23andMe's DNA Fire Sale: Your Genes Up for Grabs?

When millions of Americans sent their saliva to 23andMe, they weren’t just chasing ancestry clues or health insights. They were entrusting a company with the most intimate blueprint of their existence, their genetic code. Now, as 23andMe staggers through bankruptcy proceedings in 2025, that trust hangs by a thread. Federal Trade Commission Chairman Andrew N. Ferguson’s recent letter to the U.S. Trustee underscores a chilling reality: the potential sale of 15 million customers’ DNA data looms as a corporate fire sale, threatening to scatter sensitive information to the highest bidder.

This isn’t a hypothetical worry. It’s a crisis unfolding in real time, one that exposes the fragility of privacy in an era where personal data doubles as a corporate asset. Consumers didn’t sign up for this. They were promised confidentiality, not a seat at the bankruptcy auction block. Ferguson’s intervention signals a desperate need to protect those who can’t protect themselves, ordinary people blindsided by a company’s financial collapse.

The stakes couldn’t be higher. Genetic data isn’t just another email address or credit card number; it’s permanent, irreplaceable, and ripe for exploitation. If we let this moment pass without action, we’re not just failing 23andMe’s customers, we’re setting a precedent that says your DNA is fair game when the balance sheet bleeds red.

Bankruptcy law has a dirty secret: it often treats your personal information like a commodity. When companies like 23andMe falter, courts can greenlight the sale of consumer data to creditors, sidestepping privacy promises made in brighter days. Look back to RadioShack’s 2015 collapse, when 117 million customer records nearly hit the open market, only stopped by the FTC’s last-minute scramble. Or rewind to 2000, when Toysmart.com tried to auction off its customer list despite explicit pledges not to share it. History keeps repeating itself, and 23andMe is the latest chapter.

What’s at play here is a clash of priorities. Creditors want to maximize payouts, and data, especially genetic data, fetches a premium. But at what cost? Surveys show 60% of consumers balk at policies giving companies free rein over their information, and the 2023 breach that exposed 7 million 23andMe users’ profiles only deepens that unease. The FTC’s insistence on honoring privacy commitments during this mess isn’t just bureaucratic meddling; it’s a lifeline for people who never agreed to have their DNA bartered.

Some argue this is just business, that bankruptcy courts need flexibility to settle debts. They’re not wrong about the mechanics, but they miss the human toll. When IT teams dissolve and encryption keys vanish in a company’s dying days, data security crumbles. The result? A treasure trove of genetic profiles, ripe for misuse, from identity theft to insurance discrimination, despite laws like the Genetic Information Nondiscrimination Act. Flexibility for creditors can’t trump the right to control your own biology.

State attorneys general have sounded the alarm, urging consumers to delete their 23andMe accounts before it’s too late. That’s a start, but it’s not enough. The burden shouldn’t fall on individuals to claw back their privacy; it’s on regulators and lawmakers to close this loophole. The FTC’s oversight, mandating independent privacy ombudsmen under Section 363(b) of the Bankruptcy Code, offers a glimmer of hope, yet it’s a Band-Aid on a gaping wound.

This isn’t just about 23andMe. It’s about every company holding the keys to our digital lives. The patchwork of state privacy laws, with 20 states stepping up in 2025 alone, proves people are fed up. Delaware and Iowa now demand opt-in consent for handling sensitive data like DNA, a standard that shames the federal government’s inaction. Internationally, the EU’s General Data Protection Regulation has shown what’s possible: real penalties, real control, real accountability. Why are we lagging behind?

Advocates for a national privacy law aren’t dreaming in the abstract. A fragmented system costs the U.S. economy over $1 trillion a year, bogging down businesses and leaving consumers exposed. Genetic testing companies, reeling from breaches like 23andMe’s in 2023, face a trust deficit they can’t afford. Transparency reports and express consent aren’t optional; they’re the bare minimum to keep customers from bolting. The FTC’s role in cases like Facebook’s WhatsApp buyout proves it can enforce these standards, so why not codify them?

Opponents will cry overregulation, claiming it stifles innovation. Tell that to the 7 million whose data was compromised two years ago, or the 15 million now watching their genetic profiles dangle over a bankruptcy abyss. Innovation built on broken promises isn’t progress; it’s predation. A uniform law wouldn’t kill genetic testing, it’d save it by giving consumers the confidence to participate without fear.

Ferguson’s letter isn’t just a warning; it’s a battle cry. The FTC can’t do this alone, nor should it have to. Congress needs to act, not with half-measures or outdated fixes like the 2005 Bankruptcy Code tweaks, but with a bold, comprehensive privacy framework. Consumers deserve to know their DNA won’t be sold off when a company tanks. They deserve a system that puts their rights above corporate bottom lines.

We’re at a crossroads. Let 23andMe’s downfall be the wake-up call that forces us to rethink privacy in the digital age. Our genetic code is ours, not a bargaining chip for creditors or a payday for failing firms. If we don’t demand better now, we’ll be left picking up the pieces of a trust that’s shattered beyond repair.