Complete Guide: How to Delete Your 23andMe Data 2025 Bankruptcy Edition

Following 23andMe’s bankruptcy filing in 3 months ago, California Attorney General Rob Bonta issued an urgent consumer alert reminding customers of their legal rights and calling on them to consider deleting their genetic data. This guide provides a comprehensive, step-by-step approach to permanently removing your data from 23andMe’s systems.

URGENT: Why You Should Act Now

The Bankruptcy Situation

23andMe has 15 million customers, and following the bankruptcy filing, website traffic surged 526% as users rushed to delete their data. In the event of bankruptcy or sale, user data can be transferred to a new company or sold in bankruptcy proceedings.

Privacy Risks

• Data Transfer: Your genetic information could be sold to third parties
• Security Vulnerabilities: Financial distress may lead to reduced security measures
• Research Consent: Previous research permissions may transfer to new owners
• Family Impact: Your genetic data affects blood relatives’ privacy too

Pre-Deletion Checklist

Before You Delete – Data Compliance Considerations

Download Your Data (Optional)

• Consider downloading your genetic data for personal records
• Export health reports and ancestry information
• Save any research participation certificates
• Privacy Note: Store downloaded data securely and encrypted

Inventory Your Permissions

• Review research participation agreements
• Check data sharing permissions
• Identify any third-party app connections
• Document any family sharing settings

Legal Considerations

• Review your original Terms of Service
• Understand your rights under applicable privacy laws (CCPA, GDPR)
• Consider legal implications if data was used in ongoing research

Step-by-Step Deletion Process

Phase 1: Account Access and Preparation

1. Log into Your 23andMe Account
   • Visit 23andme.com
   • Use your registered email and password
   • Complete any two-factor authentication if enabled
2. Navigate to Account Settings
   • Click on your name/profile in the top right corner
   • Select “Account Settings” from the dropdown menu

Phase 2: Data Download (Recommended)

3. Access Your Data Section
   • Under Settings, scroll to the section titled “23andMe data” and select “View”
   • You may be asked to enter your date of birth for extra security
4. Download Your Information
   • You’ll be asked which personal data you’d like to download (onto a personal, not public, computer)
   • Select all relevant data categories:
     • Raw genetic data
     • Health reports
     • Ancestry information
     • Account information
     • Research participation history

Phase 3: Revoke Permissions and Connections

5. Withdraw from Research Programs
   • Navigate to “Research Consent” section
   • Revoke any permissions you may have given to use your genetic information for research
   • Withdraw from all active research studies
6. Disconnect DNA Relatives
   • Go to: Settings → DNA Relatives → Withdraw Consent
   • This prevents your data from being used in relative matching
7. Revoke Third-Party Integrations
   • Check for any connected apps or services
   • Revoke permissions for all third-party access
   • Remove any API connections

Phase 4: Sample Destruction Request

8. Request Physical Sample Destruction
   • Request that your saliva sample be destroyed
   • This is separate from data deletion
   • Navigate to “Sample Management” or contact customer service
   • Document your request with screenshots

Phase 5: Account and Data Deletion

9. Initiate Data Deletion
   • Scroll to the “Delete Data” section and click “Permanently Delete Data”
   • Scroll to the bottom of the page and click the red button that says “Permanently Delete Data”
10. Confirm Deletion Request
    • You’ll receive an email from 23andMe with the subject line “23andMe Delete Account Request”
    • Open the email and click the button that says “Permanently Delete All Records”
    • You will be taken to a page that says “Your data is being deleted” (You may need to log in again)

Important Deletion Limitations

What Gets Deleted vs. What Remains

DELETED:

• Personal genetic data
• Health reports and interpretations
• Account information and profiles
• Research participation data
• Family connections and sharing

MAY REMAIN:

• Aggregated, anonymized research data
• Data already shared with third parties (before deletion)
• Backup copies during standard retention periods
• Legal compliance records

Compliance Considerations

CCPA Rights (California Residents):

