23andMe đối diện với một tương lai không chắc chắn — cũng như dữ liệu gen của bạn
Công ty kiểm định DNA và kiểm tra gen 23andMe đang trong tình trạng hỗn loạn sau sự việc xâm phạm dữ liệu vào năm ngoái và sự suy giảm tài chính liên tục. Người khổng lồ từng tiên phong này bây giờ đối mặt với một tương lai không chắc chắn trong nỗ lực để đưa công ty về tư nhân, nâng cao lo ngại về những gì có thể xảy ra với dữ liệu gen của khoảng 15 triệu khách hàng của 23andMe.
Nổi tiếng nhất với các bộ kiểm tra dựa vào nước bọt mà cung cấp cái nhìn về nguồn gốc gen của một người, 23andMe đã chứng kiến giá trị của mình giảm hơn 99% từ đỉnh $6 tỷ từ khi công ty niêm yết công khai vào đầu năm 2021 sau khi không thể thu lợi nhuận.
Sự thiếu hụt lợi nhuận đó được quy cho sự giảm sút về quan tâm của người tiêu dùng đối với các bộ kiểm tra sử dụng một lần của 23andMe và sự phát triển kém cỏi của các dịch vụ đăng ký của công ty. Công ty cũng gặp khó khăn khi một cuộc xâm nhập dữ liệu lớn kéo dài hàng tháng đã thấy kẻ tấn công đánh cắp dữ liệu về nguồn gốc của gần 7 triệu người dùng suốt năm 2023. Công ty đồng ý trong tháng 9 trả $30 triệu để giải quyết một vụ kiện liên quan đến vụ việc.
Ít hơn một tuần sau đó, người sáng lập và CEO của 23andMe Anne Wojcicki nói rằng cô đang “xem xét các đề xuất tiếp quản bởi bên thứ ba” cho công ty. Wojcicki nhanh chóng rút lại tuyên bố đó, thay vào đó nói rằng cô dự định đưa công ty về tư nhân. Nhưng thiệt hại đã xảy ra, và tất cả các thành viên độc lập của hội đồng quản trị của công ty đã từ chức một cách ngay lập tức.
Điều đó để lại dữ liệu gen của hàng triệu người ở đâu?
#23andMe #SựKiệnNgàyHômNay
DNA and genetic testing firm 23andMe is in turmoil following a data breach last year and its ongoing financial decline. The once-pioneering giant now faces an uncertain future amid efforts to take the company private, intensifying concerns about what might happen to the genetic data of 23andMe’s some 15 million customers.
Best known for its saliva-based test kits that offer a glimpse into a person’s genetic ancestry, 23andMe has seen its value plummet more than 99% from its $6 billion peak since going public in early 2021 after failing to turn a profit.
That lack of profit was attributed to waning consumer interest in 23andMe’s use-once test kits and lackluster growth of its subscription services. The company was also floored by a huge months-long data breach that saw hackers steal the ancestry data of almost 7 million users throughout 2023. The company agreed in September to pay $30 million to settle a lawsuit related to the breach.
Less than a week later, 23andMe founder and CEO Anne Wojcicki said she was “considering third-party takeover proposals” for the company. Wojcicki quickly walked back the statement, instead saying she planned to take the company private. But the damage was done, and all of the company’s independent board members resigned with immediate effect.
Where does that leave millions of people’s genetic data?
23andMe bound largely by its own rules
As evidenced by last year’s data breach, which saw hackers steal information such as users’ genetic predisposition and ancestry reports, 23andMe collects a ton of information on its users.
If you’re one of the many millions that have shipped your saliva to 23andMe to learn about your ancestry, you may have assumed that this data will remain private under law, such as the Health Insurance Portability and Accountability Act. HIPAA, as it’s known, sets the standards for protecting sensitive health information from being disclosed without a person’s knowledge or consent.
However, 23andMe is not a company covered under HIPAA. As such, 23andMe is largely bound only by its own privacy policies, which it can change at any time.
Andy Kill, a spokesperson for 23andMe, told TechCrunch that the company believes this is a “more appropriate and transparent model for the data we handle, rather than the HIPAA model employed by the traditional healthcare industry.”
A lack of federal regulation and a cluttered mess of state privacy laws ultimately means that if 23andMe faces a sale, the data of millions of Americans is also on the table. The company’s privacy policy says that its customers’ personal information “may be accessed, sold or transferred” as part of a bankruptcy, merger, acquisition, reorganization, or sale.
The fact that customer data is a saleable asset has also been made clear by Wojcicki, who reportedly told investors that 23andMe will no longer pursue its cost-intensive drug development programs and will instead focus on marketing its vast database of customer data to pharmaceutical companies and researchers.
23andMe maintains that its data privacy policies would not change in the event of a sale. These policies state that the company will never share users’ information with insurance companies, or with law enforcement without a warrant. The latter have increasingly turned to third-party DNA companies for genetic information, but 23andMe has so far resisted all U.S. law enforcement requests for such data, according to its long-running transparency report.
Potential buyers of 23andMe may have entirely different ideas about how to use the company’s potentially valuable trove of DNA data. Privacy advocates at the digital rights group Electronic Frontier Foundation have already urged 23andMe to resist a sale to any company with ties to law enforcement, warning that customers’ genetics data could be used by police to indiscriminately search for evidence of crimes.
“Our own commitment to apply the terms of our privacy policy to the personal information of our customers in the event of a sale or transfer is clear: the 23andMe Terms of Service and Privacy Statement would remain in place unless and until customers are presented with, and agree to, new terms and statements — and only after receiving appropriate notice of any new terms, under applicable data protection laws,” Kill told TechCrunch.
Proactively deleting your account
While 23andMe appears to be resisting a sale to a third-party company for now, Wojcicki’s recanted comments have already sounded alarm bells among privacy advocates, who are urging 23andMe customers to take action now to protect their data from being sold by requesting that 23andMe deletes their data.
Meredith Whittaker, the president of end-to-end encrypted messaging app Signal, said in a post on X: “It’s not just you. If anyone in your family gave their DNA to (23andMe), for all of your sakes, close your/their account now.”
Eva Galperin, the director of cybersecurity at the EFF, also warned users to take action. “If you have a 23andMe account, today is a good day to login and request the deletion of your data,” said Galperin in a post on X.
Requesting the deletion of your data on 23andMe is relatively easy.
Log in to your 23andMe account and navigate to Settings > Account Information > Delete Your Account. 23andMe will prompt you to confirm your decision, warning that deleting your account is permanent and irreversible.
There is an important caveat. As noted in 23andMe’s privacy policy, account deletion is “subject to retention requirements and certain exceptions,” which means the company may hold on to some of your data for an unspecified amount of time.
For example, 23andMe will retain your genetic information, date of birth, and gender “as required for compliance” and will retain limited data related to your deletion request, “including but not limited to, your email address, account deletion request identifier, communications related to inquiries or complaints and legal agreements.”
Similarly, if you’ve already agreed to 23andMe sharing your data for research purposes, you can reverse that consent, but there’s no way for you to delete that information. Kill tells TechCrunch that around 80% of 23andMe customers — roughly 12 million people — consent to participate in its research program.
[ad_2]
