Human in the Loop

When Guido Girardi put on an Emotiv headset to test the latest consumer brain-reading gadget, he probably didn't expect to make legal history. The former Chilean senator was simply curious about a device that promised to track his focus and mental state through electroencephalography (EEG) sensors. What happened next would set a precedent that reverberates through the entire neurotechnology industry.

In August 2023, Chile's Supreme Court issued a unanimous ruling ordering the San Francisco-based company to delete Girardi's brain data. The court found that Emotiv had violated his constitutional rights to physical and psychological integrity, as well as his right to privacy, by retaining his neural data for research purposes without proper consent. It was the world's first known court ruling on the use of “neurodata”, and it arrived at precisely the moment when brain-reading technology is transitioning from science fiction to everyday reality.

The timing couldn't be more critical. We're witnessing an unprecedented convergence: brain-computer interfaces (BCIs) that were once confined to research laboratories are now being implanted into human skulls, whilst consumer-grade EEG headsets are appearing on shop shelves next to smartwatches and fitness trackers. The global electroencephalography devices market is projected to reach £3.65 billion by 2034, up from £1.38 billion in 2024. More specifically, the wearable EEG devices market alone is expected to hit £695.51 million by 2031.

This isn't some distant future scenario. In January 2024, Neuralink conducted its first human brain-chip implant. By January 2025, a third person had received the device. Three people are now using Neuralink's N1 chip daily to play video games, browse the web, and control external hardware. Meanwhile, competitors are racing ahead: Synchron, backed by Bill Gates and Jeff Bezos, has already implanted its device in 10 people. Precision Neuroscience, co-founded by a Neuralink defector, received FDA clearance in 2025 for its ultra-thin Layer 7 Cortical Interface, which packs 1,024 electrodes onto a strip thinner than a strand of human hair.

But here's what should genuinely concern you: whilst invasive BCIs grab headlines, it's the consumer devices that are quietly colonising the final frontier of privacy, your inner mental landscape. Companies like Emotiv, Muse (InteraXon), NeuroSky, and Neuphony are selling EEG headsets to anyone with a few hundred pounds and a curiosity about their brain activity. These devices promise to improve your meditation, optimise your sleep, boost your productivity, and enhance your gaming experience. What they don't always make clear is what happens to the extraordinarily intimate data they're collecting from your skull.

The Last Frontier Falls

Your brain generates approximately 50,000 thoughts per day, each one leaving electrical traces that can be detected, measured, and increasingly, decoded. This is the promise and the peril of neurotechnology.

“Neural data is uniquely sensitive due to its most intimate nature,” explains research published in the journal Frontiers in Digital Health. Unlike your browsing history or even your genetic code, brain data can reveal “mental health conditions, emotional states, and cognitive patterns, even when anonymised.” As US Senators noted in an April 2025 letter urging the Federal Trade Commission to investigate neural data privacy, “Unlike other personal data, neural data, captured directly from the human brain, can reveal mental health conditions, emotional states, and cognitive patterns, even when anonymised.”

The technology for extracting this information is advancing at a startling pace. Scientists have developed brain-computer interfaces that can translate neural signals into intended movements, emotions, facial gestures, and speech. High-resolution brain imaging enables effective decoding of emotions, language, mental imagery, and psychological intent. Even non-invasive consumer devices measuring brain signals at the scalp can infer inner language, attention, emotion, sexual orientation, and arousal, among other cognitive functions.

Nita Farahany, the Robinson O. Everett Distinguished Professor of Law and Philosophy at Duke University and one of the world's foremost experts on neurotechnology ethics, has been sounding the alarm for years. In her book “The Battle for Your Brain”, she argues that we're at a pivotal moment where neurotechnology could “supercharge data tracking and infringe on our mental privacy.” Farahany defines cognitive liberty as “the right to self-determination over our brains and mental experiences, as a right to both access and use technologies, but also a right to be free from interference with our mental privacy and freedom of thought.”

