Canada: Office of the Privacy Commissioner of Canada and UK Information Commissioner's Office joint investigation into 23andMe's compliance with cybersecurity regulations
Progress
Scope
Timeline of events
UK Information Commissioner’s Office fined 23andMe GBP 2.31 million following joint investigation with Office of the Privacy Commissioner of Canada regarding compliance with cybersecurity regulations
On 17 June 2025, the UK Information Commissioner’s Office (ICO) and the Office of the Privacy Commissioner of Canada (OPC) concluded their joint investigation into 23andMe’s compliance with cybersecurity regulations, following a data breach reported…
SourceUK Information Commissioner’s Office issued provisional findings and proposed fine to 23andMe following joint investigation with Office of the Privacy Commissioner of Canada regarding compliance with cybersecurity regulations
On 24 March 2025, the UK Information Commissioner’s Office (ICO) issued provisional findings, a notice of intent to impose a fine of £4.59 million, and a preliminary enforcement notice to 23andMe. This action followed a joint investigation with the …
SourceOffice of the Privacy Commissioner of Canada and UK Information Commissioner’s Office announced joint investigation into 23andMe's compliance with cybersecurity regulations
On 10 June 2024, the Office of the Privacy Commissioner of Canada (OPC) announced that they had launched a joint investigation with the United Kingdom Information Commissioner's Office (ICO) into the data breach that was discovered in October 2023 a…
Source