I’ve seen some GDPR code. The easiest thing to do is delete anything associated with a deleted user after N days. Adding a condition on the country they told you they’re from without actual KYC is asking for trouble.
Sure aggregate anononymized data sticks around. Maybe the anonymization isn’t built right, but it isn’t literally your DNA data unless they really fucked up GDPR compliance.
They actually talk about opting you out of Research and discarding the sample (on the linked privacy page). The word delete isn’t explicitly used about the DNA data 🤔.
I’ve seen some GDPR code. The easiest thing to do is delete anything associated with a deleted user after N days. Adding a condition on the country they told you they’re from without actual KYC is asking for trouble.
Sure aggregate anononymized data sticks around. Maybe the anonymization isn’t built right, but it isn’t literally your DNA data unless they really fucked up GDPR compliance.
I will caveat that a sufficiently motivated company might put in the hours to use at least billing info or shipping address. https://customercare.23andme.com/hc/en-us/articles/360004944654-What-s-In-Your-Account-Settings
They actually talk about opting you out of Research and discarding the sample (on the linked privacy page). The word delete isn’t explicitly used about the DNA data 🤔.