Surveillance capitalism is like a slowly boiled frog. You don't realize how much it has bent every single aspect of our lives in its favour unless you take a step back and ask yourself "how would the world have reacted had this thing happened 10-20 years ago?"
#MeAnd23 is a good textbook example.
Had such a massive hack happened 10-20 years ago (we're talking of the records about 7 millions individuals, like the whole population of a small/medium country, including names, emails, dates of birth, addresses, members of the family tree, ancestry etc.: lists of people with Ashkenazi Jewish ancestry were already available on the dark web hours after the hack), I have no doubt of how things would have unfolded.
A big public outcry, a big class action against the company for not enforcing sufficient protection against personal data, boycott acts, the board stepping down, etc.
How do things unfold in 2023 instead?
The hack is barely mentioned in the news, it joins a neverending list of data breaches (by now we can all safely assume that some criminal out there has at least our phone number, email address, date of birth and physical address, fished from thousands of data dumps on the dark web), and the company simply rushed to push out a new ToC that simply states that, if the nature of a complaint against them is similar to those of many other users, then there will be "procedures that will encourage a prompt resolution of any disputes and to streamline arbitration proceedings".
In other words, closes door arbitration and dispute resolution to avoid a class action where they could be publicly called accountable for mishandling the personal data of millions of individuals, be given harsh fines, or have the board forced to resign.
Of course, the new ToC is opt-in by default, unless you send them an email within 30 days. So it's safe to assume that anyone who doesn't file them an email within that time window will lose their right to sue a business for leaking their most sensitive personal data to criminals.
If you're asking yourself whether today's tech companies are above the law, you're probably asking the right question.
Btw, never ever consider sending your hair, blood or spit to one of these ancestry discovery companies. You're basically giving them the keys to your most sensitive and valuable personal information. Hackers are very well aware of the value of that information on the dark web and regularly target these systems. It's a ticking bomb, and it's just a matter of time before data about your ethnicity and family tree is leaked.
https://www.engadget.com/23andme-frantically-changed-its-terms-of-service-to-prevent-hacked-customers-from-suing-152434306.html