Regeneron has moved to purchase 23andMe for $256 million following a bankruptcy auction that placed the troubled genetic testing firm’s future, and its massive DNA database, up for grabs. The acquisition would hand Regeneron control over 23andMe’s genetic analysis service and a data repository built from 15 million individuals who submitted personal and genetic information over the years.
The pharmaceutical company stated that it sees this information as a tool for accelerating drug development. It also pledged that it would “prioritize the privacy, security, and ethical use of 23andMe’s customer data,” a promise that comes amid mounting concerns over how that information might be handled under new ownership.
But in the age of biometrics, the transfer of such deeply personal data to a new buyer raises significant privacy concerns.
DNA is not like a credit card number, it cannot be changed or reissued if compromised. It holds information about a person’s ancestry, health predispositions, and even familial relationships. The potential for misuse, whether through re-identification, unauthorized sharing, or discriminatory profiling, is enormous.
23andMe filed for bankruptcy in March, just months after a damaging data breach exposed the records of 7 million users. The breach, which unfolded over the course of 2023, deeply eroded trust in the platform and drove consumer demand for its home DNA kits into sharp decline. As its stock price collapsed and public confidence waned, longtime CEO and co-founder Anne Wojcicki stepped down, marking the company’s formal descent into insolvency.
The bankruptcy proceedings placed oversight of the company’s sale in the hands of a federal court, prompting growing unease over the possibility that its vast data archives could be transferred to entities with questionable intentions or inadequate safeguards.
Privacy advocates argue that while Regeneron may assert its commitment to compliance, the sale sets a troubling precedent: that biometric data collected under one set of terms can be inherited, and potentially exploited, by another party entirely.
This is particularly alarming at a time when biometric identifiers are increasingly used in sectors ranging from healthcare to law enforcement. Unlike anonymized survey data, DNA records are inherently identifiable and often shared across families. Even minimal data points can be cross-referenced with public records or genealogy databases to unmask individuals who believed their submissions were private.