Latest news with #FutureofPrivacyForum
WIRED
24-03-2025
- Business
- WIRED
How to Delete Your Data From 23andMe
Genetic testing company 23andMe, once a Silicon Valley darling valued at $6 billion, filed for Chapter 11 bankruptcy protection late Sunday as it prepares for a sale of the business. CEO Anne Wojcicki, who cofounded the company in 2006, has also stepped down after months of failed attempts to take the firm private. As uncertainty about the company's future reaches its peak, all eyes are on the trove of deeply personal—and potentially valuable—genetic data that 23andMe holds. Privacy advocates have long warned that the risk of entrusting genetic data to any institution is twofold—the organization could fail to protect it, but it could also hand over customer data to a new entity that they may not trust and didn't choose. California Attorney General Rob Bonta reminded consumers in an alert on Friday that Californians have a legal right to ask that an organization delete their data. 23andMe customers in other states and countries largely do not have the same protections, though there is also a right to deletion for health data in Washington State's My Health My Data Act and the European Union's General Data Protection Regulation. Regardless of residency, all 23andMe customers should consider downloading anything they want to keep from the service and should then attempt to delete their information. 'This situation really brings home the point that there is still no national health privacy law in the US protecting your rights unless you live in California or Washington,' says Andrea Downing, an independent security researcher and cofounder of the patient-led digital rights nonprofit The Light Collective. 'Meanwhile, we continue to evolve our understanding of how genetic information has value, but also has unique vulnerability.' John Verdi, senior vice president of policy at the Future of Privacy Forum, says 23andMe's new owner could revise the company's privacy policies for new customers and new data collection, but the data it has already collected from current customers is subject to existing terms. 'The company has legal obligations regarding information collected under the current policies,' he says. Still, researchers emphasize that in practice, such a large transition will create real data exposure that is outside of 23andMe customers' control. 'In my opinion, these privacy policies—especially in the context of acquisitions in the venture capital and private equity space—aren't worth the paper they're printed on,' says longtime security researcher and data privacy advocate Kenn White. 'For regular people out there who use these services, you're pretty much on your own. My advice is to request your data get deleted as soon as possible"
Yahoo
24-03-2025
- Business
- Yahoo
23andMe users warned to delete their data
(NewsNation) — After extended financial uncertainty and recent layoffs, 23andMe has filed for Chapter 11 bankruptcy, and CEO Anne Wojcicki, whose takeover bids failed, has stepped down. The genetic testing company has the genetic data of more than 15 million customers — and California Attorney General Rob Bonta is warning users to purge their data sooner rather than later. In a news release, Bonta said it is important to make use of 'robust privacy laws' allowing customers to 'take control and request that a company delete their genetic data.' New study challenges understanding of babies' memories In a news release announcing the bankruptcy filing, 23andMe chair Mark Jensen thanked the company's employees and assured the security of customer data. Jensen said 23andMe is 'committed to continuing to safeguard customer data and being transparent about the management of user data going forward, and data privacy will be an important consideration in any potential transaction.' While health care information is typically safeguarded under privacy laws, information acquired by direct-to-consumer companies — referred to as a 'trove of sensitive consumer data' by Bonta — isn't guaranteed that same protection. About 80% of 23andMe's customers agree to have their genetic data analyzed for medical research upon signing up for the service, NPR reported last year. Users can delete their data from 23andMe's website by: Logging into their account Clicking on 'Settings' under their profile Finding the '23andMe Data' section Clicking 'View,' then '23andMe Data' Choosing the 'Permanently Delete Data' selection Is 'microdosing' Ozempic becoming a trend? According to Bonta, 23andMe will then send a follow-up email allowing users to confirm their decision to delete their data. If you want to take it a step further, you can delete your account altogether by: Scrolling to the 'Account Information' section Selecting 'Delete Your Account' Ten states — including California — have enacted privacy laws for direct-to-consumer genetic testing companies, according to a March 2024 article from the Future of Privacy Forum. States include: Arizona California Kentucky Maryland Montana Utah Tennessee Texas Virginia Wyoming NewsNation's Ashley N. Soriano contributed to this report. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Yahoo
