A number of changes to their terms of service over the last few days indicate that the change in their business model may have come at the cost of user data protection. See recent change diluting privacy protections enjoyed by their users.
23andMe will never release your individual-level Genetic Information and/or Self-Reported Information to any third party without asking for and receiving your explicit consent to do so
I would not imagine 23andMe handing out a table with people's names in one column and their genetic info in next. And their terms and conditions clearly say that.
However, with the changes cited, they are lowering the level of protection they used to offer in order for their client companies to not be able to deconvolute data in order to build that table.
Users are informed of the changes, that is what matters.
That can be assumed to be true of any statement made in such a policy, regardless of whether it's there or not. No company can credibly claim that they will defy the law on your behalf.
The first exception that comes to mind is tarsnap. Who does not only offer that promise, but offers code and reasoning for why it is impossible for them to compromise your data even if law enforcement comes calling!
Lavabit also comes to mind. While they could have technically compromised their customers, when law enforcement came calling (after Snowden famously used them), the owner chose to shut down instead of complying with the requests of law enforcement.
23andMe will never release your individual-level Genetic Information and/or Self-Reported Information to any third party without asking for and receiving your explicit consent to do so
That sounds pretty cut and dried to me.