The concern isn't hypothetical. In April 2024, the Neurorights Foundation released a damning report examining the privacy practices of 30 consumer neurotechnology companies. The findings were alarming: 29 of the 30 companies reviewed “appeared to have access to the consumer's neural data and provide no meaningful limitations to this access.” In other words, nearly every company in the consumer neurotechnology space can peer into your brain activity without meaningful constraints.

The Workplace Panopticon Gets Neural

If the thought of tech companies accessing your neural data sounds dystopian, consider what's already happening in workplaces around the globe. Brain surveillance has moved from speculative fiction to operational reality, and it's expanding faster than most people realise.

Workers in offices, factories, farms, and airports are already wearing neural monitoring devices. Companies are using fatigue-tracking headbands with EEG sensors to monitor employees' brain activity and alert them when they become dangerously drowsy. In mining operations, finance firms, and sports organisations, neural sensors extract what their manufacturers call “productivity-enhancing data” from workers' brains.

The technologies involved are increasingly sophisticated. Electroencephalography (EEG) measures changes in electrical activity using electrodes attached to the scalp. Functional near-infrared spectroscopy (fNIRS) measures changes in metabolic activity by passing infrared light through the skull to monitor blood flow. Both technologies are now reliable and affordable enough to support commercial deployment at scale.

With these devices, employers can analyse brain data to assess cognitive functions, detect cognitive patterns, and even identify neuropathologies. The data could inform decisions about promotions, hiring, or dismissal. The United Kingdom's Information Commissioner's Office predicts neurotechnology will be common in workplaces by the end of the decade.

The privacy implications are staggering. When individuals know their brain activity is being monitored, they may feel pressured to self-censor or modify their behaviour to align with perceived expectations. This creates a chilling effect on mental freedom. Employers could diagnose brain-related diseases, potentially leading to medical treatment but also discrimination. They could gather insights about how individual workers respond to different situations, information that could adversely affect employment or insurance status.

Perhaps most troublingly, there's reason to suspect that brain activity data wouldn't be covered by health privacy regulations like HIPAA in the United States, because it isn't always considered medical or health data. The regulatory gaps are vast, and employers are stepping into them with minimal oversight or accountability.

The Regulatory Awakening

For years, the law lagged hopelessly behind neurotechnology. That's finally beginning to change, though whether the pace of regulation can match the speed of technological advancement remains an open question.

Chile blazed the trail. In 2021, it became the first country in the world to amend its constitution to explicitly protect “neurorights”, enshrining the mental privacy and integrity of individuals as fundamental rights. The constitution now protects “cerebral activity and the information drawn from it” as a constitutional right. The 2023 Supreme Court ruling against Emotiv put teeth into that constitutional protection, ordering the company to delete Girardi's data and mandating strict assessments of its products prior to commercialisation in Chile.

In the United States, change is happening at the state level. In 2024, Colorado and California enacted the first state privacy laws governing neural data. Colorado's House Bill 24-1058 requires regulated businesses to obtain opt-in consent to collect and use neural data, whilst California's Consumer Privacy Act only affords consumers a limited right to opt out of the use and disclosure of their neural data. The difference is significant: opt-in consent requires active agreement before data collection begins, whilst opt-out allows companies to collect by default unless users take action to stop them.

Montana followed suit, and at least six other states are developing similar legislation. Some proposals include workplace protections with bans or strict limits on using neural data for surveillance or decision-making in employment contexts, special protections for minors, and prohibitions on mind manipulation or interference with decision-making.

The European Union, characteristically, is taking a comprehensive approach. Under the General Data Protection Regulation (GDPR), neural data often constitutes biometric data that can uniquely identify a natural person, or data concerning health. Both categories are classified as “special categories of data” subject to enhanced protection. Neural data “may provide deep insights into people's brain activity and reveal the most intimate personal thoughts and feelings”, making it particularly sensitive under EU law.

