G-0LM5LRNCVT

23andMe Changes Terms of Service Amid Legal Fallout From Data Breach

Days after a data breach allowed hackers to steal 6.9 million 23andMe users’ personal details, the genetic testing company changed its terms of service to prevent customers from formally suing the firm or pursuing class-action lawsuits against it.

Why it matters: It’s unclear if 23andMe is attempting to retroactively shield itself from lawsuits alleging it acted negligently. 

Through a mechanism called acceptance by silence or inaction, 23andMe stipulated that customers must explicitly tell the company they disagree with the new terms within 30 days of being notified of the changes or they will be locked into the terms automatically. 

The latest: At least two law firms are pursuing a class action against 23andMe.

Canada-based law firms YLaw and KND Complex Litigation have proposed a class-action lawsuit against the company in the Supreme Court of British Columbia.

What they’re saying: A 23andMe spokesperson said on Friday the company did not change its terms of service to limit its customers’ rights to seek relief in court but to speed up the resolution of disputes.

The spokesperson said the new terms allow customers to seek relief in small claims court. They noted that customers also retain the right to opt out of mandatory arbitration by not agreeing with the new terms.

The spokesperson did not say whether the company was attempting to protect itself from potential legal fallout stemming from the breach.

The big picture: Small claims courts are generally less formal than traditional courtrooms and handle cases involving claims generally under $10,000, depending on the state court system involved.

The new terms only allow customers to seek relief in small claims court if they give the company written notice before an arbitrator has been formally appointed to handle the dispute.

You can read more in an article by Jacob Knutson published in the axios.com web site at: https://www.axios.com/2023/12/07/23andme-terms-of-service-update-data-breach.