There's a pretty significant difference between "when you use their service you can opt-in to have your data added to the dataset" and "buried in the EULA is a clause saying they own your genes."

Ah I see there’s the opt in. In that case Microsoft telemetry is opt in too. You bought into Windows and agreed with the EULA after all.

It appears some people in this thread use a rather creative version of "opt in" [1]. There is nothing "opt" about what has been described here, nor about Microsoft telemetry (it was opt-out last time I checked).

[1] https://en.wikipedia.org/wiki/Opt-in_email

Please tell me what "creative version of opt-in" you see in this: https://www.23andme.com/about/consent/

---

6. Do I have any alternatives? Can I withdraw from this study?

Your alternative is not to participate in the 23andMe Research study. If you choose not to give consent for 23andMe Research, your Genetic & Self-Reported Information may still be used for other purposes, as described in our Privacy Statement. If you do give consent to participate in this study, you may choose not to take 23andMe Research surveys or use other 23andMe Research features.

At any time, you may choose to change your consent status to either take part in 23andMe Research or to withdraw all or some of your Genetic & Self-Reported Information from 23andMe Research. Your consent status is located in the 23andMe "Settings" page (if you experience problems changing your consent status, write to the Human Protections Administrator at hpa@23andme.com). If you withdraw all or some of your Genetic & Self-Reported Information, 23andMe will prevent that information from being used in new 23andMe Research initiated after 30 days from receipt of your request (it may take up to 30 days to withdraw your information after you withdraw your consent). Any research on your data that has been performed or published prior to this date will not be reversed, undone, or withdrawn.

Choosing not to give consent or withdrawing from 23andMe Research will not affect your access to your Genetic Information or to the Personal Genome Service.

You may also discontinue participation by closing your Personal Genome Service account, as described in the Terms of Service. Requests for account closure can be made directly within your Account Settings.

I don't know anything about it, but:

> Your alternative is not to participate in the 23andMe Research study. If you choose not to give consent for 23andMe Research, your Genetic & Self-Reported Information may still be used for other purposes, as described in our Privacy Statement

Seems to imply that if you do not give your consent for whatever "23andMe Research" is, then they will still use the data for other purposes. So in other words if you do not opt in they will still use they data. That's not a normal definition of "opt in".

However, I don't know what is in the privacy statement. What are they able to do with the data if you don't opt-in?

Looking as you cannot completely disable telemetry in windows 10 i fail to see how it is opt-in, or even opt-out. It is always on.

I don't use Windows 10, but I from what I understand Microsoft had to make it GDPR compliant. I'm not sure they succeeded entirely with that (last time I checked, the German government did not find it GDPR compliant. Regardless, at the very least it was an improvement [which isn't an excuse]).

> Microsoft had to make it GDPR compliant.

Not really. It's more like they have an army of lawyers paid so they can claim GDPR compliance, and delay/suppress or negotiate deals for years (if not decades) anything that comes up to say their not.

That being said, apparently there are already ongoing legal cases around GDPR complaints for MS. No idea how those will end up.

Consent is not freely given if it's a requirement for something else.

I think a clearer phrasing of that is "Consent is not freely given unless it's explicit". I'm fine with giving consent as long as I'm clear on what that is. General consent for using a service, to me, doesn't include using my data and/or information outside of what's needed to provide that service.

Looks like every end user agreement is bs by that metric too

That is a legitimate argument people make and also a reason companies don't want to test their EULA's in court

Yes, they are. And GDPR at least seems to rather explicitly agree with that sentiment. Consent buried in a document isn't real consent.

Yeah, and you cannot 'bundle' consent.

Trade, no, interacting with others in general; ruled nonconsensual. You read it here first folks!

This idea would really upend contract law if applied there!

In this case it totally is. Your free to not use 23andMe if you don't consent. I do think, however, it shouldn't be buried in the EULA but communicated clearly.

> Your free to not use 23andMe if you don't consent

That is not how consent works.

If I am selling you an apple, but thereby you give me consent to use its genetics for research, and without that we do not do business, then there is nothing optional about it; no opt-in, no opt-out.

Opt-in is when the flag is disabled by default, and you can enable it if you want to, and use the product regardless of your choice.

Opt-out is when the flag is enabled by default, and you can disable it if you want to, and use the product regardless of your choice.

That is how consent should work, if I don't consent I should not buy your apple. Buying your apple is optional, I'm not required to buy your apple.

Opt-in is when I buy your apple.

Opt-out is when I don't buy your apple.

You're not buying apples, though. You're buying "apples+X". That's a different from "apples". If your seller is upfront about that then I and people who want just an apple can go somewhere else for fruit. Most, though, aren't upfront about it.

If you want to buy just apples then you should buy it from other seller who just sells apples.

That is up to our governments to decide if such is allowed or not. For example, it isn't allowed to sell a gun or drugs with an apple (at least not here in The Netherlands, YMMV).

That you can decide to not go for the entire package is not what we disagree on (apart from above, I suppose).

What we were discussing is that the consent is optional; it is not in any of these examples. It is part of the package deal; then you don't call it opt-in or opt-out, as that allows you to opt-in or opt-out of something which is otherwise not in your direct advantage, but is in the other party's advantage.

That should be up to us (not government) to decide if such is allowed or not.

>What we were discussing is that the consent is optional

Yes the consent is optional, in the sense you are allowed to opt-out by not buying the apple or buying it from someone else or produce it yourself.

> That should be up to us (not government) to decide if such is allowed or not.

It is up to us to elect those who represent us in our governments.

Sure, I will elect those who allow consent as I describe.

All in the name of "liberty" for businesses, so they can vulture on the weak (the consumer). Land of the free, indeed.

Its a mutually beneficial transaction between the business and the customer.

Let's say there are two people who are supposed to get a punishment. One is found guilty by a fair trial, the other one is not found guilty by a fair trial.

For some superficial rule, I may only punish the person who has been found guilty by also punishing the person who has not been found guilty.

Can you explain to me how this is fair?

Here is where you and I differ. You find it OK when a party (e.g. business) uses your private data to sell or otherwise use for their benefit. I believe such personal data is ultimately my say. And I believe only informed opt-in (optional, not part of a package deal ie. how GDPR works) is a fair way to deal with such situation.

> That is not how consent works.

Yes, it is. I tell you all the terms of the deal in advance, and you choose to accept it or not. If you don't want my apples, go to the next guy.

I do want your apples, I don't want you to sell my personal information.