New Research Brief Evaluates the Effectiveness of GDPR in Mitigating Risks Associated with the Distinctive Nature of Neurodata

21 January 2025

Advances in neurotechnology (NT) have driven the growing collection and processing of neurodata – data related to the structure and functioning of the human brain – across various societal domains. The development and use of NTs heavily depend on neurodata to ensure device functionality (e.g., neurofeedback monitors or brain-computer interfaces) and to enhance performance by refining AI algorithms integrated into these devices.

In our new Research Brief, ‘Neurodata: Navigating GDPR and AI Act Compliance in the Context of Neurotechnology’, Timo Istace highlights the delicate balance needed between leveraging neurodata for progress and protecting individual rights. He notes that ‘the indispensability of neurodata to fuelling progress in the sector needs to be balanced against the risks to individual users. Neurodata is a highly sensitive and personal form of data, akin to genetic data. Its combined features – including its informational richness (extending to cognitive processes), predictive potential, and risk of involuntary disclosure – warrant significant scrutiny to preserve individuals’ privacy, particularly mental privacy.’

Timo further explains, ‘Data protection regulations are crucial in addressing these concerns. The sensitive nature of neurodata raises questions around whether current regulatory frameworks offer adequate protection against incursions on mental privacy and the safeguarding of neurodata. While no supranational regulation specifically addresses neurodata, regional instruments like the EU’s General Data Protection Regulation (2018) provide a framework for assessing protection measures.’

This paper evaluates the effectiveness of the GDPR in mitigating risks associated with the distinctive nature of neurodata, with the goal of safeguarding neuroprivacy and mental privacy in the context of emerging NTs. It analyzes the scope and applicability of the GDPR, examines the challenges of ensuring robust protection during the collection, processing, storage, and transfer of neurodata, and considers how the recent EU AI Act might complement or reinforce GDPR safeguards.

MORE ON THIS THEMATIC AREA

2024 Geneva Academy Annual Report News

Our 2024 Annual Report

28 July 2025

Our 2024 Annual Report highlights significant achievements in international humanitarian law education and research during a year marked by deepening global humanitarian crises.

Read more

MENA Training GHRP News

Strengthening MENA Engagement with UN Human Rights Mechanisms: Second Edition of our Tailored Training

24 July 2025

Participants from six countries across the Middle East and North Africa region joined our customized training on the Geneva-based United Nations human rights mechanisms

Read more

A general view of participants during of the 33nd ordinary session of the Human Rights Council. Training

The Universal Periodic Review and the UN Human Rights System: Raising the Bar on Accountability

10-14 November 2025

This training course will explore the origin and evolution of the Universal Periodic Review (UPR) and its functioning in Geneva and will focus on the nature of implementation of the UPR recommendations at the national level.

Read more

Un plate with Rapporteur Spécial written on it Project

Support to UN Special Procedures

Started in June 2020

Read more

George Floyd protest in Washington D.C. Project

Promoting and Protecting the Rights to Freedom of Peaceful Assembly and Association and Civic Space Worldwide

Started in June 2020

This project aims at providing support to the UN Special Rapporteur on the Rights to Freedom of Peaceful Assembly and of Association Clément Voulé by addressing emerging issues affecting civic space and eveloping tools and materials allowing various stakeholders to promote and defend civic space.

Read more

Cover of the 2023 Geneva Academy Annual Report Publication

Annual Report 2024

published on July 2025

Read more