Genetic analysis startup 23andme retains genetic data after account deletion
Taking control of your own genetic information from 23andMe is obviously not that easy.
(Image: nevodka/Shutterstock.com)
The US genetic analysis start-up 23andMe has recently attracted attention due to a series of problems. Last year, cyber criminals stole the data of almost seven million users following a so-called credential stuffing attack and offered it for sale on the darknet. Only recently, a class action lawsuit brought by the victims ended in a settlement, with the affected customers receiving a total of 30 million dollars in compensation. The company's reasoning was that there was no more in it.
As a result, the start-up lost a lot of value. In September, the company parted ways with all board members with the exception of CEO Anne Wojcicki, who announced that she intended to stick to her plans to take 23andMe off the stock exchange.
So there are good reasons why users would like to have their sensitive genetic data removed from the company's hands. However, it turns out that this is not so easy.
Data is not removed from studies
You can delete your account and request the deletion of your genetic data. However, according to Malwarebytes, 23andMe will continue to store some genetic data, along with the user's date of birth and gender, in order to comply with legal obligations, according to the company's privacy policy . Other information that users have provided to 23andMe will not be removed from ongoing or completed studies, although it will not be used for future research.
Videos by heise
This affects around 80 percent of all users. According to the start-up, they had consented to the use of their genetic data for research purposes. Mark Gerstein, a bioinformatician at Yale University in the US, told the New York Times that many people do not realize how extensive a person's genetic information is. Other data that falls into the wrong hands, such as credit card details, can be reapplied for and changed if necessary, but not one's own genome. One of the biggest dangers is that the material can be used to draw conclusions about medical risks, such as susceptibility to mental or physical illnesses. Digital rights activists from the Electronic Frontier Foundation (EFF) have summarized in a blog post how users can protect their data as far as possible.
In Germany, very few, if any, people are likely to be affected by this anyway. The start-up does not even offer its services in this country. Commercial genetic tests, such as those carried out by 23andMe, operate in a legal gray area. According to the German Genetic Diagnostics Act, genetic tests for medical purposes may only be carried out under medical supervision.
(kst)