24-03-2025
- Business
- Yahoo
California AG warns 23andMe users to delete their data
(NewsNation) — After extended financial uncertainty and recent layoffs, 23andMe has filed for Chapter 11 bankruptcy, and CEO Anne Wojcicki, whose takeover bids failed, has stepped down. The genetic testing company has the genetic data of more than 15 million customers — and California Attorney General Rob Bonta is warning users to purge their data sooner rather than later. In a news release, Bonta said it is important to make use of 'robust privacy laws' allowing customers to 'take control and request that a company delete their genetic data.' New study challenges understanding of babies' memories In a news release announcing the bankruptcy filing, 23andMe chair Mark Jensen thanked the company's employees and assured the security of customer data. Jensen said 23andMe is 'committed to continuing to safeguard customer data and being transparent about the management of user data going forward, and data privacy will be an important consideration in any potential transaction.' While health care information is typically safeguarded under privacy laws, information acquired by direct-to-consumer companies — referred to as a 'trove of sensitive consumer data' by Bonta — isn't guaranteed that same protection. About 80% of 23andMe's customers agree to have their genetic data analyzed for medical research upon signing up for the service, NPR reported last year. Users can delete their data from 23andMe's website by: Logging into their account Clicking on 'Settings' under their profile Finding the '23andMe Data' section Clicking 'View,' then '23andMe Data' Choosing the 'Permanently Delete Data' selection Is 'microdosing' Ozempic becoming a trend? According to Bonta, 23andMe will then send a follow-up email allowing users to confirm their decision to delete their data. If you want to take it a step further, you can delete your account altogether by: Scrolling to the 'Account Information' section Selecting 'Delete Your Account' Ten states — including California — have enacted privacy laws for direct-to-consumer genetic testing companies, according to a March 2024 article from the Future of Privacy Forum. States include: Arizona California Kentucky Maryland Montana Utah Tennessee Texas Virginia Wyoming NewsNation's Ashley N. Soriano contributed to this report. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
CNN
25-02-2025
- CNN
UK users are losing a key Apple security feature, raising questions about the future of privacy
Apple users in the United Kingdom will no longer have access to a key data security feature for iCloud storage: Advanced Data Protection. It's a relatively small change, but privacy experts worry it could have ripple effects for data privacy around the world. The iPhone maker confirmed last week that it would end access for UK users to the optional end-to-end encryption feature, which helps to ensure that only users can access their own personal data, such as photos and messages. The move was widely viewed as an effort to avoid complying with a request from the British government for a technical 'back door' to access user data. Still, the situation could serve as an example that other governments could follow to undermine user privacy, experts say. 'This has always been one of our major concerns,' said Caroline Wilson, general counsel at UK-based nonprofit Privacy International. 'The fact that the UK government… is setting a bad precedent for other governments around the world.' Apple said in a statement that it is 'gravely disappointed' to no longer offer the feature to UK users, 'given the continuing rise of data breaches and other threats to customer privacy.' But the company had little choice, experts say. 'Apple was in a very difficult spot here,' said John Verdi, senior vice president of policy at Washington, DC-based advocacy group Future of Privacy Forum. 