Background and business model
23andMe is a direct-to-consumer (DTC) genetic testing company that uses at-home kits and mail delivery to collect biologic samples (saliva) in order to provide customized reports about consumers’ ancestry and genetic data (e.g., predispositions to specific health conditions). 23andMe uses digital technology to analyze biologic samples and compare customer data to the large 23andMe reference dataset of samples in order to identify and classify a customer’s ancestry and genetic markers.
23andMe disrupted the genetic testing industry because it provided a lower quality (limited set of genetic information compared to traditional genetic testing), lower cost product directly to consumers that provided relevant genetic information that was traditionally only available to doctors and medical professionals.
Value creation and capture
23andMe creates and captures value by 1) charging customers for at-home genetic testing kits with individualized reports, and 2) partnering with pharmaceutical companies to share customer data for drug development.
1) Customer at-home genetic testing kits: 23andMe offers three versions of genetic testing kits for customers which range in the level of information provided. A customer can purchase 23andMe’s “Ancestry + Traits Service” for $99, the “Health + Ancestry Service” for $199, or the “VIP Health + Ancestry Service” for $499. All of the kits provide ancestry and traits information, while the health-specific kits provide health predisposition, carrier status, and wellness reports. The VIP kit provides priority lab processing, premium customer support, and a 1-on-1 ancestry results walkthrough.
2) Pharmaceutical partnerships: In 2018, 23andMe initiated an exclusive 4-year partnership with pharmaceutical giant, GlaxoSmithKline (GSK), to share genetic information about 23andMe’s 5 million customers. GSK will use 23andMe’s large base of customer data and proprietary statistical analytics to inform drug discovery and development. As part of the partnership, GSK and 23andMe will share in the proceeds from any new drugs that are developed. Additionally, GSK made a $300M equity investment in 23andMe at the time of the partnership.
Thus, 23andMe creates value for both customers and pharmaceutical companies, and it captures that value by charging customers for genetic testing kits and partnering with pharmaceutical companies to develop new drugs.
How 23andMe is “losing” at digital privacy
23andMe laid off 14% of its workforce in January 2020 due to a slowdown in sales of its genetic testing kits. 23andMe CEO Anne Wojcicki cited privacy concerns as a possible cause of the slowdown. She believes that customers are feeling anxious about sharing genetic data due to the publicity about Facebook and other technology companies sharing customer data without consent.
I view 23andMe’s lagging sales as an indicator that it is a “loser” in the digital privacy realm since 1) 23andMe was not fully transparent with customers about its data sharing practices, and 2) 23andMe may put customers’ genetic information at risk.
1) 23andMe’s data sharing practices: When customers submit biologic samples to 23andMe for analysis, they can choose to consent or withdraw from “23andMe Research”. By consenting to 23andMe Research, customers are agreeing to let 23andMe use their genetic and self-reported information for, what 23andMe describes as, “research purposes”. 23andMe indicates that this data will be de-identified (name, contact, and credit card information removed) and shared with 23andMe researchers, as well as “external research partners and in scientific publications”. 
While 23andMe frames this consent form around research and scientific development, it was not always clear to customers that their data would be used by pharmaceutical companies until 23andMe publicly partnered with GSK. Although this data is deidentified, it still causes many customers to reconsider choosing to share their genetic data with 23andMe. While customers may have felt comfortable sharing information for scientific research, they may not feel comfortable sharing their data with a for-profit company. Since 23andMe was not transparent about its intention to share data with pharmaceutical companies, customers cannot be certain that 23andMe will not share data with other companies that customers are not comfortable with in the future.
2) Genetic information at risk: While 23andMe has data security measures in place, it cannot be certain that a data breach will never occur. In fact, DNA testing service MyHeritage was attacked by hackers in June 2018, exposing 92 million of its accounts. Hackers can use genetic information to get paid ransom, or, even more concerningly, to potentially sell to health insurance companies to use to evaluate patient eligibility or individual insurance premiums (although this would be illegal under current regulations). If 23andMe’s genetic database is hacked, customers are at risk of losing very personal and individualized information that could harm their future.
Thus, in the age of heightened concerns about digital privacy, 23andMe’s genetic testing is not as compelling for customers since sharing genetic information with 23andMe means customers are sharing their DNA with any company 23andMe chooses to partner with, and customers’ personal genetic information may be at risk of being hacked.