Image for article titled 23andMe to Hacked Users: We Won't See You in Court

Photo: Victor Moussa (Shutterstock)

23&Me admitted it lost 6.9 million users’ DNA in a hack, after initially reporting only 14,000 users were affected. If you’ve used 23andMe, there’s basically a coin-flip chance that your data was exposed. The company, however, updated its terms of service last week to ensure its customers couldn’t file a class action lawsuit against the company.

The terms of service update forces users into a binding arbitration, which is a means to resolve disputes outside of court, as first reported by Stack Diary on Wednesday. 23andMe specifically prohibits a class action lawsuit (perhaps from the 6.9 million people whose biodata was just exposed?) against the company unless each person opts out of the arbitration. If you’re an affected person, you can opt out by emailing arbitrationoptout@23andme.com within 30 days, meaning Dec. 30. This detail is tucked at the bottom of the fifth section for its updated terms of service.

23andMe notified users about its updated terms of service on Nov. 30 in an email, says Stack Diary. At that time, 23andMe was only telling the public that 0.1% of users were affected by the hack. Customers who opted into the company’s DNA Relative feature seem to have had information about their name, birth year, ancestry reports, DNA makeup, family members, and location exposed.

In a binding arbitration, 23andMe and a disgruntled customer who had their DNA hacked would present their cases to a neutral third party, an arbitrator. The arbitrator’s decision is final and legally enforceable, and it means that both parties must accept and cannot appeal in court.

23andMe is trying to avoid a class action lawsuit, which has major upsides for the users affected by this data breach. A class action lawsuit means the 6.9 million people affected likely won’t be responsible for any legal fees. The arbitration provision separates each user and takes away their power as a group. Arbitration is generally considered to be faster and more hidden from the public. Not to cite, arbitration will be much cheaper for 23andMe.

Though the opt-out option exists, it’s unlikely that nearly 7 million users will send that email in 30 days. If a class action lawsuit does come about, a much smaller portion of the hacked users may be able to take part.

Source link