Companies rising and falling is nothing new – especially in tech. But 23andMe is different.
“It’s worrying because of the sensitivity of the data,” says Carissa Veliz, author of Privacy is Power.
And that is not just for the individuals who have used the firm.
“If you gave your data to 23andMe, you also gave the genetic data of your parents, your siblings, your children, and even distant kin who did not consent to that,” she told the BBC.
David Stillwell, professor of computational social science at Cambridge Judge Business School, agrees the stakes are high.
“DNA data is different. If your bank account details are hacked, it will be disruptive but you can get a new bank account,” he explained.
“If your (non-identical) sibling has used it, they share 50% of your DNA, so their data can still be used to make health predictions about you.”
The company is adamant these kinds of concerns are without foundation.
“Any company that handles consumer information, including the type of data we collect, there are applicable data protections set out in law required to be followed as part of any future ownership change,” it said in its statement.
“The 23andMe terms of service and privacy statement would remain in place unless and until customers are presented with, and agree to, new terms and statements.”
There are also legal protections which apply in the UK under its version of the data protection law, GDPR, whether the firm goes bust or changes hands.
Even so, all companies can be hacked – as 23andMe was 12 months ago.
And Carissa Veliz remains uneasy – and says ultimately a much robust approach is needed if we want to keep our most personal information safe.
“The terms and conditions of these companies are typically incredibly inclusive; when you give out your personal data to them, you allow them to do pretty much anything they want with it,” she said.
“Until we ban the trade in personal data, we are not well protected enough.”
Additional reporting by Tom Gerken