain information, including genetic information, in order to comply with several standards, laws and regulations.

 

Key Provisions:

  • Retention of Personal Information
    • Genetic Information, date of birth, and sex are retained by 23andMe or its contracted laboratory to comply with federal laws such as the Clinical Laboratory Improvement Amendments (CLIA) and California Business and Professions Code Section 1265, as well as College of American Pathologists (CAP) accreditation requirements.
    • 23andMe retains limited information such as email address, account deletion request details, and communications for legal, contractual, or audit purposes.
    • Personal information is retained for as long as necessary to provide services, fulfill legal obligations, resolve disputes, and meet business needs.
    • Even if a user deletes their account
  • Bankruptcy
    • In the event of a bankruptcy, merger, acquisition, reorganization, or sale of assets, user information may be accessed, sold, or transferred as part of the transaction
    • The privacy policy in effect at the time of transfer will continue to apply to transferred information until the new party updates the policy.
  • Types of Personal Information Collected
    • Registration Information: Includes name, user ID, password, date of birth, billing/shipping address, payment information, and contact details.
    • Genetic Information: Data derived from users' DNA, including genotypes and reports
    • Sample Information: Details about submitted samples, such as saliva samples.
    • Self-Reported Information: User-provided information such as gender, health details, traits, ethnicity, and family history.
    • Biometric Information: Biological data provided for identity verification.
    • User Content: Posts, comments, or messages shared through 23andMe’s services.
    • Web-Behavior Information: Collected through cookies, IP addresses, device identifiers, etc.
    • Aggregate Information: Non-personal data about groups, ensuring no individual identification.
  • How Information is Used
    • Research (if opted in)
    • To provide, improve, and secure services.
    • For communication, customer support, and marketing.
    • To verify identity, administer accounts, and conduct research.
    • Users’ genetic information will not be used for personalized marketing without explicit consent.
  • 23andMe Research Participation
    • Participation in research is voluntary.
    • Research uses de-identified genetic and self-reported information).
    • Data may be shared with collaborators in non-identifiable summaries.
    • Users can opt out at any time, though prior research using their data will remain.
  • Data Sharing Practices
    • With Service Providers: Information may be shared with service providers for purposes such as sample analysis, customer support, marketing, and IT services. These service providers operate under contractual terms that protect user data.
    • With Other Users: Users may choose to share information with family, doctors, or third parties. Information shared with these entities is governed by their own privacy policies.
    • With Law Enforcement: Information is shared only when legally required, such as in response to a valid court order, subpoena, or search warrant. 23andMe commits to exhausting available legal remedies to protect user privacy before complying.
    • Entities Not Shared With: 23andMe does not voluntarily provide data to public databases, insurers, or employers.
  • Privacy Controls and Settings
    • Users can control storage of their samples, report preferences, data sharing, personalized recommendations, and promotional communications.
    • Users can access, download, correct, or delete their personal information, subject to the retention obligations in the first bullet.
    • Account deletion results in sample disposal and removal from research.
  • Federal, State, and Region-Specific Information
    • Users may have specific privacy rights depending on their location.
      • United States: Residents of California and other states are provided special privacy rights under state laws.
      • European Economic Area (EEA), United Kingdom (UK), and Switzerland: Users in these regions have additional privacy protections under regional data laws.
      • Genetic Information Protection: The Genetic Information Nondiscrimination Act (GINA) is a federal law that protects individuals from discrimination by employers or health insurers based on genetic information.

 

Source: https://www.23andme.com/legal/privacy/full-version/

This Weeks Posts

August Update: Tariffs

calendar icon August 09, 2025 calendar icon 3 min read

Alphabet Q2 '25 Earnings

calendar icon July 24, 2025 calendar icon 2 min read

Declaration of Independence

calendar icon July 08, 2025 calendar icon 2 min read

Contact us at info@infoverus.com for a personalized summary of what's important to you.

Stay Informed with Fact-Based Information

Get clear, unbiased summaries of major events—straight to your inbox. No opinions. No noise. Just the facts.