New Research Brief Evaluates the Effectiveness of GDPR in Mitigating Risks Associated with the Distinctive Nature of Neurodata

21 January 2025

Advances in neurotechnology (NT) have driven the growing collection and processing of neurodata – data related to the structure and functioning of the human brain – across various societal domains. The development and use of NTs heavily depend on neurodata to ensure device functionality (e.g., neurofeedback monitors or brain-computer interfaces) and to enhance performance by refining AI algorithms integrated into these devices.

In our new Research Brief, ‘Neurodata: Navigating GDPR and AI Act Compliance in the Context of Neurotechnology’, Timo Istace highlights the delicate balance needed between leveraging neurodata for progress and protecting individual rights. He notes that ‘the indispensability of neurodata to fuelling progress in the sector needs to be balanced against the risks to individual users. Neurodata is a highly sensitive and personal form of data, akin to genetic data. Its combined features – including its informational richness (extending to cognitive processes), predictive potential, and risk of involuntary disclosure – warrant significant scrutiny to preserve individuals’ privacy, particularly mental privacy.’

Timo further explains, ‘Data protection regulations are crucial in addressing these concerns. The sensitive nature of neurodata raises questions around whether current regulatory frameworks offer adequate protection against incursions on mental privacy and the safeguarding of neurodata. While no supranational regulation specifically addresses neurodata, regional instruments like the EU’s General Data Protection Regulation (2018) provide a framework for assessing protection measures.’

This paper evaluates the effectiveness of the GDPR in mitigating risks associated with the distinctive nature of neurodata, with the goal of safeguarding neuroprivacy and mental privacy in the context of emerging NTs. It analyzes the scope and applicability of the GDPR, examines the challenges of ensuring robust protection during the collection, processing, storage, and transfer of neurodata, and considers how the recent EU AI Act might complement or reinforce GDPR safeguards.

MORE ON THIS THEMATIC AREA

neurotech image News

Research Brief Evaluates the Human Rights Implications of Neurotechnology in Therapeutic and Commercial Applications

27 March 2025

Our research brief, Neurotechnology and Human Rights: An Audit of Risks, Regulatory Challenges, and Opportunities, examines the human rights implications of neurotechnology in both therapeutic and commercial applications.

Read more

Geneva Academy Briefing No.25 News

New Academy Briefing Calls for Stronger Engagement of Local and Regional Governments in Human Rights and SDG Monitoring

11 March 2025

The Geneva Academy’s latest publication explores how cities, municipalities, and regional authorities are becoming key players in global human rights governance.

Read more

Digital Globe Event

AI and Human RIghts: Risks and Promises - Panel at the 2025 LATSIS Symposium

10 September 2025, 16:30-17:45

This Human Rights Conversation will explore how AI is being used by human rights institutions to enhance the efficiency, scope, and impact of monitoring and implementation frameworks.

Read more

Special Rapporteur Sign Event

Economic, Social and Cultural Rights in an Era of Escalating Armed Conflict: Where Can International Human Rights Law Help?

25 September 2025, 18:30-20:00

This evening dialogue will present the publication: International Human Rights Law: A Treatise, Cambridge University Press (2025).

Read more

Training

Human Rights and the Environment: Introducing Legal Regimes and Key Issues

1-8 September 2025

Participants in this training course will be introduced to the major international and regional instruments for the promotion of human rights, as well as international environmental law and its implementation and enforcement mechanisms.

Read more

A general view of participants during of the 33nd ordinary session of the Human Rights Council. Training

The Universal Periodic Review and the UN Human Rights System: Raising the Bar on Accountability

10-14 November 2025

This training course will explore the origin and evolution of the Universal Periodic Review (UPR) and its functioning in Geneva and will focus on the nature of implementation of the UPR recommendations at the national level.

Read more

Project

Follow-up Review Pilot Series

Started in November 2021

Read more

Panel Discussion: Project

Treaty Body Members’ Platform

Started in January 2014

The Treaty Body Members’ Platform connects experts in UN treaty bodies with each other as well as with Geneva-based practitioners, academics and diplomats to share expertise, exchange views on topical questions and develop synergies.

Read more

Cover of the 2023 Geneva Academy Annual Report Publication

Annual Report 2024

published on July 2025

Read more