The Spanish supervisory authority (AEPD) and the European Data Protection Supervisor (EDPS) recently released a joint report titled “TechDispatch on Neurodata” detailing neurotechnologies and their data protection implications. Data Protection Authorities across Europe have begun turning their focus to consumer devices that collect and process neural data, signalling that enforcement actions may be on the horizon.

Globally, UNESCO is preparing a landmark framework. In August 2024, UNESCO appointed an internal expert group to prepare a new global standard on the ethics of neurotechnology. The draft Recommendation on the Ethics of Neurotechnology will be submitted for adoption by UNESCO's 194 Member States in November 2025, following two years of global consultations and intergovernmental negotiations.

The framework addresses critical issues including mental privacy and cognitive liberty, noting that neurotechnology can “directly access, manipulate and emulate the structure of the brain, producing information about identities, emotions, and fears, which combined with AI can threaten human identity, dignity, freedom of thought, autonomy, and mental privacy.”

The Neurorights We Need

Legal frameworks are emerging, but what specific rights should you have over your neural data? Researchers and advocates have coalesced around several foundational principles.

Rafael Yuste, a neurobiologist at Columbia University who helped initiate the BRAIN Initiative and co-founded the Neurorights Foundation, has proposed five core neurorights: mental privacy, mental identity, free will, fair access to mental augmentation, and protection from bias.

Mental privacy, the most fundamental of these rights, protects private or sensitive information in a person's mind from unauthorised collection, storage, use, or deletion. This goes beyond traditional data privacy. Your neural activity isn't just information you've chosen to share; it's the involuntary electrical signature of your inner life. Every thought, every emotion, every mental process leaves traces that technology can increasingly intercept.

Mental identity addresses concerns about neurotechnology potentially altering who we are. As BCIs become capable of modifying brain function, not just reading it, questions arise about the boundaries of self. If a device can change your emotional states, enhance your cognitive capabilities, or suppress unwanted thoughts, at what point does it begin to redefine your identity? This isn't abstract philosophy; it's a practical concern as neurotechnology moves from observation to intervention.

Free will speaks to the integrity of decision-making. Neurotechnology that can influence your thoughts or emotional states raises profound questions about autonomy. The EU's AI Act already classifies AI-based neurotechnology that uses “significantly harmful subliminal manipulation” as prohibited, recognising this threat to human agency.

Fair access to mental augmentation addresses equity concerns. If BCIs can genuinely enhance cognitive abilities, memory, or learning, access to these technologies could create new forms of inequality. Without safeguards, we could see the emergence of a “neuro-divide” between those who can afford cognitive enhancement and those who cannot, exacerbating existing social disparities.

Protection from bias ensures that neural data isn't used to discriminate. Given that brain data can potentially reveal information about mental health conditions, cognitive patterns, and other sensitive characteristics, strong anti-discrimination protections are essential.

Beyond these five principles, several additional rights deserve consideration:

The right to cognitive liberty: This encompasses both the positive right to access and use neurotechnology and the negative right to be free from forced or coerced use of such technology. You should have the fundamental freedom to decide whether and how to interface your brain with external devices.

The right to neural data ownership: Your brain activity is fundamentally different from your web browsing history. You should have inalienable ownership of your neural data, with the right to access, control, delete, and potentially monetise it. Current laws often treat neural data as something companies can collect and “own” if you agree to their terms of service, but this framework is inadequate for such intimate information.

The right to real-time transparency: You should have the right to know, in real-time, when your neural data is being collected, what specific information is being extracted, and for what purposes. Unlike traditional data collection, where you might review a privacy policy before signing up for a service, neural data collection can be continuous and involuntary.

The right to meaningful consent: Standard “click to agree” consent mechanisms are inadequate for neural data. Given the sensitivity and involuntary nature of brain activity, consent should be specific, informed, granular, and revocable. You should be able to consent to some uses of your neural data whilst refusing others, and you should be able to withdraw that consent at any time.

