" [1]Nearly 2 million people protected their privacy by deleting their DNA from 23andMe after it declared bankruptcy in March," [2]writes a Washington Post technology columnist .

"Now it's back with the same person in charge — and I still don't trust it."

> As of this week, genetic data from the more than 10 million remaining 23andMe customers has been formally [3]sold to an organization called [4]TTAM Research Institute for $305 million. That nonprofit is run by the person who co-founded and ran 23andMe, Anne Wojcicki. In a recent email to customers, the new 23andMe said it "will be operating with the same employees and privacy protocols that have protected your data." Never mind that Wojcicki and her privacy protocols are what put your DNA at risk in the first place...

>

> The company is legally obligated to maintain and honor 23andMe's existing privacy policies, user consents and data protection measures. And as part of a [5]settlement with states , TTAM also agreed to provide annual privacy reports to state regulators and set up a privacy board. But it hasn't agreed to take the fundamental step of asking for permission to acquire existing customers' genetic information. And it's leaving the door open to selling people's genes to the highest bidder again in the future...

>

> Existing 23andMe customers have the right to delete their data or opt out of TTAM's research. But the new company is not asking for opt-in permission before it takes ownership of customers' DNA... Why does that matter? Because people who handed over the DNA 15 years ago, often to learn about their genetic ancestry, never imagined it might be used in this way now. Asking for new permission might significantly shrink the size (and value) of 23andMe's DNA database — but it would be the right thing to do given the [6]rocky history . Neil M. Richards [the Washington University professor who served as privacy ombudsman for the bankruptcy court], pointed out that about a third of 23andMe customers haven't logged in for at least three years, so they may have no idea what is going on. Some 23andMe users never even clicked "agree" on a legal agreement that allowed their data to be sold like this; the word "bankruptcy" wasn't added to the company's privacy policy until 2022. And then there is an unknown number of deceased users who most certainly can't consent, but whose DNA still has an impact on their living genetic relatives...

>

> [S]everal states have argued that their existing genetic privacy laws don't allow 23andMe to receive the information without getting permission from every single person. Virginia has an ongoing lawsuit over the issue, and the California attorney general's office told me it "will continue to fight to protect and vindicate the rights" of consumers....

Two more points of concern:

"There is nothing in 23andMe's bankruptcy agreement or privacy statement to prevent TTAM from selling or transferring DNA to some other organization in the future."

The article also notes [7]a 2023 data breach affecting 6.9 million users , arguing "They haven't shown they can keep your data safe... 23andMe's financial struggles could make it hard to run a robust cybersecurity program."



[1] https://science.slashdot.org/story/25/06/11/214242/23andme-says-15-of-customers-asked-to-delete-their-genetic-data-since-bankruptcy

[2] https://www.msn.com/en-us/money/companies/23andme-is-out-of-bankruptcy-you-should-still-delete-your-dna/ar-AA1ILWfK

[3] https://www.npr.org/2025/06/30/nx-s1-5451398/23andme-sale-approved-dna-data

[4] https://ttamresearchinstitute.org/

[5] https://www.washingtonpost.com/business/2025/06/10/23andme-genetic-dna-privacy-bankruptcy/

[6] https://css.washingtonpost.com/technology/2025/03/25/23andme-collapse-dna-data/

[7] https://it.slashdot.org/story/23/12/04/1911229/23andme-confirms-hackers-stole-ancestry-data-on-69-million-users