23andMe Bankruptcy: What Happens to Your DNA Data?

The collapse of 23andMe, a once-thriving genetic testing company, has sent ripples of unease through its 15 million customers. As the firm navigates bankruptcy proceedings in early 2025, questions swirl about the fate of the sensitive genetic and health data it holds. Federal Trade Commission (FTC) Chairman Andrew Ferguson stepped into the fray on March 31, voicing concerns shared by many Americans about the potential sale or transfer of this deeply personal information.

Ferguson’s letter to the U.S. Trustee overseeing the case didn’t mince words. He highlighted a growing anxiety: what happens when a company that promised to safeguard your DNA can no longer keep that promise? For everyday people who mailed in saliva samples hoping to uncover ancestry or health insights, the stakes feel tangible, even personal. The situation lays bare a tricky intersection of consumer trust, corporate failure, and legal gray areas.

In bankruptcy, a company’s assets get carved up to pay creditors, and consumer data often lands on the chopping block. Courts have long treated personal information like any other property, a practice stretching back to cases like the 2000 Toysmart.com collapse, where customer records nearly went to the highest bidder. With 23andMe, the haul is staggering: genetic profiles, health histories, and more, all potentially up for grabs despite earlier assurances of confidentiality.

Past examples offer a mixed bag of outcomes. When RadioShack filed for bankruptcy in 2015, it tried to sell data on 117 million customers, only to be stopped by FTC pressure and state objections. Today, 23andMe’s case tests whether those lessons hold. Experts warn that as IT teams dissolve and encryption lapses, the risk of leaks or misuse spikes. Consumers, meanwhile, are left scrambling—some deleting accounts, others filing court objections, hoping to claw back control.

The FTC isn’t sitting idle. With a mandate to protect consumers, the agency has a track record of stepping in when companies renege on privacy promises during restructuring. From the Toysmart case to Facebook’s 2014 WhatsApp buyout, the FTC has pushed for buyers to honor existing policies or get explicit consent for changes. In 23andMe’s saga, Ferguson’s letter signals that same vigilance, urging the bankruptcy process to prioritize the 15 million users caught in the lurch.

Legal guardrails exist, too. The 2005 Bankruptcy Code amendments require courts to weigh privacy in data sales, sometimes appointing independent ombudsmen to oversee the process. Yet, gaps persist. State laws—like those in California or Delaware—layer on tougher rules, demanding opt-in consent for handling sensitive data. The clash between federal bankruptcy rules and this patchwork of state protections leaves room for uncertainty, and the FTC’s role becomes a linchpin for accountability.

Consumers aren’t blind to the risks. Surveys show a split: half trust genetic testing firms to secure their DNA, but most balk at loose data-sharing policies. The 2023 breach at 23andMe, exposing over 7 million users’ info, didn’t help. Now, with bankruptcy looming, that trust hangs by a thread. People want the perks—health clues, family trees—but not at the cost of their DNA landing in unknown hands, be it insurers, employers, or hackers.

The stakes are higher with genetic data. Unlike a credit card number, your genome can’t be changed. A breach here could fuel identity theft, medical fraud, or even discrimination, despite laws like the Genetic Information Nondiscrimination Act. State attorneys general have sounded alarms, urging users to delete their data. Yet, the allure of genetic insights keeps drawing customers, even as they demand clearer safeguards.

The U.S. legal landscape offers no easy fix. While Europe’s GDPR sets a gold standard for data rights, America leans on a jumble of state laws—20 and counting by 2025, with eight kicking in this year. Places like Iowa and Delaware now require businesses to get permission before handling genetic info, a nod to rising public pressure. Advocates say this fragmentation costs billions and plead for a national law to streamline it all.

Back at 23andMe, the bankruptcy court will decide what’s next. The FTC’s input might sway the outcome, but the tension remains: balancing creditor payouts against consumer rights. For now, the process chugs along, a real-time test of how well the system can shield something as intimate as your DNA when the company holding it goes under.

The 23andMe bankruptcy isn’t just a corporate footnote; it’s a wake-up call. It forces a hard look at what happens to personal data when promises falter and balance sheets bleed red. The FTC’s stance offers some reassurance, but the bigger picture—rife with legal gaps and shaky trust—leaves plenty unresolved. Consumers are left wondering if their genetic secrets are safe, or if they’re just another asset to be sold off.

For the average person, the takeaway hits close to home. Handing over your DNA for a glimpse at your roots or health might feel worth it, until the company behind the kit crumbles. As lawmakers, regulators, and courts wrestle with these modern messes, one thing’s clear: the rules haven’t caught up to the reality. And until they do, that unease isn’t going anywhere.