FTC Says 23andMe Purchaser Must Uphold Existing Privacy Policy For Data Handling (therecord.media)
(Tuesday April 01, 2025 @05:30PM (BeauHD)
from the rest-assured dept.)
The FTC has warned that any buyer of 23andMe [1]must honor the company's current privacy policy , which ensures consumers retain control over their genetic data and can delete it at will. FTC Chair Andrew Ferguson [2]emphasized that such promises must be upheld, given the uniquely sensitive and immutable nature of genetic information. The Record reports:
> The [3]letter , sent to the DOJ's United States Trustee Program, highlights several assurances 23andMe makes in its privacy policy, including that users are in control of their data and can determine how and for what purposes it is used. The company also gives users the ability to delete their data at will, the letter says, arguing that 23andMe has made "direct representations" to consumers about how it uses, shares and safeguards their personal information, including in the case of bankruptcy.
>
> Pointing to statements that the company's leadership has made asserting that user data should be considered an asset, Ferguson highlighted that 23andMe's privacy statement tells users it does not share their data with insurers, employers, public databases or law enforcement without a court order, search warrant or subpoena. It also promises consumers that it only shares their personal data in cases where it is needed to provide services, Ferguson added. The genetic testing and ancestry company is explicit that its data protection guidelines apply to new entities it may be sold or transferred to, Ferguson said.
[1] https://therecord.media/ftc-23andme-purchaser-data-privacy
[2] https://www.ftc.gov/news-events/news/press-releases/2025/03/federal-trade-commission-chairman-andrew-n-ferguson-issues-letter-23andme-bankruptcy-impact?utm_source=govdelivery
[3] https://www.documentcloud.org/documents/25874437-23andme-letter-ferguson/
> The [3]letter , sent to the DOJ's United States Trustee Program, highlights several assurances 23andMe makes in its privacy policy, including that users are in control of their data and can determine how and for what purposes it is used. The company also gives users the ability to delete their data at will, the letter says, arguing that 23andMe has made "direct representations" to consumers about how it uses, shares and safeguards their personal information, including in the case of bankruptcy.
>
> Pointing to statements that the company's leadership has made asserting that user data should be considered an asset, Ferguson highlighted that 23andMe's privacy statement tells users it does not share their data with insurers, employers, public databases or law enforcement without a court order, search warrant or subpoena. It also promises consumers that it only shares their personal data in cases where it is needed to provide services, Ferguson added. The genetic testing and ancestry company is explicit that its data protection guidelines apply to new entities it may be sold or transferred to, Ferguson said.
[1] https://therecord.media/ftc-23andme-purchaser-data-privacy
[2] https://www.ftc.gov/news-events/news/press-releases/2025/03/federal-trade-commission-chairman-andrew-n-ferguson-issues-letter-23andme-bankruptcy-impact?utm_source=govdelivery
[3] https://www.documentcloud.org/documents/25874437-23andme-letter-ferguson/