Three Senate Democrats called for an investigation into the developers of brain-computer interface devices, including healthcare and consumer tech products, to make sure the information they collect is properly safeguarded—and not simply sold for profit.
“Unlike other personal data, neural data—captured directly from the human brain—can reveal mental health conditions, emotional states, and cognitive patterns, even when anonymized,” wrote Sens. Chuck Schumer, New York; Maria Cantwell, Washington; and Ed Markey, Massachusetts, in a letter (PDF) to the chair of the Federal Trade Commission (FTC), Andrew Ferguson. “This information is not only deeply personal; it is also strategically sensitive.”
The senators cited a 2024 review (PDF) conducted by the Neurorights Foundation into the published privacy practices of 30 different companies and their consumer-focused, noninvasive products—ranging from the makers of EEG-equipped headbands that connect with wellness and meditation apps to the developers of a medically approved therapy for depression.
The report found that most of the companies’ user agreements include provisions that allow them to share the data they collect with third parties, often without clear consent.
At the same time, the foundation said international legal standards regarding the protection of neural data may be ambiguous: Because the capturable inner workings of the brain are inherently electrical, they may fall through a loophole in statutes that define “biological data” as information gathered from a person’s DNA or diagnostic samples—while “biometric data” laws typically cover fingerprints or retinal scans.
“Americans neural data must not be reposted or transferred without fully informed opt-in consent,” the senators wrote. “If an individual uses a BCI device for medical or cognitive support, they should not later learn their brain signals trained an AI system or were sold to third parties. And, we must ensure that Americans’ neural data is never transferred to foreign adversaries.”
The senators’ letter names Elon Musk’s Neuralink as an example of a company working on brain-to-device communication. Neuralink was not included in the Neurorights Foundation’s report, and, as a company currently developing its system as a medical device for people with paralysis, its data collection practices would fall under HIPAA as well as federal regulations governing clinical trials of human subjects.
The senators asked the FTC to investigate whether neurotechnology companies are engaging in unfair or deceptive practices, and urged the agency to compel reporting on data handling practices across the BCI sector—with an added focus on products used by teens and children.
As the market expands, companies across the spectrum—from wellness apps to advanced medical implant developers—are collecting neural signals that may be repurposed beyond their stated use, they wrote. “More needs to be done to address the unique risks, sensitivities, and potential misuse associated with neural data across this broader landscape.”
At the state level, laws were signed in Colorado and California last year that added neural data to the lists of personal and sensitive information afforded protection under consumer privacy acts—placing brain activity alongside the recordings of facial images, DNA and fingerprints.