Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2020 Jun 27;7(1):lsaa051.
doi: 10.1093/jlb/lsaa051. eCollection 2020 Jan-Dec.

Is the European Data Protection Regulation sufficient to deal with emerging data concerns relating to neurotechnology?

Stephen Rainey  1 Kevin McGillivray  2 Simi Akintoye  3 Tyr Fothergill  3 Christoph Bublitz  4 Bernd Stahl  3
Affiliations

Is the European Data Protection Regulation sufficient to deal with emerging data concerns relating to neurotechnology?

Stephen Rainey et al. J Law Biosci. .

Abstract

Research-driven technology development in the fields of the neurosciences presents interesting and potentially complicated issues around data in general and brain data specifically. The data produced from brain recordings are unlike names and addresses in that it may result from the processing of largely involuntarily brain activity, it can be processed and reprocessed for different aims, and it is highly sensitive. Consenting for brain recordings of a specific type, or for a specific purpose, is complicated by these factors. Brain data collection, retention, processing, storage, and destruction are each of high ethical importance. This leads us to ask: Is the present European Data Protection Regulation sufficient to deal with emerging data concerns relating to neurotechnology? This is pressing especially in a context of rapid advancement in the fields of brain computer interfaces (BCIs), where devices that can function via recorded brain signals are expanding from research labs, through medical treatments, and beyond into consumer markets for recreational uses. One notion we develop herein is that there may be no trivial data collection when it comes to brain recording, especially where algorithmic processing is involved. This article provides analysis and discussion of some specific data protection questions related to neurotechnology, especially BCIs. In particular, whether and how brain data used in BCI-driven applications might count as personal data in a way relevant to data protection regulations. It also investigates how the nature of BCI data, as it appears in various applications, may require different interpretations of data protection concepts. Importantly, we consider brain recordings to raise questions about data sensitivity, regardless of the purpose for which they were recorded. This has data protection implications.

Keywords: BCIs; GDPR; brain data; brain recording; data governance; neurotechnology.

PubMed Disclaimer

Figures

Figure 1
Figure 1
A slice of the generic process from recording of brain signal, via processing, to operationalized signal, omitting feedback loops. The placing of electrodes for the purposes of recording is one way in which specific brain data types can be sought. Filtering of recorded signals according to standard or adaptive algorithms and further classification of what’s recorded. In combination, highly specific brain data can be isolated within recorded signals. From these data, information relevant to some purpose can be used as a control feature for a device, or part of a different type of system, such as brain monitoring or medical diagnostics.
See this image and copyright information in PMC

Similar articles

See all similar articles

Cited by

See all "Cited by" articles