carimura
7 hours ago
I've been dealing with their support trying to delete my data. Here's the latest response [1]. The way I read it, they won't delete your genetic data, and it sure seems personally identifiable to me. Am I reading this wrong?
[1] This is a follow-up from the 23andMe Team. Your
inquiry has been escalated to me for review. To clarify,
once you confirm your request to delete your account, we
will delete your data from our systems within 30 days,
unless we are required by law or regulation to
maintain data for a given timeframe.
For example, your Genetic Information, date of birth, and
sex will be retained by 23andMe and our third party
genotyping laboratory as required for compliance with
applicable legal obligations, including the U.S. Federal
Clinical Laboratory Improvement Amendments of 1988
(CLIA), California Business and Professional Code
Section 1265, and College of American Pathologists
accreditation requirements.
It is important to understand that the information stored
is distinct from the raw genotype data available within
your account. The raw data we receive from the lab
has not been processed by our interpretation software
to produce your individual-level genotype data (in
your account).
You can read more about our retention requirements in the
retention of personal information section of our Privacy
Statement.
drdaeman
6 hours ago
As I get it, it's a federal requirement for a lab to keep genetic data for a while with no way for the specimen to do anything about it.
So, it's a CDC thing, not exactly 23AndMe fault. Save for the fact that 23AndMe advertised it's easy to delete data on their front page, but with the small print somewhere out there that you can't really delete the actual data. To be entirely fair, it was there somewhere (I think in their help center in some article about data deletion process) when I went to check out their privacy policies - because that's how I learned about it and reconsidered buying a test, but I guess most people don't read the small print until the deed is done.
My understanding is that they will delete your data on their side (leaving only a few things like payment receipts), but the lab won't because they legally can't.
carimura
6 minutes ago
Assuming for a second these federal requirements cited are a) valid, and b) for a good reason, it still says right there in the response that it's not just the lab, sadly.
For example, your Genetic Information, date of birth, and
sex will be retained by 23andMe
cypherpunks01
7 hours ago
I got an identical email, after asking numerous times for them to tell me when all information will be deleted, i.e. when do the compliance requirements expire for my specific account?
They certainly don't seem interested in answering this question, no matter how many ways I phrase it. So much for "you are in control of your data", I guess it was all BS as some people predicted.
carimura
4 minutes ago
Ya I asked that also, as well as "is the information you are retaining personally identifiable to me?" but sadly I think I know the answer to that one....
no response yet. I'm sure the privacy department is busy.
mikrl
6 hours ago
> For example, your Genetic Information, date of birth, and sex will be retained
Quite possibly the most terrifying thing I’ve read recently.
carimura
2 minutes ago
it's ridiculous. unless I'm missing something, they basically have this entire fluff piece of a privacy policy, data control, deletion, etc, and then just keep your genetic info after deletion for sale to the highest bidder / nation state.
csl
6 hours ago
The way I read it, and I may be wrong, is that they will retain the _interpreted_ results, but now the raw and complete data.
carimura
a minute ago
i'll ask...
10u152
7 hours ago
So they'll happily delete everything unless it has value to them. Charming.
psunavy03
6 hours ago
It literally says they have legal obligations to retain data and cite the exact laws that require them to. Did you even read the post you replied to?
10u152
4 hours ago
I did read it. The response is we will delete unless… and it lists a bunch of possibly applicable laws.
Based on the vagueness of the response (which law in particular, what are the details etc) I’d argue they won’t delete anything ever and claim that they thought they might run afoul of some law.