The right to algorithmic transparency: When AI systems process your neural data to infer your emotional states, intentions, or cognitive patterns, you have a right to understand how those inferences are made. The algorithms analysing your brain shouldn't be black boxes. You should know what signals they're looking for, what conclusions they're drawing, and how accurate those conclusions are.

The right to freedom from neural surveillance: Particularly in workplace contexts, there should be strict limits on when and how employers can monitor brain activity. Some advocates argue for outright bans on workplace neural surveillance except in narrowly defined safety-critical contexts with explicit worker consent and independent oversight.

The right to secure neural data: Brain data should be subject to the highest security standards, including encryption both in transit and at rest, strict access controls with multi-factor authentication and role-based access, secure key management, and regular security audits. The consequences of a neural data breach could be catastrophic, revealing intimate information that can never be made private again.

Technical Safeguards for Mental Privacy

Rights are meaningless without enforcement mechanisms and technical safeguards. Researchers are developing innovative approaches to protect mental privacy whilst preserving the benefits of neurotechnology.

Scientists working on speech BCIs have explored strategies to prevent devices from transmitting unintended thoughts. These include preventing neural data associated with inner speech from being transmitted to algorithms, and setting special keywords that users can think to activate the device. The idea is to create a “neural firewall” that blocks involuntary mental chatter whilst only transmitting data you consciously intend to share.

Encryption plays a crucial role. Advanced Encryption Standard (AES) algorithms can protect brain data both at rest and in transit. Transport Layer Security (TLS) protocols ensure data remains confidential during transmission from device to server. But encryption alone isn't sufficient; secure key management is equally critical. Compromised encryption keys leave all encrypted neural data vulnerable. This requires robust key generation, secure storage (ideally using hardware security modules), regular rotation, and strict access controls.

Anonymisation and pseudonymisation techniques can help, though they're not panaceas. Neural data is so unique that it may function as a biometric identifier, potentially allowing re-identification even when processed.

The Chilean Supreme Court recognised this concern, finding that Emotiv's retention of Girardi's data “even in anonymised form” without consent for research purposes violated his rights. This judicial precedent suggests that traditional anonymisation approaches may be insufficient for neural data.

Federated learning keeps raw neural data on local devices. Instead of sending brain signals to centralised servers, algorithms train on data that remains local, with only aggregated insights shared. This preserves privacy whilst still enabling beneficial applications like improved BCI performance or medical research. The technique is already used in some smartphone applications and could be adapted for neurotechnology.

Differential privacy protects individual privacy whilst maintaining statistical utility. Mathematical noise added to datasets prevents individual identification whilst preserving research value. Applied to neural data, this technique could allow researchers to study patterns across populations without exposing any individual's brain activity. The technique provides formal privacy guarantees, making it possible to quantify exactly how much privacy protection is being provided.

Some researchers advocate for data minimisation: collect only the neural data necessary for a specific purpose, retain it no longer than needed, and delete it securely when it's no longer required. This principle stands in stark contrast to the commercial norm of speculative data hoarding. Data minimisation requires companies to think carefully about what they actually need before collection begins.

Technical standards are emerging. The IEEE (Institute of Electrical and Electronics Engineers) has developed working groups focused on neurotechnology standards. Industry consortia are exploring best practices for neural data governance. Yet these efforts remain fragmented, with voluntary adoption. Regulatory agencies must enforce standards to ensure widespread implementation.

Re-imagining the Relationship with Tech Companies

The current relationship between users and technology companies is fundamentally broken when it comes to neural data. You click “I agree” to a 10,000-word privacy policy you haven't read, and suddenly a company claims the right to collect, analyse, store, and potentially sell information about your brain activity. This model, already problematic for conventional data, becomes unconscionable for neural data. A new framework is needed, one that recognises the unique status of brain data and shifts power back towards individuals:

Fiduciary duties for neural data: Tech companies that collect neural data should be legally recognised as fiduciaries, owing duties of loyalty and care to users. This means they would be required to act in users' best interests, not merely avoid explicitly prohibited conduct. A fiduciary framework would prohibit using neural data in ways that harm users, even if technically permitted by a privacy policy.

