Slashdot: FTC Says 23andMe Purchaser Must Uphold Existing Privacy Policy For Data Handling

Apr 1, 2025

—

Source URL: https://yro.slashdot.org/story/25/04/01/2023246/ftc-says-23andme-purchaser-must-uphold-existing-privacy-policy-for-data-handling
Source: Slashdot
Title: FTC Says 23andMe Purchaser Must Uphold Existing Privacy Policy For Data Handling

Feedly Summary:

AI Summary and Description: Yes

Summary: The FTC has issued a warning to prospective buyers of 23andMe, mandating compliance with the company’s privacy policy, which allows consumers to control and delete their genetic data. This underscores the critical nature of genetic information and the legal obligations tied to data privacy commitments.

Detailed Description: The Federal Trade Commission (FTC) has taken a firm stance regarding the handling of genetic data by 23andMe, a company specializing in genetic testing and ancestry services. Here are the significant points outlined in the FTC’s warning:

– **Privacy Policy Compliance**: Any buyer of 23andMe is required to honor the existing privacy commitments made to consumers, which emphasize the control individuals have over their genetic data.
– **Control Over Data**: The policy allows users to delete their genetic information at will, underscoring the imperative that consumers maintain control over their sensitive data.
– **Nature of Genetic Information**: FTC Chair Andrew Ferguson highlighted the unique, immutable attributes of genetic information, reinforcing its sensitivity and the need for diligent protection.
– **Consumer Assurances**: The letter sent to the DOJ details various assurances provided by 23andMe regarding data usage, sharing, and protection, emphasizing that the company has made direct representations about these practices.
– **Limitations on Data Sharing**: 23andMe has stated it will not share personal data with insurers, employers, public databases, or law enforcement without legal justification, like a court order.
– **Data Protection for New Entities**: The company’s data protection guidelines will also apply to any new entities that may acquire or take over the company, ensuring continued consumer protections.

This situation highlights the intersection of privacy laws and consumer rights, particularly in the sensitive realm of genetic data. For professionals in security and compliance, the implications include the need for rigorous adherence to privacy policies during mergers and acquisitions, and ensuring that sensitive personal data remains protected regardless of corporate changes. The FTC’s position serves as a reminder of the legal responsibilities that come with handling personal and sensitive information.

01 1 2 23andMe 24 3 4 5 a acquisition acquisitions Act AI air and app art as assurance attribute AWS by C CI CIA co commit compliance consumer consumer protection consumer protections consumer rights control core critical D data Data Handling data privacy Data Protection data sharing data usage database databases de DOJ DoT dual e enforcement Federal Trade Commission for FTC g Gen genetic data Go guidelines H high Highlight http HTTPS immutable implications in information inter J Just k l law Law Enforcement led Legal legal obligations Li limitations lm low man merger mergers mergers and acquisitions mission N no o of on ory out over personal data point policies policy pre privacy privacy commitments privacy law privacy laws privacy policies privacy policy professionals protection public public data Q R rate RCE real red representation right Ro RoT s s Position sec security security and compliance sensitive data sensitive information sensitive personal data sensitivity service services SHA sharing Sig source state T Tails test Testing the to Tor TP trade UI under up US usage use user Users V Wi x