Canada: UK Information Commissioner’s Office fined 23andMe GBP 2.31 million following joint investigation with Office of the Privacy Commissioner of Canada regarding compliance with cybersecurity regulations

UK Information Commissioner’s Office fined 23andMe GBP 2.31 million following joint investigation with Office of the Privacy Commissioner of Canada regarding compliance with cybersecurity regulations

On 17 June 2025, the UK Information Commissioner’s Office (ICO) and the Office of the Privacy Commissioner of Canada (OPC) concluded their joint investigation into 23andMe’s compliance with cybersecurity regulations, following a data breach reported…

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

other service provider

Implementation Level

bi- or plurilateral agreement

Government Branch

executive

Government Body

data protection authority

Complete timeline of this policy change

Hide details

2024-06-10

under deliberation

On 10 June 2024, the Office of the Privacy Commissioner of Canada (OPC) announced that they had lau…

2025-03-24

under investigation

On 24 March 2025, the UK Information Commissioner’s Office (ICO) issued provisional findings, a not…

2025-06-17

in force

On 17 June 2025, the UK Information Commissioner’s Office (ICO) and the Office of the Privacy Commi…

Description

UK Information Commissioner’s Office fined 23andMe GBP 2.31 million following joint investigation with Office of the Privacy Commissioner of Canada regarding compliance with cybersecurity regulations

Scope

Complete timeline of this policy change