Mandatory neural data impact assessments: Before deploying neurotechnology products, companies should be required to conduct and publish thorough assessments of potential privacy, security, and human rights impacts. These assessments should be reviewed by independent experts and regulatory bodies, not just internal legal teams.

Radical transparency requirements: Companies should provide clear, accessible, real-time information about what neural data they're collecting, how they're processing it, what inferences they're drawing, and with whom they're sharing it. This information should be available through intuitive interfaces, not buried in privacy policies.

Data portability and interoperability: You should be able to move your neural data between services and platforms. If you're using a meditation app that collects EEG data, you should be able to export that data and use it with a different service if you choose. This prevents lock-in and promotes competition.

Prohibition on secondary uses: Unless you provide specific, informed consent, companies should be prohibited from using neural data for purposes beyond the primary function you signed up for. If you buy an EEG headset to improve your meditation, the company shouldn't be allowed to sell insights about your emotional states to advertisers or share your data with insurance companies.

Liability for neural data breaches: Companies that suffer neural data breaches should face strict liability, not merely regulatory fines. Individuals whose brain data is compromised should have clear paths for compensation. The stakes are too high for the current system where companies internalise profits whilst externalising the costs of inadequate security.

Ban on neural data discrimination: It should be illegal to discriminate based on neural data in contexts like employment, insurance, education, or credit. Just as genetic non-discrimination laws protect people from being penalised for their DNA, neural non-discrimination laws should protect people from being penalised for their brain activity patterns.

Mandatory deletion timelines: Neural data should be subject to strict retention limits. Except in specific circumstances with explicit consent, companies should be required to delete neural data after defined periods, perhaps 90 days for consumer applications and longer for medical research with proper ethical oversight.

Independent oversight: An independent regulatory body should oversee the neurotechnology industry, with powers to audit companies, investigate complaints, impose meaningful penalties, and revoke authorisation to collect neural data for serious violations. Self-regulation has demonstrably failed.

The Neurorights Foundation's 2024 report demonstrated the inadequacy of current practices. When 29 out of 30 companies provide no meaningful limitations on their access to neural data, the problem is systemic, not limited to a few bad actors.

The Commercial Imperative Meets the Mental Fortress

The tension between commercial interests and mental privacy is already generating friction, and it's only going to intensify.

Technology companies have invested billions in neurotechnology. Facebook (now Meta) has poured hundreds of millions into BCI technology, primarily aimed at consumers operating personal and entertainment-oriented digital devices with their minds. Neuralink has raised over £1 billion, including a £650 million Series E round in June 2025. The global market for neurotech is expected to reach £21 billion by 2026.

These companies see enormous commercial potential: new advertising channels based on attention and emotional state, productivity tools that optimise cognitive performance, entertainment experiences that respond to mental states, healthcare applications that diagnose and treat neurological conditions, educational tools that adapt to learning patterns in real-time.

Some applications could be genuinely beneficial. BCIs offer hope for people with paralysis, locked-in syndrome, or severe communication disabilities. Consumer EEG devices might help people manage stress, improve focus, or optimise sleep. The technology itself isn't inherently good or evil; it's a tool whose impact depends on how it's developed, deployed, and regulated.

But history offers a cautionary tale. With every previous wave of technology, from social media to smartphones to wearables, we've seen initial promises of empowerment give way to extractive business models built on data collection and behavioural manipulation. We told ourselves that targeted advertising was a small price to pay for free services. We accepted that our locations, contacts, messages, photos, and browsing histories would be harvested and monetised. We normalised surveillance capitalism.

With neurotechnology, we face a choice: repeat the same pattern with our most intimate data, or establish a different relationship from the start.

