House Must Update Bankruptcy Code in Wake of 23andMe DNA Data Sale
Chairman Scott Fitzgerald and Ranking Member Jerry Nadler
U.S. House Judiciary Subcommittee on the Administrative State, Regulatory Reform, and Antitrust
U.S. House of Representatives
2138 Rayburn House Office Building
Washington, D.C. 20515
Re: Public Citizen’s Statement for the Record: Bankruptcy Law: Overview and Legislative Reforms
Dear Chairman Fitzgerald, Ranking Member Nadler, and Members of the Subcommittee,
Public Citizen appreciates the opportunity to submit this statement for the record for the hearing titled, Bankruptcy Law: Overview and Legislative Reforms. We commend the Subcommittee for examining whether current bankruptcy laws are meeting the needs of consumers and for assessing whether narrowly tailored reforms are necessary to maintain a just and viable bankruptcy system. Public Citizen believes this is not only a topic of worthy research and discussion, but one that is of paramount importance for consumers nationwide.
Founded in 1971, Public Citizen is a national nonprofit organization with more than 500,000 members and supporters across the country. We advocate for an accountable government, corporate transparency, and consumer protection in the public interest. This statement focuses on one alarming example of how existing bankruptcy law is failing to meet modern challenges: the auction and transfer of over 15 million individuals’ genetic data during the bankruptcy of 23andMe and its subsequent transformation to a “nonprofit” entity.
I. DNA is Not Just Data—It is the Most Intimate Form of Identity
The bankruptcy sale of 23andMe’s genetic database, containing the deeply personal biological information of millions of consumers, represents a pivotal test of whether our bankruptcy laws are equipped to protect the dignity and privacy of Americans in the digital age. Unlike ordinary customer information, genetic data is immutable and inherently shared. A single individual’s genome contains information about their entire family tree. Even so-called “de-identified” genetic data can be re-identified. Importantly, DNA data cannot be easily reset or reissued. And, absent mutation, it is not changeable. Therefore, your DNA remains yours—for life—and forever traceable to you. Yet under current bankruptcy law, genetic data is treated no differently than marketing lists, brand assets, or software licenses.
This is a catastrophic misalignment.
Section 363(b)(1)(B) of the Bankruptcy Code offers some protections for personally identifiable information (PII), but the law fails to expressly include genetic data. This leaves consumers vulnerable to the permanent transfer of their biological identity without meaningful consent. This is a loophole that must be closed.
II. The 23andMe to TTAM Transaction Sets a Dangerous Precent Requiring Bankruptcy Law Updates
In March 2025, 23andMe filed for Chapter 11 bankruptcy protection. In an unexpected turn, the winning bidder for its data was a “nonprofit” created and controlled by 23andMe’s own founder, Anne Wojcicki. The newly formed TTAM Research Institute acquired the genetic database for $305 million.
This self-dealing maneuver raises serious concerns about transparency, accountability, and data stewardship. It appears to allow a failed for-profit enterprise to shed its debts, rebrand as a nonprofit, and reacquire its most valuable asset: the genetic data of over 15 million individuals. Notably, the newly formed “nonprofit,” TTAM Research Institute, uses the same initials as 23andMe and, according to the bankruptcy judge, is composed of “the same business, the same employees, familiar leaders, and the same privacy policies.” This invites a critical question: aside from the nonprofit designation, what meaningfully distinguishes TTAM from 23andMe?
If, as the court acknowledged, the same actors who led 23andMe into bankruptcy are now in control of TTAM, does this reflect the intended purpose of bankruptcy law? Should Chapter 11 facilitate a process whereby corporate insiders can reorganize under a new legal form, evade liabilities, and retain control over sensitive consumer assets without meaningful regulatory accountability?
While TTAM claims to uphold privacy standards, it is not clear whether these promises will survive shifts in leadership or funding. Without meaningful oversight, the nonprofit designation becomes little more than a marketing veneer—an attempt to cleanse a controversial data transfer of its ethical and legal baggage. Congress must not allow corporate entities to exploit nonprofit status as a backdoor for reacquiring sensitive assets they lost the right to steward. If bankruptcy is to function as a fair and transparent system for balancing the interests of creditors, consumers, and the public, it must not facilitate reputational resets that enable the same actors to continue controversial data practices under a different nameplate.
In short, the 23andMe-to-TTAM transition illustrates the need for narrowly tailored reforms to the Bankruptcy Code. Congress must ensure the law cannot be used to launder reputations, avoid accountability, or transfer deeply personal data under the guise of nonprofit stewardship. This is precisely the kind of loophole this hearing is well-positioned to address.
