Regeneron, a pharmaceutical giant, is gaining access to one of the largest consumer genetic bases through the bankruptcy sale of 23andMe. Regeneron will gain control of more than 15 million users’ DNA information.
J.B. BRANCH; [email protected]
Branch is the Big Tech Accountability Advocate for Congress Watch at Public Citizen.
In a press release, Branch stated: “This is a genetic data fire sale. It should set off alarm bells for anyone who’s ever spit in a tube and sent their DNA off to Silicon Valley. One of the largest personal DNA databases on Earth is being sold off in bankruptcy court, and Americans have virtually no control over how their most sensitive health information will be used, stored, or exploited going forward… [Your] genetic data is being treated like a disposable business asset. It’s unethical and dangerous.”
Branch told the Institute for Public Accuracy: “When a company goes through bankruptcy, it’s common for them to sell off assets. We’re used to that, so the media isn’t reporting on this in an alarming fashion. But this [situation] is completely unusual and inappropriate, because the asset that is being commodified is people’s DNA. It’s common for patient health files to switch hands, but not people’s DNA.
“The problem is not just what the data will be used for, but also that this was allowed to happen at all. The problem is that companies can buy and trade this data around like an asset. What if Regeneron collapses, or they get bought out by Amazon? The most likely outcome is that people’s DNA is being wholesale traded when these companies get bought out or file for bankruptcy. Absent federal regulation, ideally, the bankruptcy judge should not have included this database as a tradeable, commodified asset. 23andMe should permanently delete this data, because this is not what those customers signed up for––for Regeneron to permanently own their DNA.
“The U.S. has notoriously bad data laws. The more sensitive things are, the less protected they are. The Health Insurance Portability and Accountability Act (HIPAA) was written in the nineties, but a lot has happened since then, including the creation of direct-to-consumer companies like 23andMe, which don’t fall under HIPAA. We need those regulations. There is also no federal right to deletion. 23andMe allowed consumers to delete their data, but when everyone rushed to do that, the website crashed. The judge should have seen that and intervened.
“Regeneron has been playing a PR-forward response. They are saying they will uphold privacy. But we can anticipate that a company with a large genetic laboratory will try to make pharmaceuticals based on that data. The ability to make a groundbreaking drug or to send you specific drugs they manufacture based on your data––that’s the multibillion dollar windfall from this. Regeneron paid $250 million for this not just to have the DNA data but to have the ability to target you with drugs they will manufacture.”
