Privacy Advocates Urge 23andMe Customers to Delete Their Data. But Can They? (sfgate.com)
- Reference: 0175246709
- News link: https://yro.slashdot.org/story/24/10/14/0133220/privacy-advocates-urge-23andme-customers-to-delete-their-data-but-can-they
- Source link: https://www.sfgate.com/tech/article/california-dna-delete-23andme-bankruptcy-19830420.php
But can you actually do that?
> 23andMe makes it easy to feel like you've protected your genetic footprint. In their account settings, customers can download versions of their data to a computer and choose to delete the data attached to their 23andMe profile. An email then arrives with a big pink button: "Permanently Delete All Records." Doing so, it promises, will "terminate your relationship with 23andMe and irreversibly delete your account and Personal Information."
>
> But there's another clause in the email that conflicts with that "terminate" promise. It says 23andMe and whichever contracted genotyping laboratory worked on a customer's samples will still hold on to the customer's sex, date of birth and genetic information, even after they're "deleted." The reason? The company cites "legal obligations," including federal laboratory regulations and California lab rules. The [5]federal program , which sets quality standards for laboratories, requires that labs hold on to patient test records for at least two years; the California [6]rule , part of the state's Business and Professions Code, requires three. When SFGATE asked 23andMe vice president of communications Katie Watson about the retention mandates, she said 23andMe does delete the genetic data after the three-year period, where applicable...
>
> Before it's finally deleted, the data remains 23andMe property and is held under the same rules as the company's privacy policy, Watson added. If that policy changes, customers are supposed to be informed and asked for their consent. In the meantime, a hack is unfortunately always possible. Another 23andMe spokesperson, Andy Kill, told SFGATE that [CEO Anne] Wojcicki is "committed to customers' privacy and pledges to retain the current privacy policy in force for the foreseeable future, including after the acquisition she is currently pursuing."
An Electronic Frontier Foundation privacy lawyer tells SFGate there's no information more personal than your DNA. "It is like a Social Security number, it can't be changed. But it's not just a piece of paper, it's kind of you."
He urged 23andMe to leave customers' data out of any acquisition deals, and promise customers they'd avoid takeover attempts from companies with bad security — or with ties to law enforcement.
[1] https://x.com/mer__edith/status/1842133914585817536
[2] https://x.com/evacide/status/1841916600196464667
[3] https://www.eff.org/deeplinks/2023/10/what-do-if-youre-concerned-about-23andme-breach
[4] https://www.sfgate.com/tech/article/california-dna-delete-23andme-bankruptcy-19830420.php
[5] https://www.ecfr.gov/current/title-42/chapter-IV/subchapter-G/part-493
[6] https://codes.findlaw.com/ca/business-and-professions-code/bpc-sect-1265/
Not a chance (Score:3)
That data is worth tens of millions of dollars and there are virtually no laws to protect you. If you're lucky it'll get sold to a data broker and only occasionally used against you.
That data is (Score:2)
Literally their only asset with any value. Give it up? It’s not gonna happen.
This is like demanding that google or zuckerberg give up the extensive file they have on you that’s stuffed with info on every piece of the internet you’ve ever touched. That’s how they make their money. They would go out of business before giving up that data, because without that data, they’re out of business anyways.
DNA can be edited (Score:2)
Leave it on their and edit your DNA with CRISPR.
All your DNA are belong to US! (Score:2)
you signed away your rights when ticking that checkbox and pushing the 'Agree' button.
No information more personal? (Score:2)
> An Electronic Frontier Foundation privacy lawyer tells SFGate there's no information more personal than your DNA
The EFF is often right, but they're wrong here. You leave DNA everywhere -- on the surfaces you touch and even billowing behind you in the wind like a cloud. To call that information personal is like saying the imprint on the bottom of your shoe is personal: it's totally at odds with the base facts in physical reality.
To be sure, maybe it would be nice to say otherwise -- that one's genome is supe
Re: (Score:2)
Perhaps this is being pedantic, but saying something is personal does not necessarily equate to saying that something is private. The two concepts are frequently linked, but, as you point out in this case, they don't have to be.
Unless you have an identical twin (or triplet, ...), your genome is unique, and something that is unique to you could be considered personal. Even if you have an identical sibling, there are some (relatively) small number of mutations that make you different from your sibling. Sim
This is Why (Score:2)
This is exactly why I never sent my DNA to any one of these companies in the first place.
law enforcement... (Score:2)
"He urged 23andMe to leave customers' data out of any acquisition deals, and promise customers they'd avoid takeover attempts from companies with bad security — or with ties to law enforcement."
Every DNS company is in a supplier relationship with law enforcement, (What'st he plural of law enforcement?)
Slimy (Score:4, Insightful)
The company cites "legal obligations," including federal laboratory regulations and California lab rules.
This was clearly intended for medical lab data, not recreational testing. Calling their customers "patients" in this context is dubious.