23andMe must secure its DNA databases immediately
23andMe, born from the techno-optimism of the Human Genome Project, revolutionized direct-to-consumer genetic testing. But with its valuation now in freefall, mounting layoffs and its board resigning en masse, 23andMe’s imminent failure raises a critical question: What will happen to the sensitive genetic data of its 15 million customers?
This is not just 23andMe’s reckoning; it’s a warning for the customers of the entire direct-to-customer endeavor, which has long struggled to balance rapid innovation and profits with robust consumer protections. Your DNA — an immutable blueprint of your identity — could be sold, shared with unknown entities or exploited for targeted advertising and product development without your consent.
Beyond these personal risks, shared genetic data can even expose family members to unforeseen vulnerabilities, from stigmatization to medical and insurance challenges. As AI advances genomic analyses, the potential for misuse grows, amplifying risks of discrimination and exploitation that could span generations. 23andMe’s struggles demonstrate that the safeguards for protecting this deeply personal information are alarmingly fragile.
The downfall of 23andMe highlights the hidden costs of its earlier success. The recent $30 million settlement over 23andMe’s data breach underscores the industry’s failure to safeguard sensitive information. Even so-called "anonymous" DNA can be re-identified through public databases, as seen in cases like California’s Golden State Killer investigation.
23andMe and its peers amassed vast genomic databases, but as these databases become commodified assets in corporate failures, public trust erodes. Regulatory frameworks must prioritize long-term reliable privacy and ethical stewardship over short-term market volatility, ensuring genomic data serves as a public good, not a profit-driven commodity.
23andMe’s current predicament highlights the urgent issue of genomic data ownership. The data belongs to 23andMe to sell. U.S. courts treat biological samples as corporate property, and the EU Data Act arguably grants companies ownership of derived genomic data. Fragmented state laws and loopholes in the Protecting Americans’ Data from Foreign Adversaries Act exacerbate the risks.
If 23andMe’s database is divided and sold, the potential for misuse — particularly by foreign entities with weak privacy protections or adversarial intentions — is deeply concerning. Such entities could exploit DNA from relatives of high-profile individuals, including presidents and military leaders, revealing vulnerabilities with far-reaching strategic implications.
Stronger public-private partnerships could address some of these risks. Collaborations between private companies and public institutions can create centralized, secure genomic databases. By treating genetic information as a shared public resource, such partnerships could combine private innovation with public accountability, setting clear standards, protecting infrastructure and restoring trust in personalized medicine.
Ultimately, regulations must recognize the uniqueness of DNA compared to other types of data. Policies should regulate the entire lifecycle of genetic information, from its collection to storage and potential sale. Clear, explicit opt-in consent, independent oversight of corporate practices and strict penalties for breaches are critical. At the same time, responsible companies should be empowered to provide meaningful health insights, ensuring the continued value of genetic data collection while maintaining transparency in data-sharing practices and investing in strong technologies to keep genetic information secure.
Large DNA databases hold tremendous potential to advance medicine, offering statistical power for breakthroughs in linking genetics and disease. Private companies like 23andMe have often outpaced public efforts in scale and speed. However, without consistent regulation and sustainable business models, these advancements risk being overshadowed by privacy breaches and eroding public confidence. With clear, enforceable regulations, the potential sale or acquisition of the 23andme data would be far less perilous, ensuring that the benefits of genomic research are achieved without compromising personal security or trust.
To protect the sensitive genetic data of millions and restore trust in genomic innovation, we must implement clear, enforceable privacy protections. Robust regulations are essential to ensure individuals can confidently contribute to genomic research without fear of misuse or exploitation.
The collapse of 23andMe serves as a stark warning: without these safeguards, we jeopardize not only personal security but also the future of genomic breakthroughs, undermining the very optimism that once propelled this industry forward.
Dov Greenbaum is professor of law at Reichman University and lecturer in biomedical informatics and data science at Yale University. Mark Gerstein is Albert L Williams Professor of Biomedical Informatics and professor of molecular biophysics and biochemistry, of computer science, and of statistics and data science at Yale University.
-
Marco Borriello explains why AC Milan has 'different DNA' ahead of its 125th anniversary: 'It's like a mother'
Milan's anniversary will feature unique commemorative kits meant to evoke the long history of the clubCBS Sports - 3h -
Trump calls for 'immediate ceasefire' in Ukraine
President-elect Trump early Sunday called for an "immediate ceasefire" in the fighting between Ukraine and Russia following the fall of the Assad government in Syria and after a meeting in Paris ...The Hill - 6d -
Trump calls for 'immediate ceasefire' in Ukraine after meeting Zelenskyy in Paris
U.S. President-elect Donald Trump on Sunday called for an immediate ceasefire in Ukraine, shortly after a meeting in Paris with French and Ukrainian leadersABC News - 6d -
DNA samples among new leads in UnitedHealthcare manhunt: What to know
Authorities have collected DNA evidence in their hunt for the suspect in the midtown Manhattan killing of UnitedHealthcare CEO Brian Thompson. The suspect has so far evaded capture, two days ...The Hill - Dec. 6 -
Police test DNA, fingerprints on bottle in search for UnitedHealthcare CEO's killer
Police will test for DNA and fingerprints on a discarded bottle and protein bar wrapper found near the scene where UnitedHealthcare CEO Brian Thompson was fatally shot earlier this week in New York ...The Hill - Dec. 6 -
AWS cuts database prices almost 50% and adds distributed scaling capabilities
AWS has launched new features for DynamoDB, Aurora and MemoryDB cloud databases to help scale distributed workloads and lower costs.VentureBeat - Dec. 5 -
Fed Chair Jerome Powell and Billionaires Jeff Bezos and Ken Griffin Agree: The U.S. Must Grow Its Way Out of Debt
The three heavyweights weighed in on the economy, the debt crisis, and central banking at the 2024 DealBook Summit.Inc. - Dec. 5 -
LPGA says its players must be female at birth or transition before puberty
New policy will come into effect from 2025 USGA also introduces new policy on gender Players must be assigned female at birth or have transitioned to female before going through male puberty to ...The Guardian - Dec. 4 -
German embassy in Seoul says no immediate danger for foreigners
Yahoo News - Dec. 3
More from The Hill
-
Pompeo bucks Trump, calls for Nippon steel deal
The Hill - 55m -
How the 119th Congress can move the needle on US cybersecurity
The Hill - 1h -
Many Americans support some of RFK Jr.'s health agenda: Survey
The Hill - 1h -
Who are the people convicted in Capitol Riot Trump could pardon?
The Hill - 1h -
Social Security retirement age set to change in 2025
The Hill - 1h