Just days after a massive 23andMe data breach exposed the personal information of 6.9 million users, the genetic testing company quietly updated its terms of service to prevent customers from suing the company or joining class-action lawsuits. This move raises serious concerns about the company’s attempt to shield itself from legal repercussions and its disregard for user privacy.
It’s unclear whether 23andMe’s attempt to shield itself from class-action lawsuits will hold up in court. Experts argue that the company’s notification process was inadequate, potentially giving customers insufficient notice and confusing them with conflicting email addresses.
The new terms of service strip customers of their right to sue in court and force them to settle disputes through private arbitration. This is a significant disadvantage for customers, as arbitrators often favor the company and proceedings are shrouded in secrecy.
The company is requiring customers to opt-out of the new terms of service via email within 30 days and 23andMe has made two-factor authentication mandatory, a security measure it previously recommended but did not enforce.
What information was leaked at 23andMe data breach?
According to 23andMe, the hack occurred in early October 2023. It took weeks for the company to disclose the full extent of the breach, further fueling public anger. The leaked information at 23andMe data breach included sensitive personal details such as:
- Full names
- Family trees and ancestry reports
- Locations
- Profile pictures
- Birth years
In some cases, even more sensitive information, such as genetic data, may have been compromised. While 23andMe claims that encrypted genetic data was not leaked, experts remain concerned about the potential for hackers to crack the encryption in the future.
The class-action lawsuit says 23andMe failed to implement proper data retention
A class-action lawsuit has already started against 23andMe. According to a proposed class-action lawsuit filed in the Supreme Court of British Columbia, it is alleged that 23andMe failed to implement and maintain proper data retention and data protection practices, resulting in the theft and sale of customer information on the dark web.
The lead plaintiff in the lawsuit is an unnamed British Columbia resident, whose identity is protected under a publication ban, as stated by lawyer Sage Nematollahi. Nematollahi’s firm, KND Complex Litigation, and YLaw Group, based in Vancouver, are working together to pursue this class-action lawsuit.
Nematollahi has reported that “thousands” of Canadians have reached out to his law firm following the data breach, seeking to join the class-action suit. He described the volume of inquiries as “unprecedented” in his career.
The lawsuit alleges that 23andMe engaged in “willful, knowing or reckless conduct” by failing to properly protect customer data. As a result, the company allegedly exposed sensitive and valuable customer information to unauthorized parties and cybercriminals.
The proposed class-action lawsuit seeks unspecified monetary damages, including the price that affected customers paid for 23andMe’s services, as well as additional damages resulting from the data breach. The lawsuit is open to anyone residing in Canada whose personal information was leaked by 23andMe.
How to start a class-action lawsuit against 23andMe after the new Terms of Service
The updated terms of service make it significantly more difficult to join a class-action lawsuit against 23andMe. However, it is still possible to pursue legal action if you have been affected by 23andMe data breach, albeit through individual arbitration. Here’s what you need to do:
Opt-out of arbitration
The new terms of service force users to settle disputes through arbitration, which is a private process with limited rights for consumers. However, you can opt-out of this provision by sending an email to [email protected] within 30 days of your first use of the service or the effective date of the updated terms.
Find other affected customers
You need to find other customers who have been affected by the data breach and are willing to join the lawsuit. This can be done through social media, online forums, or by contacting a lawyer.
Hire a lawyer
You will need to hire a lawyer who specializes in class-action lawsuits. They will be able to assess the viability of your case and guide you through the legal process.
File a lawsuit
Once you have gathered enough evidence and found other affected customers, you can file a class-action lawsuit in court. The lawsuit will need to name 23andMe as a defendant and specify the legal claims against the company.
Discovery and litigation
The discovery process involves gathering evidence and preparing for trial. This can be a lengthy and expensive process.
Settlement or trial
The case may be settled before trial, or it may go to trial. If the case goes to trial, the jury will decide whether 23andMe is liable for the damages caused by the data breach.
Here are the challenges you may face:
- The arbitration clause: 23andMe’s new terms of service require most disputes to be resolved through arbitration, which favors the company and limits your legal rights
- The cost of litigation: Class-action lawsuits can be expensive to bring. You may need to pay for legal fees and other expenses
- The time commitment: Class-action lawsuits can take years to resolve. You will need to be patient and persistent throughout the process
- The opt-out window: You only have 30 days to opt-out of the arbitration clause. If you miss this deadline, you will be forced to resolve any disputes through arbitration
Keep in mind that:
- The deadline to file a class-action lawsuit against 23andMe is one year from the date the claim or cause of action arose
- All litigation must be filed in state or federal courts located in Santa Clara County, California
- You have the right to waive your right to a jury trial
While starting a class-action lawsuit against 23andMe is challenging, it may be the only way to hold the company accountable for the data breach and recover damages. If you are considering this option, it is important to understand the challenges involved and to seek legal advice.
