“Neurotechnology deployed in workplace and consumer settings has been criticized for enabling non-consensual neural monitoring and cognitive surveillance.”

Brain data reveals our most private thoughts; its collection through neurotechnology must be strictly protected from illegitimate access or misuse. Neurotechnology can alter the brain and mind in deep ways, so human rights and the intrinsic value of each person must be protected. When brains connect to computers, algorithms may influence decisions, risking the dilution of individual identity and autonomy.

Non-invasive neurotechnology, such as EEGs and portable brain scanners, are increasingly entering an essentially unregulated consumer marketplace, harboring the risk that intimate neural data are collected, analyzed, and potentially misused. Contemporary legal frameworks offer only limited protection for such uniquely sensitive data, creating an urgent need for targeted safeguards to preserve mental privacy. A 2024 Neurorights Foundation report found that most consumer neurotech companies retain unfettered rights to access and share neural data with third parties, often under broad and vaguely defined terms, and many fail to provide clear information about the data being collected.

The processing of brain data raises specific ethical issues due to its direct connection to one's inner life and personhood, with neurotechnology having the potential to access not only conscious but also subconscious processing. If effective regulations are not adopted, the future world of work could normalize employers requiring employees to use devices that collect their brain data, potentially violating workers' privacy rights and enabling new forms of discrimination.

Technological advancements like brain-scanning devices have broadened and revolutionised employee monitoring and surveillance systems, allowing the collection of a perhaps more intrusive form of biometric data: brain data. Neuroethics is concerned with the largely unregulated future of this industry, involving technologies that are not technically medical devices, but will involve invasive forms of personal data, raising privacy, trust, and ethical concerns for workers.

Yesterday, three US senators announced that they will soon introduce a novel bill in Congress that, if passed, would set forces in motion to address concerns that some have about the rapid advancement of neurotechnologies that can 'read and write' to the human mind. The senators also want the FTC to analyze potential security risks associated with neurotechnology. Without cybersecurity measures in place, ultra-sensitive neural data could be compromised and susceptible to access by unauthorized parties and threat actors.

As neurotechnologies advance from medical tools to consumer devices, the question of who controls neural data is becoming urgent. Yet these same technologies rely on the collection and processing of vast amounts of intimate neural data, raising unprecedented ethical, privacy, and security challenges. The Senators emphasized that neural data is some of users’ most sensitive information, and while neurotechnologies have immense capabilities, they could also largely impede privacy rights without proper regulation.

Neural data collection threatens mental privacy because it could bypass a consumer's consciousness by targeting information directly from the nervous system. The unauthorized collection, storage and analysis of this data may reveal a person's subconscious reactions and emotions before that individual can control or consent to the disclosure. With access to consumer neural data, companies could create highly personalized, subliminal advertising or content designed to exploit emotional tendencies or desires, effectively bypassing conscious defenses to influence behavior or purchasing decisions.

Neural surveillance, the use of technology to track brain activity in real time, raises a storm of ethical questions, particularly concerning consent. In practice, power dynamics complicate matters, as an employee may feel unable to refuse monitoring if declining could cost them opportunities, promotions, or even their job, intruding into the most intimate realm of private mental life. Without clear guidelines, there is a risk of sliding into a dystopian norm where neural surveillance becomes another tool of workplace control, potentially leading to self-censorship of thoughts.

This Bloomberg Government article discusses the increasing scrutiny of consumer gadgets that track brain activity, prompting state lawmakers to enhance privacy laws for neural data. States like Montana, Colorado, and California are advancing measures to give residents more control over their neural information, addressing privacy concerns related to non-invasive consumer neurotechnology.

California's law requires that businesses present a privacy notice at collection to consumers, in addition to a posted privacy policy, and the notice must inform consumers how long they will retain neural data or the criteria they will use to determine the retention period. This regulatory response reflects growing concerns about neural data collection practices and the need for explicit consumer protections.

The NeuroRights Foundation (NRF) reported in April that implantable technology can already decode language and emotions from the brain, and wearable devices are not far behind. Consumer product companies—and indeed, employers—already are, or will soon be able to, monitor brain waves through wearable devices such as headphones or through an employee typing without touching a keyboard or mouse. As the NRF report notes, at least 30 so-called neurotechnology products are available for purchase by the public.

A report by the Neurorights Foundation found that 29 of 30 companies with neurotechnology products that can be purchased online have access to brain data and provide no meaningful limitations to this access. Almost all of them can share data with third parties. More states are passing laws to protect information generated by a person's brain and nervous system as technology improves the ability to unlock the sensitive details of a person's health, mental states, emotions, and cognitive functioning.

Brain data represents thoughts, emotions, and—at its core—one's identity, making the ethical stakes equally high as neurotech adoption accelerates. This information is unique to everyone, and its extraction, storage, and sharing across platforms create vulnerabilities for hacking and potential misuse by employers, advertisers, governments, or malicious actors. A European Parliamentary study warned that consumer-grade neurotech could enable psychological profiling or behavioral manipulation if left unregulated.

Privacy is a significant concern when it comes to BCI technologies, as neural data can reveal intimate details such as emotions, intentions and thoughts. This raises notable privacy challenges, including the unintentional collection and misuse of neural data. Concerns exist regarding the misuse or coercion that may arise from use of these technologies, where users may be compelled to utilize BCIs against their will or without fully realizing the repercussions.

The widespread use of neurotechnology in the workforce, monitoring and analyzing brain patterns, comes with primary ethical concerns such as the capacity for discrimination and the collection of neural data. Employers factoring neurodata into hiring processes can unintentionally discriminate by relying on technology biased against neurodivergent brain types, and the continuous collection of neurodata from consenting employees may increase the risk of employers discriminating against mental health conditions.

The Neurorights Foundation's 2024 report analyzed multiple consumer neurotechnology companies and found widespread deficiencies in consent mechanisms, data access controls, and security practices for neural data collection via wearables like EEG headsets, highlighting risks of non-consensual monitoring in unregulated markets.

Next, we’ll cover issues related to informed consent, especially for vulnerable populations, and how automatic device influence raises questions about personal control. We’ll also examine how neural data might be misused beyond healthcare, such as in marketing or surveillance, and what that means for individual rights and democracy. Cyber security is a major concern, too. Hackers could potentially access neural devices, a threat sometimes called brainjacking.