Consumer neurotechnology is booming. You can buy a funky-looking headband for $500 on the internet if you want your own personal EEG to track your brain data. But before you click purchase, you might want to check out the device’s privacy policy.
These consumer devices are unlikely to include any protections or restrictions around how companies can employ or sell a user’s neural data, according to a new report from the Neurorights Foundation, a nonprofit that advocates for the ethical development of neurotechnology.
The group analyzed the user agreements and privacy policies for 30 companies that sell commercially available products. Only one company provided any meaningful restrictions on how users’ data could be employed or whether the company could sell user data to third parties. Fewer than half of the companies surveyed encrypt their data and de-identify users. In the medical world, patients must consent if doctors want to share their private health information. But HIPAA doesn’t apply to these companies.
This article is exclusive to STAT+ subscribers
Unlock this article — and get additional analysis of the technologies disrupting health care — by subscribing to STAT+.
Already have an account? Log in
To submit a correction request, please visit our Contact Us page.