'Folks in the United Kingdom simply will not have available the top level of security that Apple provides elsewhere in the world.' Apple's iCloud storage service uses end-to-end encryption to protect 14 categories of sensitive data by default, including health data and passwords, stored in users' iCloud Keychain. That means user data is basically scrambled when it's stored on Apple's servers, and only the user who holds the account can access it in its un-scrambled form. So, no one with access to Apple's servers — like hackers, or even the company itself — could read users' sensitive data. 'In the digital world, end-to-end encryption is going to be your best bet for getting a truly private and secure conversation that's kind of on the level of what you could have in person,' said Joe Mullin, a senior policy analyst for the Electronic Frontier Foundation. Advanced Data Protection, or ADP, extends end-to-end encryption for additional categories of data, including photos, notes, voice memos and iCloud backups (think text messages and call logs). So, in the event of a data breach, for example, content like this would be inaccessible to a hacker since even Apple can't read it. 'One of the very few ways to make sure that your data can't be leaked if a company is breached is to make sure that the company (itself) doesn't have it,' said Sarah Scheffler, an assistant professor in Carnegie Mellon's Cylab Security and Privacy Institute. UK users will now lose protection for those additional categories of data. Those who have not already enabled ADP are no longer able to do so, and Apple says it will soon provide guidance to existing users on how to disable the feature. There are third-party cloud storage options that offer end-to-end encryption, like NordLocker and Proton Drive. But Mullin notes that consumers are less likely to use them because they'd have to go through extra steps, whereas Apple's system can back up your phone automatically when it's locked and connected to power and Wi-Fi. 'You kind of need these encrypted services on some level from the people that are making the (operating system) on your phone,' said Mullin. 'That's why so much of the encryption conversation is around what Google and Apple are doing.' Advanced Data Protection will still be available outside of the UK. For UK users, those standard end-to-end encrypted data categories will not change, and iMessage and FaceTime will remain end-to-end encrypted. 'It's a shame,' Verdi said. 'It makes British citizens less safe.' Apple's move comes weeks after multiple news outlets reported that British security officials had ordered Apple to build a technical back door that would allow access to the company's global user data. The demand reportedly came under the Investigatory Powers Act, which lets British law enforcement compel access to communications and metadata from tech companies in secret. Apple has built its brand around privacy and previously resisted building back doors to allow governments or law enforcement access to its users' information. 'As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will,' the company said in a statement regarding the change to ADP. But without end-to-end encryption, Apple could have access to users' data, which means law enforcement could legally compel the company to hand it over to aid in the investigation and prosecution of crimes. That may be why Apple believes the move to end ADP in the region will be enough for the British government. 'The decision to pull this privacy feature in the UK is an attempt to hopefully not undermine it in the rest of the world,' Wilson said. Apple has declined to comment directly on the British demand. The UK's Home Office, which is responsible for making requests under the Investigatory Powers Act, did not immediately respond to CNN's request for comment. But even if it makes it easier for law enforcement to access user data, it's 'impossible to provide exceptional access' to data for some parties without 'undermining security for everyone,' Verdi said. 'Either everyone is protected by strong encryption, or it's weakened for everyone,' he said. He added that law enforcement could instead seek to access data directly from, with a warrant that compels them to unlock their devices. In the wake of the UK's move, Verdi says he sees 'two possible futures.' In one scenario, other governments could decide they want to do the opposite of the UK and give individuals, companies and government officials the 'best security Apple has to offer,' boosting encryption protections. But some governments could also follow the UK's lead and 'seek to undermine security' by passing rules or making demands that force tech companies to weaken their encryption. 'What happens now?' said Scheffler. 'This is one piece in a very large puzzle over… the future of privacy, and the future security and the future of encryption.'
