A group of U.S. lawmakers launched an investigation into how 23andMe is handling customer data. The probe follows the company’s bankruptcy filing last month in Missouri.
House Energy and Commerce Committee Chair Brett Guthrie (R-Ky.) sent a letter to 23andMe. Reps. Gus Bilirakis (R-Fla.) and Gary Palmer (R-Ala.) joined him. They questioned how 23andMe plans to manage sensitive customer data. This concern arises if the company sells either the data or the business.
23andMe gained popularity through at-home DNA test kits. Customers mailed saliva samples to receive genetic, health, and ancestry reports. The company collected data from more than 15 million users.
In their letter to Interim CEO Joe Selsavage, the lawmakers raised serious concerns. They said 23andMe holds biological samples, health data, and personal details of millions.
They explained that HIPAA protects medical data but not for companies like 23andMe. These laws don’t apply to direct-to-consumer platforms. Since state laws differ, and no strong federal law covers genetic data, the risk remains high. Customer data could be exposed if the company is sold.
The lawmakers said customers reported issues while trying to delete their data. Some couldn’t access their accounts or receive verification codes. Technical problems with the website made the process difficult.
When 23andMe filed for Chapter 11 bankruptcy, it shared important information. The company said it might sell, transfer, or share customer data during a business deal. However, it added that any buyer must follow its privacy policy and obey all laws.
The website offers a way for users to delete their data. Still, the lawmakers stated some customers struggled to do so. They asked the company to ensure customers can access and remove their information. They said this must be honored even if the company changes ownership.
In their letter, they asked if 23andMe plans to update its privacy policy. They also asked whether it will properly vet all potential buyers.
Other lawmakers also raised concerns in recent weeks. The House Oversight and Government Reform Committee sent its own inquiry. The Federal Trade Commission reached out to 23andMe in late March.
The lawmakers urged 23andMe to protect user data. They said the company must honor deletion requests and stay transparent during the transition.
