TL;DR
- 23andMe filed for bankruptcy in March 2025, raising privacy concerns over its 15 million customers’ genetic data.
- Pharmaceutical firm Regeneron bought 23andMe for $256 million and plans to use DNA data to develop drugs.
- Over 1.9 million users have requested data deletion, according to recent testimony before Congress.
- States are suing 23andMe, claiming it failed to get customer consent before sharing or selling genetic data.
- While users can delete most data and samples via account settings, some information must legally remain on file.
23andMe’s Bankruptcy Triggers Data Privacy Alarm
When personal genomics company 23andMe filed for bankruptcy protection in March, it not only stunned the biotech world but also ignited a wave of public concern about the security of genetic data.
Weeks later, biotech giant Regeneron swooped in to purchase the company in a bankruptcy auction for $256 million, raising additional eyebrows when it stated its intent to use 23andMe’s genetic data to aid drug development.
While Regeneron has publicly stated it will maintain existing privacy commitments, many customers and lawmakers remain wary. The company’s previous promises, after all, were made under entirely different leadership—and legal circumstances.
Growing Concern Over Genetic Data Access
The concern is not unfounded. At a House Oversight Committee hearing, interim CEO Joseph Selsavage testified that 1.9 million users—roughly 15% of the company’s customer base—have already requested data deletions.
Simultaneously, over two dozen U.S. states have sued 23andMe, arguing the company violated data protection laws by failing to obtain explicit consent before selling or sharing user data. Their core argument: DNA information is uniquely sensitive and must be handled with rigorous consent protocols.
The Data
| Metric | Source |
| 23andMe Customers: 15M | House Oversight Testimony |
| Data Deletion Requests: 1.9M (15%) | Congressional Hearing Transcript |
| Regeneron Acquisition: $256M | Regeneron Press Release |
| Number of States Suing 23andMe: 24+ | State AG Legal Filings |
| Acquisition Announcement Date: May 2025 | TechCrunch |
How to Permanently Delete Your 23andMe Data
If you are one of the 15 million people who’ve submitted their DNA to 23andMe and now want to protect your privacy, here are the steps to permanently delete your data:
- Log in to your 23andMe account.
- Navigate to Settings.
- Scroll down to the section labeled 23andMe Data.
- Click View and locate the Delete Data section.
- Select Permanently Delete Data.
- You’ll receive a confirmation email with a link—click it to finalize the request.
⚠️ Optional: Before deletion, you can download your genetic data for personal records.
Important: What Deletion Actually Means
Even if you complete the deletion process, it’s important to understand what will remain:
According to 23andMe’s privacy policy, certain elements like your Genetic Information, date of birth, and sex may be retained for legal compliance. Additionally, information such as your:
- Email address
- Deletion request identifier
- Legal agreements
- Customer service communications
…may be stored “for a limited period” to comply with laws and audit or legal defense purposes.
So, while most user-submitted data and samples can be deleted, full deletion isn’t guaranteed.
Revoke Permission for Sample and Research Use
If you’ve previously allowed 23andMe to store your saliva sample or use your data for research, here’s how to revoke those consents:
- Log in and navigate to Account Settings.
- Under Preferences, look for options related to sample storage.
- Navigate to the Research and Product Consents section.
- Use the interface to withdraw consent from all research-based uses.
However, note that withdrawing consent does not erase data that was already shared with research partners. It only prevents future sharing or participation.
The Interconnected Risk: Talk to Your Family
Genetic data doesn’t exist in isolation. If you’ve taken steps to delete your data, you should encourage family members to do the same. Shared DNA means their test results can infer information about you, even if you’ve opted out.
This is especially important if your relatives have agreed to research participation or left their test samples active. Likewise, inform close friends who may have submitted data so they can also review and update their settings.
A Case Study in Consent and Corporate Ethics
The 23andMe situation offers a powerful lesson in how quickly a company’s data handling promise can be challenged by ownership changes. When consumers initially provided their DNA, they did so under the belief that it would be used responsibly.
Now, the sale to Regeneron raises new questions—especially since the pharmaceutical company has a strong incentive to mine the genetic data for drug research.
Although Regeneron has pledged to respect past user agreements, the lawsuits and congressional scrutiny underscore a broader message: customer consent must be continuous, clear, and enforceable, particularly when dealing with DNA.
Protecting Your Genetic Legacy
As lawmakers and courts weigh in, 23andMe users still have tools to reclaim some control. These include:
- Deleting stored data and test samples
- Revoking research permissions
- Communicating with family to ensure full opt-out coverage
That said, until there’s federal legislation governing genetic data, your privacy ultimately depends on your vigilance—and the ethics of the company holding your DNA.
Final Thoughts
The collapse and acquisition of 23andMe is a defining moment in consumer biotechnology and digital privacy. It shows how easily sensitive genetic data can shift hands during corporate restructuring, often without customer control.Until stronger privacy laws are enacted, it’s on users to act decisively. Whether you’re seeking deletion, revoking consent, or just staying informed, your proactive steps now could shape how your genetic identity is used in the years ahead.
