23andMe · 23andMe Privacy Statement

Law Enforcement Disclosure Without Notice

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

23andMe can hand over your DNA and personal information to police or government agencies in response to legal demands, and in some cases may do so without a court order if the company believes it's necessary to prevent harm or fraud.

Consumer impact (what this means for users)

Your genetic data, which uniquely identifies you and reveals information about your biological family, can be shared with law enforcement agencies, and 23andMe retains discretion to do so without a warrant in certain circumstances, creating a significant surveillance risk for users and their relatives. This is particularly significant given the use of consumer genetic databases in law enforcement investigations.

Cross-platform context

See how other platforms handle Law Enforcement Disclosure Without Notice and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Law enforcement access to genetic data is especially sensitive because your DNA can implicate not just you but your biological relatives — a single disclosure can have consequences for family members who never used 23andMe.

View original clause language
Occasionally 23andMe may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may disclose your information, including your Genetic Information, in response to a court order, subpoena, search warrant, or other lawful request for information we receive, or to otherwise comply with applicable laws. We may disclose your personal information to law enforcement without a subpoena, warrant, or court order if we believe in good faith that disclosure is necessary to prevent or address fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision engages the Electronic Communications Privacy Act (ECPA, 18 U.S.C. §§2701-2712), the Stored Communications Act (SCA), the Fourth Amendment (government requests), GDPR Art. 6(1)(c) (legal obligation) and Art. 49(1)(d) (transfers for important public interest) for EU users, and CCPA's law enforcement exemption. The primary enforcement authority for government access issues is the DOJ; GDPR compliance is overseen by EU supervisory authorities.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC has authority to examine whether discretionary warrantless disclosure policies constitute unfair or deceptive practices under FTC Act Section 5.
    File a complaint →

Provision details

Document information
Document
23andMe Privacy Statement
Entity
23andMe
Document last updated
April 29, 2026
Tracking information
First tracked
April 27, 2026
Last verified
April 27, 2026
Record ID
CA-P-003464
Document ID
CA-D-00148
Evidence Provenance
Source URL
https://www.23andme.com/legal/privacy/
Wayback Machine
View archived versions →
SHA-256
dc3df5a6c7d5e8a0428d5086d3cf2f15f5072911b18402048166183c31b60dd4
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: 23andMe | Document: 23andMe Privacy Statement | Record: CA-P-003464
Captured: 2026-04-27 13:30:15 UTC | SHA-256: dc3df5a6c7d5e8a0…
URL: https://conductatlas.com/platform/23andme/23andme-privacy-statement/law-enforcement-disclosure-without-notice/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document