Introduction to Neurotechnology and Data Concerns

The emerging field of neurotechnology is witnessing a surge in products that claim to offer various utilities by reading brainwaves. Although the actual functionality of these products is debatable, they seem to be successful in monetizing the data collected from users’ brains. In a recent letter to the Federal Trade Commission (FTC), Democratic Senators Chuck Schumer, Maria Cantwell, and Ed Markey have called for an investigation into the handling of user data by neurotech companies, raising concerns that sensitive and personal information may be being sold.

Lack of Regulatory Guidance

According to the Senators, there is a lack of regulatory guidance related to brain-computer interface (BCI) technologies, which has allowed companies to collect and sell user-generated neural data without clear consent or understanding. As stated in the letter, neural data captured directly from the human brain can reveal mental health conditions, emotional states, and cognitive patterns, even when anonymized. This information is not only deeply personal but also strategically sensitive.

Neurotech Products and Data Protection

While devices considered medical technology, such as Elon Musk’s Neuralink, are required to comply with data protection practices under the Health Insurance Portability and Accountability Act (HIPAA), devices branded for "wellness" purposes rather than medical ones have fewer restrictions or requirements when it comes to handling user data. Many neurotech products fall into this category, promising to help people sleep better or deal with anxiety and stress in a non-clinical manner, often with dubious scientific backing.

Current Data Collection and Protection Landscape

As evidence of the unclear data collection and protection landscape in the BCI space, the Senators pointed to a 2024 report published by the Neurorights Foundation, which examined the data policies of 30 different neurotech companies with devices available to consumers without medical professional approval. The report found that 29 of the 30 companies could collect user data and provide no meaningful limitations to this access. It also found that only half of the companies allow consumers to revoke consent for data processing, and just 14 allow users to delete their data.

State-Level Protections

While some states have implemented protections for neural data, such as Colorado’s expansion of the Colorado Privacy Act to cover biological data and California’s new law offering privacy requirements related to brain data, these patches of protection are few and far between. The majority of the country lacks clear regulations, leaving consumers vulnerable to the collection and sale of their brain data.

Call for Action

The Senators are urging the FTC to expand data reporting requirements to cover neural data and establish new safeguards to protect consumers from having their brain data collected and sold. However, whether the currently understaffed and not exactly consumer-friendly FTC under the Trump administration will take action remains to be seen. The fate of this call to action hangs in the balance, leaving the future of neurotech data protection uncertain.