In March 2025, the largest direct-to-consumer genetic testing company in the world filed for bankruptcy. In the days after the announcement, traffic to 23andMe’s account-deletion page surged more than five hundred percent, as roughly fifteen million customers tried to figure out whether they could retrieve the most personal data they had ever voluntarily handed over to a corporation. In June, a bankruptcy judge approved the sale of the company — and the data — to a nonprofit research institute led by its founder, for $305 million. That is what genetic data is worth, in a fire sale, in 2025.
In 2018, direct-to-consumer genetic testing was a novelty. 23andMe had a few million customers. Ancestry.com had more, but its product was framed as genealogy rather than medicine. The service was one-way: you spit in a tube, you got a report back, and the company quietly retained the underlying data to sell access to pharmaceutical researchers.
Three things have changed.
The market concentrated, then the leading player failed. 23andMe reached roughly fifteen million customers, went public via SPAC in 2021 at a $3.5B valuation, and by 2025 was bankrupt. The June 2025 sale transferred the genetic dataset to the nonprofit TTAM Research Institute, led by Anne Wojcicki — 23andMe’s co-founder, who reacquired the data she had helped build. The process was lawful. It was also a demonstration that genetic consent, under current US law, is a one-time event that travels with the corporate entity that collected it.
Law enforcement moved in. The 2018 identification of the Golden State Killer via genealogical analysis of DNA uploaded to the public database GEDmatch was the opening case. It was, for many people, also the end of the framing that consumer genetic databases were medical or recreational. They became investigative infrastructure. Subsequent cases have extended the technique to cold cases decades old, with the identification proceeding through distant cousins whose profiles were uploaded to public databases without the suspect’s consent because the suspect was never asked.
Polygenic risk scoring moved into the mainstream. Early direct-to-consumer genetic reports gave users ancestry estimates and a handful of single-gene risk flags. The current generation uses polygenic scores — statistical combinations of many thousands of genetic variants — to estimate risk for cardiovascular disease, cancer, diabetes, depression, and increasingly for IVF embryo selection. The predictive power varies; the presence of these scores in clinical settings does not. The scoring is now more common than most patients realise.
The consent problem is structural, not incidental. When a customer agreed to 23andMe’s 2015 terms of service, they consented to certain uses under a certain corporate entity. The terms did not, and could not, bind future corporate entities. The 23andMe bankruptcy transferred their data to TTAM under a consent regime the customer never saw. This is Informed Consent at its most brittle: the canonical case of consent-under-one-regime-transferred-to-another. The book’s treatment of informed consent did not anticipate bankruptcy-court data transfers of fifteen million genomes, but the framework applies without strain.
The family-consent problem is the one most people only notice when it is too late. A person’s genome is not just theirs. It is about sixty percent shared with each sibling, fifty percent with each parent and child, lower percentages with more distant relatives — and highly identifiable even from partial matches. A single family member’s decision to upload to a public database effectively enrolls the entire extended family in that database, without any of them being asked. The Golden State Killer case was solved via a third cousin. The relatives of that third cousin did not consent to being searched.
The regulatory gap is real. The Genetic Information Nondiscrimination Act (GINA) prohibits genetic discrimination in employment and health insurance. It does not cover life insurance, long-term care insurance, or disability insurance — all of which are permitted to use genetic information in underwriting. HIPAA does not apply to direct-to-consumer companies because they are not healthcare providers. The protections most people assume exist for this data mostly do not. This is the Power, Privilege, and Access pattern applied to information: genetic information moves through the economy in ways that the regulatory regime was not designed to police.
The Surveillance, Privacy, and Control pattern is striking because the surveillance is voluntary. No one was forced to send a cheek swab. The business model is genetic surveillance that consumers paid to participate in — a pattern that connects this page to Minority Report’s question of predictive infrastructure and to Social Credit and Algorithmic Scoring on the consequences of standing information systems.
What the book directly addresses. The Informed Consent and Surveillance frameworks apply directly. Corporate Responsibility applies — the 23andMe bankruptcy made it concrete that “we will protect your data” is a commitment a corporate entity can outlive. The book’s treatment of Minority Report and predictive algorithms applies directly: polygenic risk scoring is actuarial prediction at the individual level, and the chapter’s analysis of what it costs to live under probabilistic judgment is apt.
What the frameworks suggest when extrapolated. The book’s emphasis on who decides and who is affected illuminates the family-consent problem. The Risk Innovation framework — threats to dignity, autonomy, and belonging — captures why unauthorised genetic investigation of relatives hits so hard even when no concrete harm follows.
Where the frameworks reach their limits. The book was not written anticipating a bankruptcy-court mechanism for mass transfer of biometric data. The specific governance question — what should bankruptcy law say about genetic data? — is a policy question the book’s frameworks invite but do not answer. Policy innovation is needed; the book provides the diagnostic questions, not the legislative text.
Films from outside the book’s twelve: Gattaca (1997) is the obvious and somehow still-missing reference — a world organised around genetic scoring, arrived at through institutional rather than dystopian channels. The Social Dilemma (2020) is a documentary that frames data-as-product with particular sharpness; it does not address genetics specifically but the framing transfers cleanly.