Introduction

Bankruptcy proceedings can present significant challenges, particularly when it comes to the management of personal data. Historical cases, such as those involving ToySmart and RadioShack, offer critical insights into how consumer privacy can be protected in such scenarios.

Key Historical Cases

The ToySmart Settlement

In 2000, the Federal Trade Commission (FTC) reached a settlement with ToySmart, a retailer that declared bankruptcy. This agreement stipulated that customer data could not be sold as a standalone asset without explicit consent from customers for new uses of their data.

Intervention in RadioShack’s Bankruptcy

Similarly, in 2015, the FTC intervened during RadioShack’s bankruptcy proceedings to enforce the company’s commitment to protect customer data. Ultimately, RadioShack chose to destroy the customer data rather than risk it being misused.

The Role of Consumer Privacy Ombudsmen

The legal landscape changed with the introduction of consumer privacy ombudsmen, a role highlighted by the ToySmart case. Bankruptcy judges can appoint these ombudsmen to assess the impact of personal data sales on the bankruptcy estate, considering both potential benefits and consumer harms.

While the U.S. Trustee has requested an ombudsman for recent proceedings, experts advocate for a more robust framework to protect consumer data during bankruptcies.

Current Context: The Case of 23andMe

Presently, 23andMe operates under a more lenient privacy policy compared to ToySmart and RadioShack. However, the stakes are higher with genetic data, which poses unique risks if exploited improperly. The company’s struggles in establishing a successful business model raise concerns about how potential new owners might handle its genetic data.

Proposed Solutions for Data Protection

An effective approach to safeguarding genetic data in bankruptcy could involve an opt-in requirement for users. Under this proposal, a bankruptcy trustee would retain the data, releasing it only upon user consent. If users do not opt in after a specified time, the data would be deleted. This strategy could create an incentive for potential buyers to establish trust with users, avoiding exploitative practices.

Weighing the Risks

Before entering bankruptcy, the former CEO of 23andMe attempted to acquire the company at valuations of $74.7 million and $12.1 million. At the higher value, this corresponds to a mere $5 per user among its 15 million user base. This raises an ethical question: is sacrificing individual genetic privacy worth such limited financial gain for the bankruptcy estate?

Conclusion: The Need for Legislative Action

The broader issue at hand is the permissibility of selling the genetic data of countless Americans during bankruptcy proceedings. Legislative inaction at both federal and state levels has allowed companies to override their privacy commitments, endangering personal data protection. As the promise of personalized healthcare inches closer, the present state of privacy law raises concerns about consumer trust in this evolution.