I take the (you may call it Stoic) decision not to think about what I cannot affect.
23andMe is not a good company, it is tied to Google etc. and they are sloppy with security.
I am not even trying to justify myself not taking my data away from there earlier, that is my fault, and I have been stupid and lazy.

That said, their Privacy Statement is quite clear about what should happen and none of the exception listed there apply, also because genetic data is anyway Art. 9 data.

I will act at the best of my possibilities and not concern myself more than needed with how bad of an actor anyone may be in the US (it is a bit overwhelming as an exercise, especially nowadays).

I don't think it is reasonable to expect every individual to become a privacy / legal expert. I think people should have reasonable protections and assurances given to them without needing to study the details of everything they do on a case-by-case basis.

We have laws about what food can and cannot be sold - so that individuals don't have to personally test and monitor every product for safety. Privacy & data could be done like that too.

While I do agree its a bit whack, I question if everything needs 100% safety to be legal?

If someone offers a dangerous thing and you sign a waiver, maybe motocross, if you get injured is it the owners fault? Why should an individual be free from onus?

Nah. Motocross has an obvious physical risk. Collecting your private info through shady and innocuous legal agreements is horse shit. It would be one thing if they were sworn to do good with the data or something but we know they only want to use it to enrich themselves. The fines would need to be severe like say the 21 and me people should be put under the prison