There are signs of resistance. The Chilean Supreme Court decision demonstrated that courts can protect neural privacy even against powerful international corporations. The wave of state legislation in the US shows that policymakers are beginning to recognise the unique concerns around brain data. UNESCO's upcoming global framework could establish international norms that shape the industry's development.

Consumer awareness is growing too. When the Neurorights Foundation published its findings about industry privacy practices, it sparked conversations in mainstream media. Researchers like Nita Farahany are effectively communicating the stakes to general audiences. Advocacy organisations are pushing for stronger protections.

But awareness and advocacy aren't enough. Without enforceable rights, technical safeguards, and regulatory oversight, neurotechnology will follow the same path as previous technologies, with companies racing to extract maximum value from our neural data whilst minimising their obligations to protect it.

What Happens When Thoughts Aren't Private

To understand what's at risk, consider what becomes possible when thoughts are no longer private.

Authoritarian governments could use neurotechnology to detect dissent before it's expressed, monitoring citizens for “thought crimes” that were once confined to dystopian fiction. Employers could screen job candidates based on their unconscious biases or perceived loyalty, detected through neural responses. Insurance companies could adjust premiums based on brain activity patterns that suggest health risks or behavioural tendencies.

Marketing could become frighteningly effective, targeting you not based on what you've clicked or purchased, but based on your brain's involuntary responses to stimuli. You might see an advertisement and think you're unmoved, but neural data could reveal that your brain is highly engaged, leading to persistent retargeting.

Education could be warped by neural optimisation, with students pressured to use cognitive enhancement technology to compete, creating a race to the bottom where “natural” cognitive ability is stigmatised. Relationships could be complicated by neural compatibility testing, reducing human connection to optimised brain-pattern matching.

Legal systems would face novel challenges. Could neural data be subpoenaed in court cases? If BCIs can detect when someone is thinking about committing a crime, should that be admissible evidence? What happens to the presumption of innocence when your brain activity can be monitored for deceptive patterns?

These scenarios might sound far-fetched, but remember: a decade ago, the idea that we'd voluntarily carry devices that track our every movement, monitor our health in real-time, listen to our conversations, and serve as portals for constant surveillance seemed dystopian. Now, we call those devices smartphones and most of us can't imagine life without them.

The difference with neurotechnology is that brains, unlike phones, can't be left at home. Your neural activity is continuous and involuntary. You can't opt out of having thoughts. If we allow neurotechnology to develop without robust privacy protections, we're not just surrendering another category of data. We're surrendering the last space where we could be truly private, even from ourselves.

The Path Forward

So what should be done? The challenges are complex, but the direction is clear.

First, we need comprehensive legal frameworks that recognise cognitive liberty as a fundamental human right. Chile has shown it's possible. UNESCO's November 2025 framework could establish global norms. Individual nations and regions need to follow with enforceable legislation that goes beyond retrofitting existing privacy laws to explicitly address the unique concerns of neural data.

Second, we need technical standards and security requirements specific to neurotechnology. The IEEE and other standards bodies should accelerate their work, and regulatory agencies should mandate compliance with emerging best practices. Neural data encryption should be mandatory, not optional. Security audits should be regular and rigorous.

Third, we need to shift liability. Companies collecting neural data should bear the burden of protecting it, with severe consequences for failures. The current model, where companies profit from data collection whilst users bear the risks of breaches and misuse, is backwards.

Fourth, we need independent oversight with real teeth. Regulatory agencies need adequate funding, technical expertise, and enforcement powers to meaningfully govern the neurotechnology industry. Self-regulation and voluntary guidelines have proven insufficient.

Fifth, we need public education. Most people don't yet understand what neurotechnology can do, what data it collects, or what the implications are. Researchers, journalists, and educators need to make these issues accessible and urgent.

Sixth, we need to support ethical innovation. Not all neurotechnology development is problematic. Medical applications that help people with disabilities, research that advances our understanding of the brain, and consumer applications built with privacy-by-design principles should be encouraged. The goal isn't to halt progress; it's to ensure progress serves human flourishing rather than just commercial extraction.

