Regeneron Pharmaceuticals has confirmed its acquisition of 23andMe’s DNA testing business – ensuring customers they will continue to offer the popular DNA service and adopt the company’s standing privacy policies to safeguard customer data. While it’s common for customer data to transfer due to an acquisition, the nature of this data represents something new. Regeneron plans to use the data similarly to 23andMe – helping customers learn about their DNA and how to improve their personal health and building upon that by using large-scale genetics research to improve the treatment and prevention of illness.
Gary Kibel, Davis+Gilbert Privacy, Technology + Data Security partner, was quoted in The Washington Post speaking on regulatory considerations and consumer rights regarding the transfer of sensitive genetic data in the 23andMe acquisition.
Gary explains that regulators would typically look at how a company acquiring sensitive data planned to use it. “If the acquirer was someone who planned to do something radically different” — a behavioral advertising company, for instance — “then I think regulators would be concerned about that,” he said. “Here, we believe Regeneron is probably going to use it for similar purposes.”
Regeneron pledges to uphold 23andMe’s privacy policies, however, if former customers don’t feel comfortable with the data transfer, they may be able to request its deletion. “Some state privacy laws give consumers the right to have their data deleted, and Regeneron could be subject to such requests,” Gary said.
To read more about Regeneron Pharmaceuticals’ acquisition of 23andMe, read the full article below.