Legal Protections Are Still Limited
In the United States, there is no comprehensive federal law protecting your genetic data. HIPAA covers medical records, but not consumer DNA services like 23andMe.
Many users wrongly assume they are fully protected. In reality, laws vary from state to state and are often outdated. Companies can store, analyze, and sometimes even sell data without breaching current laws.
Even if 23andMe promised not to sell your data, legal loopholes and vague policy wording can leave users vulnerable. Once a company changes ownership, these terms might be altered.
International users face a similar lack of protection. While the EU has stronger rules through the GDPR, enforcement remains inconsistent. Global platforms often default to the weakest protection allowed.
