Are Technology and the Law on the Same “Wavelength”?: Examining the New Frontier of Brainwaves and Data Privacy

Browning-On-the-Same-Wavelength

In 2024, Elon Musk’s company, Neuralink, made headlines with the revelations that it had successfully implanted two patients—both paralyzed due to spinal cord injuries—with “brain-computer interfaces” (“BCIs”): chips designed to give them the ability to use digital devices by thinking alone. While seemingly the stuff of science fiction, implantable technology and wearable devices that monitor and use brain waves are already reality. As devices that decode and interpret brain activity with software become more common, there are already at least thirty so-called “neurotechnology” products publicly available. The benefits to be reaped through neurotechnology are significant, and one study estimates an impact of more than seventeen billion dollars by 2026.

Yet beyond these benefits, substantial privacy risks also come with devices that can tap into a person’s thoughts. Colorado recently became the first state to enact a data privacy act that includes neural data among the sensitive information protected by law. The law adds biological and neural data to existing legal definitions of “sensitive data” and imposes certain obligations on companies to safeguard such information. California has since followed with a “neural privacy” law of its own, and other states, such as Minnesota, are considering similar laws. Outside the United States, Latin American countries like Chile, Mexico, and Brazil are leading the way in recognizing and protecting neural data as part of their own respective data privacy regimens.

Neural data (data collected from brain waves) poses unique concerns within the traditional data privacy framework. It is not biological, like blood or plasma, because it measures electrical activity. It is also not biometric (like a retinal scan or fingerprint) because biometric data is an individually identifiable marker processed outside the body. Consequently, in order to ensure consumer protection, existing data privacy laws need to be updated to account for this increasingly important category of sensitive personal information.

This Article examines privacy law concerns with the collection and commodification of consumer brainwave data. It begins with an explanation of the technology and its applications. The Article continues with an analysis of the various state privacy laws that have been enacted or proposed, comparing and contrasting their respective features. The Article then examines how various nations outside the United States have approached the issue of neural privacy before suggesting ways in which existing data privacy laws may be revised to extend to brain data the same privacy considerations given to fingerprints.

Given the rapid spread and adoption of neurotechnology, this Article is hardly speculative. Society is already facing legal issues arising from similar technology. This Article illuminates the new frontier of brain wave data and its impact on data privacy.

PDF: https://journals.law.unc.edu/ncjolt/wp-content/uploads/sites/4/2025/04/Browning-On-the-Same-Wavelength.pdf

Author: Hon. John G. Browning

Volume 26, Issue 3