This was just waiting to happen tbh
this post was submitted on 24 Mar 2025
354 points (99.7% liked)
Privacy
36493 readers
438 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
I’ve been telling people since this dna testing started that sooner or later that data will be for sale, an insurance company will buy it, and then get used against people to increase their health insurance rates or deny claims.
But I’m a crazy conspiracy theorist according to everyone ;)
Same reason I don’t want to buy a new car anymore…
Same reason I don’t want to buy a new car anymore…
Because of the "driving behavior" data that gets sent out via secret cell connections and bought by insurance companies?
Yup. Go ahead and try turning that cell phone radio thing off. Why do you need an app for remote start? Why can’t it be on the keyfob anymore? But again, nothing to see here - just the continued enshittification of everything.
I just pulled the fuse. Problem solved. Phone start doesn't work but never used it.
load more comments
(1 replies)
What! What cars have this???
Yes, unfortunately. I dunno if it's a global thing or just in the US, but several years ago, they started sending your car's computer data to insurance companies, who then use it to determine how well you drive and what insurance rates they want to give you.
It's really scummy.
Here is at least one of those reports the other poster touched on
All cars for awhile. Mozilla released a privacy report a year or two ago and it seems nobody cared. Which is why they can do this stuff.
Even if a relative has shared their DNA, it can be used to make some fairly safe assumptions about yours.
My car's computer doesn't transmit. It doesn't log anything more than engine fault codes. That's how I like it.
Find me a car produced in 2024 or later which does this
2024 Suzuki Swift.
You even need to dial in the date and time manually because there's no GPS either.
https://www.manualslib.com/manual/3476295/Suzuki-Swift-2024.html?page=548#manual
LOL I told everyone the same. Same on my end, they thought I was being conspirational. As if a company could never one day fail and have to sell their assets. It seemed impossible to them, somehow.
I used to think that part of the reason is that they submitted their samples without thinking and later contemplating how not smart that action was; created some hard cognitive dissonance, making calling me a conspiracy theorist the far easier pill to swallow than admitting a mistake. Since I know of people who did it early on, as they thought they were being cutting edge at the time.
Yeah, I do not want to buy a car either or anything that sells in subscriptions. I am already keeping an eye on models of non-smart TVs for when my current model finally dies. LOL
I am surprised it took this long. But they got hacked 2 years ago, so data on millions of people had already been leaked.
They were surviving on fumes since since they were still dealing with the fallout of that.
I knew the whole idea of letting a company get your genetic fingerprint was a bad idea from the start. Being curious about my ancestry wasn't worth it.
That’s great but all it takes is some of your blood relatives to submit their genetic data and they can calculate your genetics to a degree that is accurate enough.
So... Orgies for privacy? :D
load more comments
(1 replies)
Not just yours, but your family 's DNA. You are not much different from your siblings and parents. I was pissed when my brother told me he did one of those stupid DNA tests.
load more comments
(1 replies)
Yeah, I feel like I dodged a bullet. As I knew some family members who thought about it but declined to do it because of the for-profit angle in case the company flopped.
This is the perfect example of why privacy matters. No matter how much you trust a parent company one day when the investors come knocking they are legally obligated to liquidate all assets to the highest bidder. Today its 23andme tomorrow it could be discord, google, amazon, Facebook or any other tech company.
In case people only saw the headline....
The sale is because a breach already happened: "hackers obtained personal data of about seven million of its customers in October 2023".
They cannot afford the lawsuits.
Hmm.
One of the notable issues is that this process also won’t delete all of your data — according to 23andMe’s privacy disclosure, your genetic information, date of birth, and sex will be retained for an undisclosed amount of time to comply with the company’s legal obligations,
A merger or liquidation is not a valid purpose to store personal, and especially Art. 9, data, as covered by the legal basis of legal obligations, according to GDPR. So, if you are in Europe, they would have to delete it.
Uh... nope. Sorry. They specifically touch on it:
"Commonly owned entities, affiliates and change of ownership: If we are involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your Personal Information may be accessed, sold or transferred as part of that transaction and this Privacy Statement will apply to your Personal Information as transferred to the new entity. We may also disclose Personal Information about you to our corporate affiliates to help operate our services and our affiliates’ services."
