Interfacing Human Brains: What Could Go Wrong?

The proliferation of Brain Computer Interfaces (BCIs), which enable direct interaction with the human brain, poses significant yet underexplored threats to privacy and data protection. These neurotechnologies process neurodata, highly sensitive information with the potential to reflect an individual’s mental state. This paper critically examines the potential negative consequences of using BCIs, considering the neurodata lifecycle from acquisition to deletion. The analysis highlights the unique risks posed by neurodata processing, coming from the difficulty individuals face in understanding and controlling the information collected, its potential for linking or identification, and the ability to decode and even modify inner mental states such as thoughts and emotions. A comprehensive understanding of associated threats is crucial as BCIs are deployed in diverse sectors, including healthcare, workplace, education, entertainment, marketing, and safety. This paper proposes a comprehensive and systematic threat model specifically designed to identify privacy and data protection threats unique to BCIs. In addition, the paper discusses the produced threat model to offer practical recommendations and point out possible safeguards, drawing on existing data protection frameworks while also identifying critical gaps that need to be addressed to ensure the responsible and compliant design, development, deployment and use of BCIs and the adequate protection of data subjects’ rights and freedoms. The analysis presented in this paper provides crucial insights for researchers, providers, policymakers, and the public regarding the potential impacts of interfacing human brains and the urgent need for robust safeguards.