Genetic testing company 23andMe is facing public backlash this week after changing its terms of service in the wake of a major security breach affecting nearly half or 7 million of its users.
The changes come days after the company disclosed that a hack occurred in October, where attackers gained unauthorized access to personal information, including photos, names, geographical locations, and ancestry-related data.
Under the updated terms, sent to users via email, the company bars users from participating in class-action lawsuits and jury trials, stating: “To the fullest extent allowed by applicable law, you and we agree that each party may bring disputes against the other party only in an individual capacity and not as a class action or collective action or class arbitration” under the “Dispute Resolution and Arbitration” section.
This move comes amid ongoing legal challenges, with 23andMe acknowledging multiple class action claims filed against them in federal and state courts. Axios reports that at least two Canada-based law firms — YLaw and KND Complex Litigation — have proposed a class-action lawsuit against the company in the Supreme Court of British Columbia.
In forcing users to settle disputes through arbitrations, which unlike court proceedings are done in private, the company doesn’t only save money, it’s also — perhaps, more importantly — able to keep disputes under wraps. A spokesperson for the company claims that the new terms weren’t designed to limit class action suits or jury trials but to speed up the resolution of disputes.
Speaking of forcing, the updates also say that users “will be deemed to have agreed to the new terms” unless they specifically inform the company that they disagree by sending an email within 30 days of receiving the firm’s notice.
But these sneaky tactics may not be enough to keep users from bringing 23andMe to court.
Nancy Kim, a Chicago-Kent College of Law professor, told Axios that “updating terms is usually perfectly legal if consumers are given reasonable notice and the option to opt-out.” However, she noted that 23andMe will likely have difficulty proving that it provided both to its customers.
Lawyer Rob Freund echoes these sentiments.
Information for this story was found via Axios, TechCrunch, and the sources and companies mentioned. The author has no securities or affiliations related to the organizations discussed. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.
