Introduction to Bankruptcy and Personal Data

Bankruptcy proceedings involving personal data don’t have to end badly. In the past, there have been cases where the Federal Trade Commission (FTC) has stepped in to protect customer data. For example, in 2000, the FTC settled with the bankrupt retailer ToySmart to ensure that its customer data could not be sold as a stand-alone asset, and that customers would have to affirmatively consent to unexpected new uses of their data. Similarly, in 2015, the FTC intervened in the bankruptcy of RadioShack to ensure that it would keep its promises never to sell the personal data of its customers.

The Role of the Consumer Privacy Ombudsman

The ToySmart case also gave rise to the role of the consumer privacy ombudsman. Bankruptcy judges can appoint an ombuds to help the court consider how the sale of personal data might affect the bankruptcy estate, examining the potential harms or benefits to consumers and any alternatives that might mitigate those harms. The U.S. Trustee has requested the appointment of an ombuds in this case. While scholars have called for the role to have more teeth and for the FTC and states to intervene more often, a framework for protecting personal data in bankruptcy is available.

The Case of 23andMe

23andMe has a more permissive privacy policy than ToySmart or RadioShack. But the risks incurred if genetic data falls into the wrong hands or is misused are severe and irreversible. And given 23andMe’s failure to build a viable business model from testing kits, it seems likely that a new business would use genetic data in ways that users wouldn’t expect or want.

Protecting Genetic Data

An opt-in requirement for genetic data solves this problem. Genetic data (and other sensitive data) could be held by the bankruptcy trustee and released as individual users gave their consent. If users failed to opt in after a period of time, the remaining data would be deleted. This would incentivize 23andMe’s new owners to earn user trust and build a business that delivers value to users, instead of finding unexpected ways to exploit their data.

The Alternative

Before 23andMe went into bankruptcy, its then-CEO made two failed attempts to buy it, at reported valuations of $74.7 million and $12.1 million. Using the higher offer, and with 15 million users, that works out to a little under $5 per user. Is it really worth it to permanently risk a person’s genetic privacy just to add a few dollars in value to the bankruptcy estate?

The Bigger Question

Of course, this raises a bigger question: Why should anyone be able to buy the genetic data of millions of Americans in a bankruptcy proceeding? The answer is simple: Lawmakers allow them to. Federal and state inaction allows companies to dissolve promises about protecting Americans’ most sensitive data at a moment’s notice.

Conclusion

In conclusion, the case of 23andMe highlights the need for stronger protections for personal data in bankruptcy proceedings. An opt-in requirement for genetic data is a simple and effective solution that would protect users’ sensitive information and incentivize companies to build trust with their customers.

FAQs

• Q: What is the role of the consumer privacy ombudsman in bankruptcy proceedings?
  A: The consumer privacy ombudsman helps the court consider how the sale of personal data might affect the bankruptcy estate and examines the potential harms or benefits to consumers.
• Q: Why is it important to protect genetic data in bankruptcy proceedings?
  A: Genetic data is sensitive and irreversible, and its misuse can have severe consequences for individuals.
• Q: What is the proposed solution to protect genetic data in the case of 23andMe?
  A: An opt-in requirement for genetic data, where users must consent to the use of their data before it is released to a new company.
• Q: Why should lawmakers take action to protect personal data in bankruptcy proceedings?
  A: To prevent companies from dissolving promises about protecting Americans’ most sensitive data at a moment’s notice and to build trust with consumers.