How to Remove Your Private Data, Including DNA, from the Bankrupted 23andMe Database

Avatar photoByThe Droid Guy

As of 2025, 23andMe — the once-prominent personal genomics and biotechnology company — is undergoing bankruptcy proceedings following a series of data breaches and financial troubles. This development has raised serious concerns for millions of users who submitted personal and genetic data to the company over the past decade. Many are now seeking ways to remove their private data, including sensitive DNA profiles, from the company’s systems.

This guide explores all currently available methods — legal, procedural, and technical — for removing or limiting your data in 23andMe’s possession.

1. Understand the Scope of Data You May Have Shared

Before initiating any deletion process, you should identify what types of data 23andMe may hold on you. This can include:

  • Raw DNA Data: The digital sequence file created from your saliva sample.
  • Genetic Reports: Health predisposition, ancestry, and trait analyses.
  • Personal Identifiers: Name, birth date, email, address.
  • Survey Responses: If you participated in research.
  • Family Tree and Genetic Matches: If you opted in to these services.

2. Check the Status of Your 23andMe Account

If you still have access to your account:

  • Log in to 23andMe (if operational).
  • Navigate to: Settings > Account > Delete Account.
  • Select Permanently Delete My Account.
  • This will:
    • Delete your profile and personal data.
    • Erase your raw DNA data.
    • Cancel participation in research programs.

Note: As the company is in bankruptcy, website functionality may be inconsistent or inaccessible. If the portal is not functioning, proceed to the methods below.

3. Formally Request Data Deletion Under Privacy Laws

Depending on your jurisdiction, you can leverage data protection laws:

United States: CCPA (California Consumer Privacy Act)

If you’re a California resident, submit a formal data deletion request under CCPA:

  • Email: [email protected]
  • Include:
    • Full name and email used on the account
    • Proof of identity
    • Specific request: “I am requesting the deletion of all personal, genetic, and biometric data under my rights afforded by the CCPA.”

You can also send the request via certified mail to 23andMe’s headquarters (verify current mailing address from public bankruptcy documents).

European Union: GDPR (General Data Protection Regulation)

If you’re in the EU:

  • Send a request under Article 17 (“Right to be Forgotten”).
  • Email: [email protected] or use a GDPR portal if still active.
  • Clearly request deletion of:
    • DNA raw data
    • Health and ancestry reports
    • Account metadata
    • Third-party shared data

Other Regions

Check if your country has laws similar to GDPR or CCPA. Examples include Canada’s PIPEDA, Brazil’s LGPD, or Australia’s Privacy Act.

4. Submit a Claim in the Bankruptcy Proceedings

Since 23andMe is now under bankruptcy:

  • Locate the bankruptcy case (likely filed under U.S. Chapter 11 or Chapter 7).
  • Visit the official court filings page (via PACER or through the trustee’s site).
  • File a claim with the court demanding data deletion and withdrawal of consent for data retention or resale.
    • Mention privacy statutes (CCPA, GDPR) and your desire to “opt-out of data processing, sale, or retention”.
    • This creates a legal paper trail and can prevent your data from being treated as a “saleable asset.”

Bankruptcy trustees often attempt to liquidate intangible assets, including customer data, so this is a vital step.

5. Withdraw Consent for Research Participation

If you consented to research use of your data:

  • You can still revoke consent in writing:
    • Email: [email protected] or [email protected]
    • Statement: “I withdraw my consent for research usage of my genetic and personal data. I request deletion of all associated records.”

Note: Data already used in aggregated research or published studies may not be retractable.

6. Revoke Sharing with Third Parties

23andMe partnered with companies like GlaxoSmithKline and others. You can:

  • Ask 23andMe to revoke third-party sharing agreements associated with your data.
  • Contact known partners (e.g., GSK) and formally request that any shared data be deleted under applicable privacy laws.
  • Use a subject access request to find out what data, if any, they still hold.

7. Delete Data from Downloaded Copies or Shared Platforms

If you’ve downloaded your raw DNA data and uploaded it to services like:

  • GEDmatch
  • MyHeritage
  • Promethease
  • Genetic Genie

You need to delete your data from these platforms separately. Visit each service, log in, and use their respective deletion tools. This step is often overlooked but crucial.

8. Send Certified Letters for a Paper Trail

For maximum legal effect, send a certified letter to:

23andMe, Inc. (or court-appointed trustee)
Attn: Data Privacy Officer
[Latest address from public records]
Subject: Data Deletion Request under [Law]

Include:

  • A clear request to delete all personal, genetic, and biometric data.
  • Your account identifiers.
  • Reference to applicable laws (CCPA, GDPR, etc.).

Keep the receipt for records. This provides proof of your request and legal standing.

9. Monitor Dark Web and Credit Activity

Following breaches at 23andMe, you should:

  • Set up a credit freeze at Equifax, Experian, and TransUnion.
  • Use services like Have I Been Pwned or Mozilla Monitor to check for leaked info.
  • Consider a DNA privacy monitoring tool (e.g., GenomicSecurityWatch) if your DNA has been uploaded to open databases.

10. Join or Track Class Action Lawsuits

Numerous lawsuits have been filed in response to 23andMe’s breaches. These cases may:

  • Result in deletion or protective orders over your data.
  • Lead to compensation for data misuse.

Use legal databases or law firm sites to register your claim or track case progress.

The process of removing your private data, especially DNA data, from 23andMe is complex — made more difficult by the company’s bankruptcy. However, by combining technical steps with legal action and proactive data monitoring, you can assert your privacy rights and minimize long-term risk. It’s crucial to act promptly, especially as bankruptcy proceedings may result in data assets being transferred or sold to other entities.

For ongoing developments, monitor bankruptcy filings and privacy advocacy groups.

Leave a Reply

Your email address will not be published. Required fields are marked *