III. Legal Consent is Not Ethical Consent
Many will argue that consumers consented to such transfers through terms of service agreed to years ago. But “click-through” contracts that bundle in sweeping data rights do not constitute meaningful, informed consent—especially for sensitive, permanent information like DNA. In fact, scholars have questioned how well users understand the terms they are agreeing to. The average consumer cannot anticipate future bankruptcies, corporate restructuring, or the emergence of new entities that might take ownership of their genetic data.
In medical and research ethics, when a project changes scope, ownership, or risk profile, participants are typically re-consented. This is also an underlying ethical principle for business data ethics, one that is often voluntary for businesses to participate in. This principle must extend to genetic data in commercial contexts. Consumers should not have their most sensitive data permanently transferred to unknown third parties without reaffirming their consent in a bankruptcy proceeding or otherwise.
A bipartisan group of senators introduced the Don’t Sell My DNA Act, which would amend the Bankruptcy Code to include genetic information within the definition of personally identifiable information (PII). The proposed legislation would require written notice and affirmative re-consent from consumers before any transfer of their genetic data, and would mandate the deletion of any data not included in a sale. The bill represents an important step toward safeguarding genetic privacy and includes policies that should be seriously considered by this subcommittee.
IV: Creating a Consumer Genetic Data Ombudsman in the Bankruptcy Code
Current bankruptcy law treats most customer data—including names, Social Security numbers, and financial account details—as transferable corporate assets. Under Section 363(b)(1)(B) of the Bankruptcy Code, if a debtor’s privacy policy restricts the transfer of personally identifiable information (PII), and a proposed sale would violate that policy, the sale may proceed only if the court appoints a consumer privacy ombudsman and determines that the transaction does not contravene consumer privacy interests.
However, as stated previously, this provision does not explicitly reference genetic data. The law’s silence leaves a significant gray area: Can courts meaningfully evaluate privacy harms when genetic information is not clearly protected under the statute? Can consumers trust that their most intimate biological information will not be commodified without their knowledge or consent?
Luckily, there is precedent in the Bankruptcy Code for a fix that is specifically tailored and reasonable—the creation of Consumer Genetic Data Ombudsman for any bankruptcy or merger proceedings involving sensitive genetic data. This position would serve as a specialized watchdog tasked with ensuring that genetic data transfers receive heightened scrutiny during asset sales or transfers. The ombudsman could also provide consumers with the opportunity to meaningfully re-consent. They would ensure the deletion rights are enforced for individuals who do not want their data transferred to another entity. Finally, the ombudsman would ensure that ethical oversight is applied to evaluate whether proposed transfers of DNA data align with privacy standards, bioethical norms, and the public interest.
The appointment of a dedicated ombudsman would not only help prevent harmful and non-consensual transfers of genetic data, it would also restore a measure of transparency and accountability to bankruptcy proceedings that increasingly involve the sale of intimate, irreplaceable consumer information. It is a modest but necessary step to ensure that privacy protections keep pace with both technological advancements and evolving financial realities. Again, this subcommittee is uniquely positioned to make such a change to the Bankruptcy Code providing a well-needed protection for consumers in the era of big data and artificial intelligence.
Recommendations
The 23andMe bankruptcy has highlighted how outdated current bankruptcy law has become and its failure to protect consumers. Now more than ever, there are direct-to-consumer products that capture sensitive health information, including DNA data among others, that is of incredible value to Big Tech companies. Congress must also see the incredible value in this sensitive data and act to modernize bankruptcy law and protect consumers. To reiterate and expand on proposed changes mentioned above, Public Citizen urges Congress to:
- Amend the Bankruptcy Code to classify genetic information as PII, subject to Section 363(b)(1)(B), and require robust protections prior to any transfer.
- Amend the Bankruptcy Code to create a Genetic Data Ombudsman, specifically for bankruptcy proceedings involving biometric, health, or genetic information.
- Mandate re-consent for any transfer of genetic data during bankruptcy, merger, or acquisition proceedings.
- Establish a right to delete genetic data from both first- and third-party holders, enforceable by the FTC and state attorneys general.
- Prohibit nonprofit entities formed by previous corporate officers from reacquiring sensitive data without independent review and oversight, particularly when there are conflicts of interest or a history of data breaches.
- Pass comprehensive data privacy legislation that includes heightened standards for biometric and health data stewardship.
Conclusion
The commodification of DNA through bankruptcy proceedings is a moral and legal failure. Treating the genetic code of millions of Americans as just another asset on the auction block is an affront to human dignity, privacy, and national security. Congress must ensure that our laws reflect the sensitivity and permanence of this data—and that people, not profit, come first.
Respectfully submitted,
J.B. Branch
Technology Accountability Advocate
Public Citizen