If you request to delete your data as per the GDPR, they will delete some data, but as per their legalese they will not delete all and what is not deleted falls under their Privacy Statement, where you find the above, quoted text. Worth noting that in above the use of may in practice means "will".
On top of that, once the data is out of the the EU, which they make a point to state numerous times, they rely on the DPF which focuses on how data is used or transfered to outside the EU. So, if a company is already signed to the DPF, then they can totally keep some of your data as well. Or if they transfer it using it the same framework. So the DPF does not help either. The GDPR focuses on common identifying information, off the cuff it does not seem to address the notion of how DNA can literally be used for exactly that, so, legally, as it stands the DNA data is out of scope of the GDPR. Or, at least that is what they seem to be claiming, indirectly.
So yeah, you can delete some data, but with a bunch of asterisks followed by that statement. So, sadly, your argument is not fully correct. They will delete some identifying information. But they seemto keep the most important of the data.
What I meant is that "this Privacy Statement will apply to your Personal Information as transferred to the new entity", so by itself the sale of assets is not a reason to exclude any data from anything stated there.
I am deleting my account as soon as I get transferred all the data, but what happens when I request the deletion is still valid whether or not they sold the assets.
And genetic data of any kind is absolutely covered by GDPR: https://gdpr-info.eu/recitals/no-34/
Thanks for the link. We may be slightly speaking past each other. On one hand, the link you sent is of course, correct. I had read that before and is not that I did not believe that the GDPR would include it, more so on not fully trusting 23andMe to comply.
What you may be overlooking is that in the real world, possible buyers will have access to data as part of any Due Diligence terms, whether they purchase or not. In a perfect world it should not change things but in practice it can, or does. Apparently, that bit I quoted earlier was a very recent update to their T&Cs, as they are protecting themselves for any future lawsuits. Also, I just do not trust 23andMe to have your best interest at heart and to fully comply with privacy issues at the current time, either due to willful BS or mistake. It might just not be a priority. The whole thing could collapse tomorrow, but they are still full on taking people's money. Any promise of compliance are just words at this point. I have known enough large companies collapse to see this as no different. GDPR or not. On a privacy concern, is not as if they asked everyone who is blood related for any consent, either.
This was releseased not to long ago, so the USA Feds are not really confident, either:
oag.ca.gov/news/press-releases/attorney-general-bonta-urgently-issues-consumer-alert-23andme-customers
ag.ny.gov/press-release/2025/attorney-general-james-urges-23andme-customers-contact-company-delete
But on paper, I agree that Europeans seem to have sturdier protections. Albeit Americans may have more legal options. Cheers and hope they fully delete your data without any BS.
load more comments
(2 replies)
How to remove your data from 23andMe
I wish I could. I have been trying to get my account back for months.
I hate this understatement so fucking much. No, those 15 million are just the people that directly gave their dna to 23 & me.
In reality, you only need to sample the genetic data for a small sample of the population to get the genetic information for the majority of the population. These people have relatives, and 23 & me has their data, too. They have most of ours.
Saying it just affects those 15 million is such an abysmal misunderstanding of genetics.
That's what pisses me off. I'd never give my data willing, but it's unwillingly given through any relatives that did do this.
load more comments
(1 replies)
What a pile of fuck, not a decent person at that company to deep-six the data before they left
Why would anyone expect anyone to risk getting sued or risk going to jail for that? Fully get want you are saying, though.
The smart thing was to never trust some random upstart company with a cutsie name with the code of our literal DNA. Caveat emptor and all that.
So much wrong can be done if it ends up in the wrong hands in any of a multitude of sectors, from military contractors to insurance companies who could literally up premiums based on DNA profiles and propensity for illnesses. And that latter one would be one of the most docile of outcomes.
but when it happens on the dark web it's so incredibly illegal, but when a company does it...
You can remove the data yourself but you need to log in with biometrics. A retinal scan, a face recognition scan and a fingerprint. /s
Does whoever purchase the company's assets have full rights to the DNA data though? Wouldn't there be some kind of restriction for that kind of thing?
I'm going to buy it all and work on my super human...
view more: next ›