We stand with Ukraine and our team members from Ukraine.

The Community Of Over 640,000

Home ›› Neuroscience ›› Brain Computer Interfaces (BCIs)

Brain Computer Interfaces (BCIs)

by Charles Adjovu
3 min read
Share this post on



The emergence of privacy risks and data ownership opportunities as we augment the brain.

What is a Brain Computer Interface (BCI)?

Brain-computer interfaces (BCIs) are interfaces for recording and processing neurological data and turning these data into an output, e.g., a signal to control an external device [1].

BCIs can be categorized based on two dimensions:

  1. actions based on brain activity, and
  2. invasiveness [1].

The benefits or use-cases of BCIs are:

  1. diagnosing medical conditions (e.g., depression),
  2. modulating brain activity to deal with neurological conditions, and
  3. improving accessibility for individuals with a disability through connection to external support devices such as a robotic arm [1].

What is neurodata?

Brain Computer Interfaces (BCIs)
Photo by Bret Kavanaugh on Unsplash

Neurodata is data about neurological activity [1]. Neurodata can be directly recorded, e.g., by a BCI, or indirectly recorded, e.g., an individual’s spinal cord [1]. Inferences on neurodata via AI/ML algorithms can infer an individual’s mood, physiological characteristics, and arousal [1]. Neurodata can personally identify an individual by itself or when paired with other data associated with the individual [1].

What are the privacy risks associated with BCIs?

Brain Computer Interfaces (BCIs). Privacy
Photo by Bernard Hermant on Unsplash

The privacy risks include:

  1. Unauthorized access to personal information and inferences on such data,
  2. The ability to infer conclusions about an individual even beyond their mental thoughts to their specific biology and preferences,
  3. The use of neurodata, by itself or in association with other personally identifying information, in decision-making by third parties concerning the individual without the individual’s consent or knowledge, and
  4. Use of neurodata for marketing purposes and selling goods or services [1].

Additionally, neurodata raises legal risks concerning Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR) [1]. Neurodata would fall under concerns because neurodata would fall under HIPAA’s definition of personally identifying information, thus requiring entities that process neurodata to also determine whether they are a covered entity (e.g., a physician or hospital) under HIPAA or a third party that must comply with certain HIPAA regulations because of a business relationship with a covered entity [1, 2]. Generally, HIPAA does not apply to wellness companies that manufacture wellness devices [1].

Neurodata is subjected to the GDPR in Europe because neurodata can be considered personal data (health data or biometric data), thus requiring lawful grounds for processing an individual’s neurodata [1].

Some additional concerns also arise when determining whether fault lies with the BCI device user or the BCI device (e.g., in the case of a malfunction) in an incident where a BCI device user causes harm to another person or property [5].

What are the Governance or Technical Solutions for Data Ownership and Privacy?

Brain Computer Interfaces (BCIs). The picture of a person with a brain.Data
Photo by Claudio Schwarz on Unsplash

Some potential solutions to these privacy risks that can ensure data ownership for BCI device users include:

  1. Encryption: encrypt a user’s neurodata on the BCI device so that other people cannot decipher it. Additionally, the use of end-to-end encryption (E2EE) when neurodata is shared between a BCI device user and a third party or cloud server [1];
  2. Local-first software: ensuring that neurodata is stored locally on the user’s device, with permissions for cloud access from applications [5];
  3. Separation of data and compute (or edge computing): have BCI devices utilize edge computing so that BCI users do not need to share their data directly with a server (but can send their results to a cloud server) for inferences on their neurodata to be conducted with a AI/ML algorithm, [1, 3, 6];
  4. Access control layer: through blockchain technology, it is possible to use smart contracts to provide an access control and identity layer for neurodata that can prevent unwanted access of neurodata by third parties [3]; and
  5. Data cooperatives: BCI device users can create a cooperative to manage and govern their data, and can interact and provide a forum for stakeholders, including researchers, technologists, and users, to discuss ethical issues in sharing and using neurodata [6, 7]