Featured image credit: Andrea De Santis/Unsplash.
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
- PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
- PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
- PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
- Source: https://dataconomy.com/2023/12/08/23andme-data-breach-class-action-lawsuit/
- :has
- :is
- :not
- $UP
- 1
- 2023
- 30
- 9
- a
- Able
- About
- According
- accountable
- Action
- Additional
- addresses
- advice
- affected
- After
- against
- alleged
- allegedly
- alleges
- already
- an
- and
- anger
- any
- anyone
- arbitration
- ARE
- argue
- AS
- assess
- At
- attempt
- Authentication
- Ban
- based
- BE
- been
- before
- Block
- breach
- bring
- British
- British Columbia
- but
- by
- CAN
- Canada
- Canadians
- Career
- case
- cases
- Cause
- caused
- challenges
- challenging
- claim
- claims
- Clara
- Columbia
- company
- Company’s
- complex
- Compromised
- concerned
- Concerns
- Conflicting
- confusing
- considering
- Consumers
- Cost
- Court
- Courts
- crack
- customer
- customer data
- Customers
- cybercriminals
- Dark
- Dark Web
- data
- data breach
- data protection
- Date
- Days
- deadline
- decide
- described
- details
- DID
- difficult
- Disadvantage
- Disclose
- discovery
- disputes
- do
- done
- Early
- Effective
- effectiveness
- encrypted
- encryption
- enforce
- engaged
- enough
- Even
- evidence
- expensive
- experts
- exposed
- extent
- Face
- Failed
- failing
- favor
- favors
- Fees
- File
- filed
- Find
- Firm
- First
- following
- For
- For Consumers
- Force
- forums
- found
- from
- full
- fully
- further
- future
- gathered
- gathering
- genetic
- Giving
- Go
- Goes
- Group
- guide
- hack
- hackers
- Have
- he
- High
- hire
- his
- hold
- However
- HTTPS
- Identity
- if
- image
- implement
- important
- in
- included
- Including
- individual
- information
- Inquiries
- intensifying
- involved
- involves
- IT
- ITS
- itself
- join
- joining
- jpg
- Justice
- Knowing
- Law
- law firm
- lawsuit
- Lawsuits
- lawyer
- lead
- Legal
- Legal Action
- Limited
- limits
- Litigation
- located
- made
- maintain
- make
- mandatory
- massive
- max-width
- May..
- measure
- Media
- million
- mind
- miss
- Monetary
- more
- most
- move
- must
- name
- Need
- New
- Notice..
- notification
- occurred
- occurring
- october
- of
- often
- on
- ONE
- online
- only
- open
- Option
- or
- Other
- out
- paid
- parties
- patient
- Pay
- personal
- plato
- Plato Data Intelligence
- PlatoData
- possible
- potential
- potentially
- preparing
- prevent
- previously
- price
- privacy
- private
- Proceedings
- process
- proper
- properly
- proposed
- protect
- protected
- protection
- provision
- public
- Publication
- pursue
- quietly
- raises
- reached
- reckless
- recommended
- Recover
- remain
- repercussions
- Reported
- require
- resolve
- resolved
- result
- resulting
- retention
- right
- rights
- sale
- Santa
- says
- security
- Seek
- seeking
- Seeks
- sending
- sensitive
- serious
- service
- Services
- settle
- Settled
- Shield
- shrouded
- significant
- significantly
- Social
- social media
- some
- specializes
- start
- started
- Starting
- State
- stated
- Still
- Strip
- such
- sue
- Suit
- Supreme
- Supreme Court
- Take
- terms
- terms of service
- Testing
- that
- The
- The Future
- theft
- their
- Them
- they
- this
- Through
- throughout
- time
- to
- together
- took
- Trees
- trial
- unauthorized
- Uncertain
- unclear
- under
- understand
- UNNAMED
- updated
- use
- User
- user privacy
- users
- Valuable
- vancouver
- via
- viability
- volume
- was
- Way..
- web
- Weeks
- WELL
- What
- whether
- which
- while
- WHO
- whose
- will
- willing
- with
- within
- working
- year
- years
- you
- Your
- zephyrnet