CNN
25-02-2025
- CNN
UK users are losing a key Apple security feature, raising questions about the future of privacy
Apple users in the United Kingdom will no longer have access to a key data security feature for iCloud storage: Advanced Data Protection. It's a relatively small change, but privacy experts worry it could have ripple effects for data privacy around the world. The iPhone maker confirmed last week that it would end access for UK users to the optional end-to-end encryption feature, which helps to ensure that only users can access their own personal data, such as photos and messages. The move was widely viewed as an effort to avoid complying with a request from the British government for a technical 'back door' to access user data. Still, the situation could serve as an example that other governments could follow to undermine user privacy, experts say. 'This has always been one of our major concerns,' said Caroline Wilson, general counsel at UK-based nonprofit Privacy International. 'The fact that the UK government… is setting a bad precedent for other governments around the world.' Apple said in a statement that it is 'gravely disappointed' to no longer offer the feature to UK users, 'given the continuing rise of data breaches and other threats to customer privacy.' But the company had little choice, experts say. 'Apple was in a very difficult spot here,' said John Verdi, senior vice president of policy at Washington, DC-based advocacy group Future of Privacy Forum. 'Folks in the United Kingdom simply will not have available the top level of security that Apple provides elsewhere in the world.' Apple's iCloud storage service uses end-to-end encryption to protect 14 categories of sensitive data by default, including health data and passwords, stored in users' iCloud Keychain. That means user data is basically scrambled when it's stored on Apple's servers, and only the user who holds the account can access it in its un-scrambled form. So, no one with access to Apple's servers — like hackers, or even the company itself — could read users' sensitive data. 'In the digital world, end-to-end encryption is going to be your best bet for getting a truly private and secure conversation that's kind of on the level of what you could have in person,' said Joe Mullin, a senior policy analyst for the Electronic Frontier Foundation. Advanced Data Protection, or ADP, extends end-to-end encryption for additional categories of data, including photos, notes, voice memos and iCloud backups (think text messages and call logs). So, in the event of a data breach, for example, content like this would be inaccessible to a hacker since even Apple can't read it. 'One of the very few ways to make sure that your data can't be leaked if a company is breached is to make sure that the company (itself) doesn't have it,' said Sarah Scheffler, an assistant professor in Carnegie Mellon's Cylab Security and Privacy Institute. UK users will now lose protection for those additional categories of data. Those who have not already enabled ADP are no longer able to do so, and Apple says it will soon provide guidance to existing users on how to disable the feature. There are third-party cloud storage options that offer end-to-end encryption, like NordLocker and Proton Drive. But Mullin notes that consumers are less likely to use them because they'd have to go through extra steps, whereas Apple's system can back up your phone automatically when it's locked and connected to power and Wi-Fi. 'You kind of need these encrypted services on some level from the people that are making the (operating system) on your phone,' said Mullin. 'That's why so much of the encryption conversation is around what Google and Apple are doing.' Advanced Data Protection will still be available outside of the UK. For UK users, those standard end-to-end encrypted data categories will not change, and iMessage and FaceTime will remain end-to-end encrypted. 'It's a shame,' Verdi said. 'It makes British citizens less safe.' Apple's move comes weeks after multiple news outlets reported that British security officials had ordered Apple to build a technical back door that would allow access to the company's global user data. The demand reportedly came under the Investigatory Powers Act, which lets British law enforcement compel access to communications and metadata from tech companies in secret. Apple has built its brand around privacy and previously resisted building back doors to allow governments or law enforcement access to its users' information. 'As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will,' the company said in a statement regarding the change to ADP. But without end-to-end encryption, Apple could have access to users' data, which means law enforcement could legally compel the company to hand it over to aid in the investigation and prosecution of crimes. That may be why Apple believes the move to end ADP in the region will be enough for the British government. 'The decision to pull this privacy feature in the UK is an attempt to hopefully not undermine it in the rest of the world,' Wilson said. Apple has declined to comment directly on the British demand. The UK's Home Office, which is responsible for making requests under the Investigatory Powers Act, did not immediately respond to CNN's request for comment. But even if it makes it easier for law enforcement to access user data, it's 'impossible to provide exceptional access' to data for some parties without 'undermining security for everyone,' Verdi said. 'Either everyone is protected by strong encryption, or it's weakened for everyone,' he said. He added that law enforcement could instead seek to access data directly from, with a warrant that compels them to unlock their devices. In the wake of the UK's move, Verdi says he sees 'two possible futures.' In one scenario, other governments could decide they want to do the opposite of the UK and give individuals, companies and government officials the 'best security Apple has to offer,' boosting encryption protections. But some governments could also follow the UK's lead and 'seek to undermine security' by passing rules or making demands that force tech companies to weaken their encryption. 'What happens now?' said Scheffler. 'This is one piece in a very large puzzle over… the future of privacy, and the future security and the future of encryption.'