Seventh, we need international cooperation. Neural data doesn't respect borders. A company operating in a jurisdiction with weak protections can still collect data from users worldwide. UNESCO's framework is a start, but we need binding international agreements with enforcement mechanisms.

Finally, we need to think carefully about what we're willing to trade. Every technology involves trade-offs. The question is whether we make those choices consciously and collectively, or whether we sleepwalk into a future where mental privacy is a quaint relic of a less connected age.

The Stakes

In 2023, when the Chilean Supreme Court ordered Emotiv to delete Guido Girardi's neural data, it wasn't just vindicating one individual's rights. It was asserting a principle: your brain activity belongs to you, not to the companies that devise clever ways to measure it.

That principle is now being tested globally. As BCIs transition from experimental to commercial, as EEG headsets become as common as smartwatches, as workplace neural monitoring expands, as AI systems become ever more adept at inferring your mental states from your brain activity, we're approaching an inflection point.

The technology exists to peer into your mind in ways that would have seemed impossible a generation ago. The commercial incentives to exploit that capability are enormous. The regulatory frameworks to constrain it are nascent and fragmented. The public awareness needed to demand protection is only beginning to develop.

This is the moment to establish the rights, rules, and norms that will govern neurotechnology for decades to come. Get it right, and we might see beneficial applications that improve lives whilst respecting cognitive liberty. Get it wrong, and we'll look back on current privacy concerns, data breaches, and digital surveillance as quaint compared to what happens when the final frontier, the private space inside our skulls, falls to commercial and governmental intrusion.

Rafael Yuste, the neuroscientist and neurorights advocate, has warned: “Let's act before it's too late.” The window for proactive protection is still open, but it's closing fast. The companies investing billions in neurotechnology aren't waiting for permission. The algorithms learning to decode brain activity aren't pausing for ethical reflection. The devices spreading into workplaces, homes, and schools aren't holding themselves back until regulations catch up.

Your brain generates those 50,000 thoughts per day whether or not you want it to. The question is: who gets to know what those thoughts are? Who gets to store that information? Who gets to analyse it, sell it, or use it to make decisions about your life? And crucially, who gets to decide?

The answer to that last question should be you. But making that answer a reality will require recognising cognitive liberty as a fundamental right, enshrining robust legal protections, demanding technical safeguards, holding companies accountable, and insisting that the most intimate space in existence, the interior landscape of your mind, remains yours.

The battle for your brain has begun. The outcome is far from certain. But one thing is clear: the time to fight for mental privacy isn't when the technology is fully deployed and the business models are entrenched. It's now, whilst we still have the chance to choose a different path.

---

Sources and References

1. Frontiers in Digital Health (2025). “Regulating neural data processing in the age of BCIs: Ethical concerns and legal approaches.” https://www.ncbi.nlm.nih.gov/pmc/articles/PMC11951885/

2. U.S. Senators letter to Federal Trade Commission (April 2025). https://www.medtechdive.com/news/senators-bci-brain-computer-privacy-ftc/746733/

3. Grand View Research (2024). “Wearable EEG Headsets Market Size & Share Report, 2030.”

4. Arnold & Porter (2025). “Neural Data Privacy Regulation: What Laws Exist and What Is Anticipated?”

5. Frontiers in Psychology (2024). “Chilean Supreme Court ruling on the protection of brain activity: neurorights, personal data protection, and neurodata.” https://www.frontiersin.org/journals/psychology/articles/10.3389/fpsyg.2024.1330439/full

6. National Center for Biotechnology Information (2023). “Towards new human rights in the age of neuroscience and neurotechnology.” https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5447561/

7. MIT Technology Review (2024). “A new law in California protects consumers' brain data. Some think it doesn't go far enough.”

