Clinical laboratories should use this situation as an opportunity to ask questions about their own data privacy approaches
While the drama surrounding 23andMe’s bankruptcy announcement has taken the spotlight—cofounder Anne Wojcicki resigned as CEO so that she can attempt to be the top bidder for the company in bankruptcy court—the more interesting long-term debate for clinical laboratories may be about genetic data privacy.
The 20-year-old direct-to-consumer genetic testing company stated in an investor news release on March 23 that it would enter bankruptcy to get a better handle on operational and financial challenges.
In a post on LinkedIn, Wojcicki wrote, “If I am fortunate enough to secure the company’s assets through the restructuring process, I remain committed to our long-term vision of being a global leader in genetics and establishing genetics as a fundamental part of healthcare ecosystems worldwide.”
Wojcicki also heralded the 15 million people who sent in their samples and became customers. Many of them also agreed to clinical research based on those submissions. “What made so many of our innovations possible were the 85% of our customers who opted in to research,” she wrote.
“I have resigned as CEO of the company so I can be in the best position to pursue the company as an independent bidder,” said Anne Wojcicki (above), cofounder of 23andMe, wrote on LinkedIn. It remains to be seen how 23andMe’s bankruptcy will affect clinical laboratories. (Photo copyright: Wikimedia Commons.)
Customer Data Can Be Sold as an Asset During Bankruptcy
Those samples now find themselves in a murky area involving genetic data privacy. Will a court allow creditors to acquire that data as an asset to satisfy 23andMe’s financial obligations? And will people who gave samples to a company they presumably trusted be happy if that information ends up in other hands?
“Comprehensive data privacy legislation has been enacted across the United States and globally, including the California Consumer Privacy Act of 2018 and the European Union’s General Data Protection Regulation,” the Harvard Law Review noted in a March 2025 story about data assets during bankruptcy. “With this development has come a renewed focus on data privacy in bankruptcy, where a debtor is likely to sell its customer data to pay its debts.”
In fact, California Attorney General Rob Bonta, JD, urged residents in that state to consider the California law’s options in light of the bankruptcy announcement. “I remind Californians to consider invoking their rights and directing 23andMe to delete their data and destroy any samples of genetic material held by the company,” Bonta said in a statement.
The Harvard Law Review noted that federal law allows for the appointment of ombudsmen in bankruptcy cases to protect consumer data, but that approach “has been ineffective at meeting that goal.” There is no word at this early stage whether the 23andMe bankruptcy will involve an ombudsman.
How Did 23andMe End Up in Bankruptcy?
Business models and criminals helped push the once thriving 23andMe to the point of bankruptcy. The company in 2021 had a $6 billion market cap. As of close of business on March 24, 2025, the cap hovered just over $20 million.
One long-term issue: There was often no need for anyone to be a repeat customer of 23andMe once they purchased their initial direct-to-consumer genetic test. “It didn’t really have a continuing business model—once you’d paid for your DNA report, there was very little for you to return for,” the BBC reported on Nov. 2.
Clinical labs are clearly in a better position here, as in addition to one-off genetic tests, they offer many medical assays that need to happen dozens or more times over a patient’s life.
Also, 23andMe had a difficult time gaining momentum for its anonymized DNA database that clinical researchers could use, according to the BBC.
Cybercrime may have also taken its toll. As reported by Dark Daily in “Data Theft at 23andMe Leaks Genetic and Personal Information for Thousands, Targets Ashkenazi Jews and Chinese,” 23andMe suffered a corporate black eye after hackers stole millions of data points from the company’s customer files.
A year later, 23andMe agreed to pay $30 million to settle a lawsuit over the stolen data, Reuters reported. The hack accessed information for 6.9 million customers.
Clinical Laboratories Must Be Wary of Genetic Data Privacy
It’s not hard to imagine clinical laboratories that perform genetic testing finding themselves in a situation similar to 23andMe with genetic data privacy on the line because of a business transaction. Some clinical laboratories do go bankrupt, but a more common occurrence is for a lab to be bought out by a competitor or one of the large national laboratory companies.
Clinical lab leaders may want to ask themselves these questions about genetic data privacy:
- If a lab’s genetic testing information changed owners, would that damage parties’ reputation in the community?
- Is there a triage plan in place to deal with any customers who want their data erased prior to any acquisition or merger?
Watch for in-depth analysis about the implications to clinical labs from the 23andMe bankruptcy in an upcoming issue of The Dark Report. Not a subscriber? Try a 14-day free trial today.
—Scott Wallask