• Right to delete personal information
• Right to opt-out of data sales
• Right to non-discrimination
• Consumer agreements state that U.S. customers have certain rights, including the right to request deletion of their account

GDPR Rights (EU Residents):

• Right to erasure (“right to be forgotten”)
• Right to data portability
• Right to withdraw consent
• Right to object to processing

Timeline and Verification

Expected Processing Times

• Immediate: Account access disabled
• 7-30 days: Data deletion from active systems
• Up to 90 days: Removal from backup systems
• Ongoing: Monitoring for complete removal

Verification Steps

1. Attempt to log in after 24 hours (should fail)
2. Check email for deletion confirmation
3. Monitor credit reports for any unusual activity
4. Document the process with screenshots and emails
5. Follow up if you don’t receive confirmation within 30 days

Post-Deletion Security Measures

Identity Protection

• Credit Monitoring: Sign up for credit monitoring or identity theft protection services
• Digital Footprint: Monitor your digital footprint regularly
• Account Cleanup: Revoke permissions you no longer require and shut down any account you don’t use

Family Considerations

• Inform Relatives: Your genetic data affects family members
• Encourage Deletion: Suggest relatives consider their own data deletion
• Privacy Discussion: Discuss genetic privacy with family members

Customer Support and Escalation

If You Encounter Issues

Primary Contact:

• 23andMe Customer Care: customercare.23andme.com
• Email: customersupport@23andme.com

Escalation Path:

1. Customer Service (first contact)
2. Data Protection Officer (for privacy concerns)
3. Legal Department (for compliance issues)
4. Regulatory Authorities (final escalation)

Regulatory Contacts

• California AG Office: oag.ca.gov (for California residents)
• FTC: consumer.ftc.gov (for federal complaints)
• State Privacy Regulators: Contact your state’s consumer protection office

Legal Framework and Compliance

Some Applicable Privacy Laws

• California Consumer Privacy Act (CCPA)
• California Privacy Rights Act (CPRA)
• General Data Protection Regulation (GDPR) (for EU residents)
• Other State-specific genetic privacy laws

Business Considerations

For businesses reviewing employee data:

• Implement genetic information non-discrimination policies
• Review health insurance implications
• Update privacy training programs
• Assess third-party vendor relationships

Monitoring and Follow-Up

30-Day Review

• Verify deletion confirmation received
• Check for any residual account access
• Monitor for unauthorized data use
• Document completion of process

90-Day Review

• Confirm complete removal from all systems
• Verify no ongoing data processing
• Check credit reports for anomalies
• Review family member privacy status

Annual Review

• Monitor for any data resurrection
• Review privacy law changes
• Update family privacy discussions
• Assess overall digital privacy posture

Additional Privacy Recommendations

Future Genetic Testing

• Research company privacy policies thoroughly
• Consider direct-pay options to avoid insurance complications
• Understand data retention and sharing policies
• Review bankruptcy/acquisition clauses in terms of service

Digital Privacy Hygiene

• Regular privacy audits of all accounts
• Minimal data sharing practices
• Strong authentication methods
• Encrypted storage for sensitive data

Documentation Template

Records to Keep

• Screenshots of deletion process
• Confirmation emails
• Customer service communications
• Regulatory complaint numbers (if applicable)
• Timeline of actions taken

Compliance Documentation

• Date of deletion request
• Confirmation of completion
• Third-party notification records
• Family member communications
• Regulatory correspondence

You Have The Ability To Delete Your Data

23andMe has confirmed that customers still have the ability to delete their data and accounts despite the bankruptcy filing. However, acting quickly is crucial as bankruptcy proceedings could complicate the deletion process or transfer your data to new entities.

This comprehensive approach ensures not only the deletion of your genetic data but also compliance with privacy regulations and protection of your ongoing privacy interests. Remember that genetic privacy affects not just you, but your entire family tree – both current and future generations.

If you want to protect your genetic privacy and don’t believe that the new 23andMe.com owners have your best interest at hand then take action and if you’re a business who needs help with data subject access requests connect with our team today.