Adobe>

New Research Brief Evaluates the Effectiveness of GDPR in Mitigating Risks Associated with the Distinctive Nature of Neurodata

21 January 2025

Advances in neurotechnology (NT) have driven the growing collection and processing of neurodata – data related to the structure and functioning of the human brain – across various societal domains. The development and use of NTs heavily depend on neurodata to ensure device functionality (e.g., neurofeedback monitors or brain-computer interfaces) and to enhance performance by refining AI algorithms integrated into these devices.

In our new Research Brief, ‘Neurodata: Navigating GDPR and AI Act Compliance in the Context of Neurotechnology’, Timo Istace highlights the delicate balance needed between leveraging neurodata for progress and protecting individual rights. He notes that ‘the indispensability of neurodata to fuelling progress in the sector needs to be balanced against the risks to individual users. Neurodata is a highly sensitive and personal form of data, akin to genetic data. Its combined features – including its informational richness (extending to cognitive processes), predictive potential, and risk of involuntary disclosure – warrant significant scrutiny to preserve individuals’ privacy, particularly mental privacy.’

Timo further explains, ‘Data protection regulations are crucial in addressing these concerns. The sensitive nature of neurodata raises questions around whether current regulatory frameworks offer adequate protection against incursions on mental privacy and the safeguarding of neurodata. While no supranational regulation specifically addresses neurodata, regional instruments like the EU’s General Data Protection Regulation (2018) provide a framework for assessing protection measures.’

This paper evaluates the effectiveness of the GDPR in mitigating risks associated with the distinctive nature of neurodata, with the goal of safeguarding neuroprivacy and mental privacy in the context of emerging NTs. It analyzes the scope and applicability of the GDPR, examines the challenges of ensuring robust protection during the collection, processing, storage, and transfer of neurodata, and considers how the recent EU AI Act might complement or reinforce GDPR safeguards.

cover of research brief
Timo Istance

MORE ON THIS THEMATIC AREA

SIDS Training GHRP News

Geneva Academy

Practical Training on Human Rights Council Procedures Strengthens SIDS/LDCs Engagement

21 July 2025

Sixteen diplomats from fifteen Small Island Developing States and Least Developed Countries participated in a two-day Practical Training on Human Rights Council Procedures.

Read more

2024 Geneva Academy Annual Report News

Geneva Academy

Our 2024 Annual Report

28 July 2025

Our 2024 Annual Report highlights significant achievements in international humanitarian law education and research during a year marked by deepening global humanitarian crises.

Read more

A general view of participants during of the 33nd ordinary session of the Human Rights Council. Training

UN Photo / Jean-Marc Ferré

The Universal Periodic Review and the UN Human Rights System: Raising the Bar on Accountability

10-14 November 2025

This training course will explore the origin and evolution of the Universal Periodic Review (UPR) and its functioning in Geneva and will focus on the nature of implementation of the UPR recommendations at the national level.

Read more

Project

Follow-up Review Pilot Series

Started in November 2021

Read more

View of a session of the UN Human Rights Council Project

UN Photo / Jean-Marc Ferré

Human Rights Conversations

Started in January 2020

A series of events aimed at discussing contemporary issues and challenges related to the promotion and protection of human rights in Geneva and beyond.

Read more

Cover of the 2023 Geneva Academy Annual Report Publication

Annual Report 2024

published on July 2025

Read more