What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://you.23andme.com/', 'difficulty': 'MODERATE', 'action_type': 'DELETE_DATA', 'instructions': "California residents can submit a CCPA data access, deletion, or opt-out request by logging into their 23andMe account at https://you.23andme.com/ and navigating to privacy settings, or by contacting 23andMe's privacy team through the customer care portal at https://customercare.23andme.com/.", 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'State_AG', 'reason': 'The California Attorney General and California Privacy Protection Agency jointly enforce CCPA/CPRA rights, including the right to delete and opt out of sale/sharing of genetic data classified as sensitive personal information.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this California Consumer Privacy Rights clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar California Consumer Privacy Rights clauses across approximately 5 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

California Consumer Privacy Rights — 23andMe

Share 𝕏 Share in Share 🔒 PDF

What it is

If you live in California, you have specific legal rights over your data including the right to know what 23andMe has, the right to delete it, to correct errors, and to opt out of your data being sold or shared.

Consumer impact (what this means for users)

California residents can submit formal requests to access, delete, correct, or opt out of the sale or sharing of their personal information — including genetic data — and 23andMe is legally required to respond, making these rights practically enforceable. The right to limit sensitive personal information use is particularly significant given that genetic data is classified as sensitive under CPRA.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

California residents can submit a CCPA data access, deletion, or opt-out request by logging into their 23andMe account at https://you.23andme.com/ and navigating to privacy settings, or by contacting 23andMe's privacy team through the customer care portal at https://customercare.23andme.com/.

Cross-platform context

See how other platforms handle California Consumer Privacy Rights and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

California residents have stronger legal protections for their genetic and health data than most other US states, and exercising these rights can meaningfully limit how 23andMe uses and shares your DNA information.

View original clause language

If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These rights may include the right to know what personal information we have collected about you, the right to delete your personal information, the right to correct inaccurate personal information, the right to opt-out of the sale or sharing of your personal information, the right to limit use and disclosure of your sensitive personal information, and the right to non-discrimination for exercising your privacy rights.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision is governed by CCPA (Cal. Civ. Code §1798.100 et seq.) as amended by CPRA, enforced by the California Privacy Protection Agency (CPPA) and the California Attorney General. Genetic data is expressly classified as sensitive personal information under CPRA §1798.140(ae)(1)(G), triggering opt-in consent requirements for collection and use beyond primary service purposes. The right to limit sensitive personal information use under §1798.121 is directly applicable.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

State AG

The California Attorney General and California Privacy Protection Agency jointly enforce CCPA/CPRA rights, including the right to delete and opt out of sale/sharing of genetic data classified as sensitive personal information.
File a complaint →

Provision details

Document information

Document

23andMe Privacy Statement

Entity

23andMe

Document last updated

April 29, 2026

Tracking information

First tracked

April 27, 2026

Last verified

April 27, 2026

Record ID

CA-P-003467

Document ID

CA-D-00148

Evidence Provenance

Source URL

https://www.23andme.com/legal/privacy/

Wayback Machine

View archived versions →

SHA-256

dc3df5a6c7d5e8a0428d5086d3cf2f15f5072911b18402048166183c31b60dd4

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: 23andMe | Document: 23andMe Privacy Statement | Record: CA-P-003467
Captured: 2026-04-27 13:30:15 UTC | SHA-256: dc3df5a6c7d5e8a0…
URL: https://conductatlas.com/platform/23andme/23andme-privacy-statement/california-consumer-privacy-rights/
Accessed: May 2, 2026

Classification

Severity

Medium

California Consumer Privacy Rights