The recent bankruptcy of 23andMe is more than a headline, it is a crucial lesson for the legal technology industry. This situation highlights the urgent need for innovative solutions to protect sensitive genetic data amid financial turbulence and operational shifts. Legal tech can play a pivotal role in safeguarding data privacy within the biotech sphere by weaving together regulatory compliance, cutting-edge technology, and strategic foresight. 23andMe’s current challenges have exposed critical gaps in managing genetic data when a company’s future becomes uncertain. The situation highlights a pressing question: How can legal technology help safeguard consumer data when a biotech company faces bankruptcy or restructuring?

  1. Data Management During Corporate Transitions

During periods of instability like bankruptcy or restructuring, keeping sensitive data secure and well-managed is crucial. Technologies that enhance transparency and traceability can ensure that any transfer or alteration of data is properly documented and compliant with legal standards. Take into consideration the challenges faced by MyHeritage. In 2017, MyHeritage suffered a data breach that compromised the email addresses, registration dates, and encrypted passwords of around three-quarters of a million Israeli users. The aftermath included a settlement of 400,000 ILS and additional compensatory services. The court’s decision highlighted how seemingly non-sensitive data like email addresses could reveal personal information and how inadequate data safeguards can lead to significant legal and financial consequences. This example reinforces why companies like 23andMe must have robust data management practices, especially when corporate stability is questioned.

  1. Automated Compliance Monitoring

In today’s rapidly evolving regulatory landscape, legal tech tools are becoming indispensable for maintaining compliance with regulations like GDPR and CCPA. These advanced systems continuously scan data handling practices, identifying potential compliance gaps in real-time and flagging issues before they escalate into major problems. In October 2020, British Airways faced a record £20 million fine under GDPR by the ICO after a data breach exposed the personal data of over 400,000 customers. An investigation revealed inadequate data monitoring and failure to detect vulnerabilities in time, resulting in a violation of GDPR obligations. If British Airways had automated compliance monitoring tools in place at that time to detect security flaws and trigger alerts, it might have significantly mitigated the risk or prevented the breach altogether. Integrating automated compliance monitoring for biotech companies could mean the difference between catching a data vulnerability early and facing substantial fines and reputational damage. By avoiding potential issues, companies can better protect sensitive genetic data and maintain consumer trust, even during financial uncertainty.

  1. Smart Contracts for Data Consent

Managing data consent can become complex when company dynamics change, such as during a sale or acquisition. Smart contracts may be a viable option to automatically update consent statuses and ensure data use remains within legal boundaries, even if the company’s structure shifts. Implementing such technology at 23andMe could provide more explicit guidance on managing consumer data during bankruptcy, reducing confusion and maintaining consumer trust.

 A Broader Look at Legal Tech's Role: Companies handling genetic data must build strong legal tech frameworks that can function effectively, even when facing financial difficulties. During bankruptcy, the responsibility to protect data doesn’t go away- managing sensitive genetic information securely remains essential. It’s neither fair nor reasonable for consumers to be left responsible for data deletion during corporate uncertainty. Legal frameworks and technological solutions must be resilient, providing ongoing protection and compliance regardless of a company’s financial situation. This reality calls for a proactive approach from the legal tech sector that anticipates challenges before they escalate. Addressing these issues effectively means focusing on three key areas:

  1. Establishing Industry Standards: There is a pressing need for an industry-wide standard that dictates how genetic data should be managed, especially under challenging conditions. Legal technology can lead this effort by developing standards that seamlessly integrate with existing regulations and receive endorsement from relevant authorities. Establishing clear guidelines will help companies navigate the complexities of data management, particularly during financial or operational instability.
  2. Fostering Education and Collaboration: Building knowledge and fostering collaboration between legal tech companies, biotech firms, and regulatory agencies can significantly enhance adopting these technologies. Educational programs should focus on the critical importance of data privacy when handling genetic data and the practical tools available to protect it. By creating a culture of awareness and proactive data management, companies can better prepare for potential challenges.
  3. Developing Tailored Legal Tech Solutions: Creating new products that specifically address the challenges of managing genetic data is essential. These could include advanced data anonymisation tools, improved consent management platforms, and crisis management software designed specifically for the biotech industry. Drawing lessons from cases like MyHeritage can guide the development of features that proactively address data protection weaknesses, ensuring that companies remain resilient even when facing financial or operational pressures.

The 23andMe bankruptcy is a critical reminder of the need for robust legal tech frameworks that protect genetic data, even during corporate turmoil. By prioritising proactive compliance monitoring, resilient data management practices, and innovative consent solutions, the legal tech industry can help biotech companies navigate financial uncertainty while safeguarding consumer trust. Implementing clear standards and fostering collaboration will be essential to building a more secure and responsible approach to genetic data management.

This post was submitted by Devon Ramsammy, an LLM student at the University of Bristol.