8. KFF Health News (2024). “States Pass Privacy Laws To Protect Brain Data Collected by Devices.”

9. Neurorights Foundation (April 2024). “Safeguarding Brain Data: Assessing the Privacy Practices.” https://perseus-strategies.com/wp-content/uploads/2024/04/FINAL_Consumer_Neurotechnology_Report_Neurorights_Foundation_April-1.pdf

10. Frontiers in Human Dynamics (2023). “Neurosurveillance in the workplace: do employers have the right to monitor employees' minds?” https://www.frontiersin.org/journals/human-dynamics/articles/10.3389/fhumd.2023.1245619/full

11. IEEE Spectrum (2024). “Are You Ready for Workplace Brain Scanning?”

12. The Conversation (2024). “Brain monitoring may be the future of work.”

13. Harvard Business Review (2023). “Neurotech at Work.”

14. Spanish Data Protection Authority (AEPD) and European Data Protection Supervisor (EDPS) (2024). “TechDispatch on Neurodata.”

15. European Union General Data Protection Regulation (GDPR). Biometric data classification provisions.

16. UNESCO (2024). “The Ethics of Neurotechnology: UNESCO appoints international expert group to prepare a new global standard.” https://www.unesco.org/en/articles/ethics-neurotechnology-unesco-appoints-international-expert-group-prepare-new-global-standard

17. UNESCO (2025). Draft Recommendation on the Ethics of Neurotechnology (pending adoption November 2025).

18. Columbia University News (2024). “New Report Promotes Innovation and Protects Human Rights in Neurotechnology.” https://news.columbia.edu/news/new-report-promotes-innovation-and-protects-human-rights-neurotechnology

19. Duke University. Nita A. Farahany professional profile and research on cognitive liberty.

20. Farahany, Nita A. (2023). “The Battle for Your Brain: Defending the Right to Think Freely in the Age of Neurotechnology.” St. Martin's Press.

21. NPR (2025). “Nita Farahany on neurotech and the future of your mental privacy.”

22. CNBC (2024). “Neuralink competitor Precision Neuroscience testing human brain implant.” https://www.cnbc.com/2024/05/25/neuralink-competitor-precision-neuroscience-is-testing-its-brain-implant-in-humans.html

23. IEEE Spectrum (2024). “The Brain-Implant Company Going for Neuralink's Jugular.” Profile of Synchron.

24. MIT Technology Review (2024). “You've heard of Neuralink. Meet the other companies developing brain-computer interfaces.”

25. Colorado House Bill 24-1058 (2024). Neural data privacy legislation.

26. California Senate Bill 1223 (2024). California Consumer Privacy Act amendments for neural data.

27. National Center for Biotechnology Information (2022). “Mental privacy: navigating risks, rights and regulation.” https://www.ncbi.nlm.nih.gov/pmc/articles/PMC12287510/

28. Oxford Academic (2024). “Addressing privacy risk in neuroscience data: from data protection to harm prevention.” Journal of Law and the Biosciences.

29. World Health Organization. Epilepsy statistics and neurological disorder prevalence data.

30. Emotiv Systems. Company information and product specifications. https://www.emotiv.com/

31. InteraXon (Muse). Company information and EEG headset specifications.

32. NeuroSky. Biosensor technology specifications.

33. Neuphony. Wearable EEG headset technology information.

34. ResearchGate (2024). “Brain Data Security and Neurosecurity: Technological advances, Ethical dilemmas, and Philosophical perspectives.”

35. Number Analytics (2024). “Safeguarding Neural Data in Neurotech.” Privacy and security guide.

---

Tim Green UK-based Systems Theorist & Independent Technology Writer

Tim explores the intersections of artificial intelligence, decentralised cognition, and posthuman ethics. His work, published at smarterarticles.co.uk, challenges dominant narratives of technological progress while proposing interdisciplinary frameworks for collective intelligence and digital stewardship.

His writing has been featured on Ground News and shared by independent researchers across both academic and technological communities.

ORCID: 0009-0002-0156-9795 Email: tim@smarterarticles.co.uk

Discuss...