Fair take.

Thanks for the link. We may be slightly speaking past each other. On one hand, the link you sent is of course, correct. I had read that before and is not that I did not believe that the GDPR would include it, more so on not fully trusting 23andMe to comply.

What you may be overlooking is that in the real world, possible buyers will have access to data as part of any Due Diligence terms, whether they purchase or not. In a perfect world it should not change things but in practice it can, or does. Apparently, that bit I quoted earlier was a very recent update to their T&Cs, as they are protecting themselves for any future lawsuits. Also, I just do not trust 23andMe to have your best interest at heart and to fully comply with privacy issues at the current time, either due to willful BS or mistake. It might just not be a priority. The whole thing could collapse tomorrow, but they are still full on taking people’s money. Any promise of compliance are just words at this point. I have known enough large companies collapse to see this as no different. GDPR or not. On a privacy concern, is not as if they asked everyone who is blood related for any consent, either.

This was releseased not to long ago, so the USA Feds are not really confident, either:

oag.ca.gov/news/press-releases/attorney-general-bonta-urgently-issues-consumer-alert-23andme-customers

ag.ny.gov/press-release/2025/attorney-general-james-urges-23andme-customers-contact-company-delete

But on paper, I agree that Europeans seem to have sturdier protections. Albeit Americans may have more legal options. Cheers and hope they fully delete your data without any BS.

Safest thing that would actually work is to take out the battery. ;-)

Not on electric cars. LOL

Not sure if it is a joke.

But according to the legalese of some manufacfurers, just being inside the car is a form of you giving consent.

You would have to disable all radios and receivers, GPS, never take your car for maintenance and never connect your car’s systems to anything and never connect your phone or peripherals to it. As your phone will send car data to the manufacturers. Disable or break all cameras. And this is assuming they even respect you opting out. Apparently, most people are so unaware of the data collecting being such a huge thing that some manufacturers do not even really disable what you tell them to disable, or by using the car or an option in the car, you give them permission to enable them again. LOL Point is that you can’t or most people won’t do any of these things and car makers won’t stop until maybe they get sued.

https://www.eff.org/deeplinks/2024/03/how-figure-out-what-your-car-knows-about-you-and-opt-out-sharing-when-you-can

Yup.

https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/

Here is at least one of those reports the other poster touched on

https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/

LOL I told everyone the same. Same on my end, they thought I was being conspirational. As if a company could never one day fail and have to sell their assets. It seemed impossible to them, somehow.

I used to think that part of the reason is that they submitted their samples without thinking and later contemplating how not smart that action was; created some hard cognitive dissonance, making calling me a conspiracy theorist the far easier pill to swallow than admitting a mistake. Since I know of people who did it early on, as they thought they were being cutting edge at the time.

Yeah, I do not want to buy a car either or anything that sells in subscriptions. I am already keeping an eye on models of non-smart TVs for when my current model finally dies. LOL

I am surprised it took this long. But they got hacked 2 years ago, so data on millions of people had already been leaked.

They were surviving on fumes since since they were still dealing with the fallout of that.

Uh… nope. Sorry. They specifically touch on it:

“Commonly owned entities, affiliates and change of ownership: If we are involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your Personal Information may be accessed, sold or transferred as part of that transaction and this Privacy Statement will apply to your Personal Information as transferred to the new entity. We may also disclose Personal Information about you to our corporate affiliates to help operate our services and our affiliates’ services.”

If you request to delete your data as per the GDPR, they will delete some data, but as per their legalese they will not delete all and what is not deleted falls under their Privacy Statement, where you find the above, quoted text. Worth noting that in above the use of may in practice means “will”.

On top of that, once the data is out of the the EU, which they make a point to state numerous times, they rely on the DPF which focuses on how data is used or transfered to outside the EU. So, if a company is already signed to the DPF, then they can totally keep some of your data as well. Or if they transfer it using it the same framework. So the DPF does not help either. The GDPR focuses on common identifying information, off the cuff it does not seem to address the notion of how DNA can literally be used for exactly that, so, legally, as it stands the DNA data is out of scope of the GDPR. Or, at least that is what they seem to be claiming, indirectly.

So yeah, you can delete some data, but with a bunch of asterisks followed by that statement. So, sadly, your argument is not fully correct. They will delete some identifying information. But they seemto keep the most important of the data.

Yeah, I feel like I dodged a bullet. As I knew some family members who thought about it but declined to do it because of the for-profit angle in case the company flopped.

Luckily for us, all family members either saw what OP saw ahead of time, or the few that were curious listened to others and didn’t go through with it. Exactly because of the reason that you stated.

Why would anyone expect anyone to risk getting sued or risk going to jail for that? Fully get want you are saying, though.

The smart thing was to never trust some random upstart company with a cutsie name with the code of our literal DNA. Caveat emptor and all that.

So much wrong can be done if it ends up in the wrong hands in any of a multitude of sectors, from military contractors to insurance companies who could literally up premiums based on DNA profiles and propensity for illnesses. And that latter one would be one of the most docile of outcomes.