  1. https://fpf.org/blog/bci-technical-and-policy-recommendations-to-mitigate-privacy-risks/
  2. https://fpf.org/blog/bcis-data-protection-in-healthcare-data-flows-risks-and-regulations/
  3. https://www.personal.ai/privacy
  4. http://learn.neurotechedu.com/introtobci/#ethics
  5. https://www.inkandswitch.com/local-first/
  6. https://polypoly.coop/en-de/FAQ/#polyPod
  7. https://www.midata.coop/en/cooperative/
post authorCharles Adjovu

Charles Adjovu,

Recently admitted attorney looking for opportunities in intellectual property, privacy and data security, blockchain and cryptocurrencies, and legal technology. Researching the legal implications and applications of emerging technologies is one of my passions, and I am always looking for new projects and collaborators that work in this intersection. Other than researching the legal implications of emerging technologies, I am also studying the use of emerging technology to help the legal profession (i.e., legaltech), with my favorite use so far being Casetext's CARA. I currently actively manage Ledgerback, a member-driven digital platform for research, analytics and education in blockchain, decentralization, and cooperativism. I and my other co-founders decided to start Ledgerback to help Nevadans learn about the benefits of blockchain technology, and actively grow the literature in the field (with my interests generally falling on the legal and utility applications of blockchain).

Ideas In Brief
  • Brain-computer interfaces (BCIs) are interfaces for recording and processing neurological data and turning these data into an output.
  • Neurodata can be directly recorded, e.g., by a BCI, or indirectly recorded, e.g., an individual’s spinal cord.
  • There are particular privacy risks associated with BCIs that might need the following solutions:
    1. Encryption
    2. Local-first software
    3. Separation of data and compute (or edge computing)
    4. Access control layer
    5. Data cooperative

Related Articles

Building effective partnerships with PMs requires stepping outside of any frustration, ego, or resentment at being ignored, and building empathy. How to do that? Here is what we’re going to find out.

How To Research So PMs Will Listen
  • PMs are the most critical audiences for research, they are also often the hardest to convince, and the source of many of researchers’ frustrations and heartaches.
  • Building effective partnerships with PMs requires stepping outside of any frustration, ego, or resentment at being ignored, and building empathy.
  • The author shares:
    • Some practices of working with PMs
    • Questions to ask PMs and stakeholders
  • The baseline expectation setting:
    • Level set
    • Set guardrails based on your role
    • Ask for candid feedback and engagement
    • No surprises
  • When researchers and PMs are in conflict or in separate silos, neither role gets the value of the other, but strong researcher-pm partnerships can be game-changing for extending the strategic impact and influence of both design and research.
Share:How To Research So PMs Will Listen
6 min read
How to research so PMs will listen
How To Empower An Organization Through Design?
  • The author believes that the following reasons are why design/branding/marketing agencies end up damaging the image of design as a tool for getting results:
    • Lots of jargon and little to no action at a fundamental level.
    • Large companies with “foolproof” processes.
    • Fake cases and invented touch points
    • Romanticized view of consumers
  • In order to centralize an organization, designers need to map its interdependence relationships and understand how a project can strengthen all sectors in an equal way.
Share:How To Empower An Organization Through Design?
4 min read
How to empower an organization through design?

And, Is OneReach Under The Radar By Design?

Is OneReach AI The Tesla Of Conversational AI?
  • The author gives his perspective on OneReach.ai as the top scorer in the Gartner 2022 report.
  • The author believes OneReach.ai to be one of the most granular no-code environments that support an exceptional degree of fine tuning.
  • The author refers to the platform as an orchestration canvas, where multiple processes can be orchestrated for multi-dimensional customer service, and gives some details on how the platform works as a single front-door for customers.
  • Cobus Greyling explores two cautions from Gartner about the OneReach.ai platform.
  • He concludes that voice is a strength of OneReach.ai and the company has extreme focus on customer experience, and orchestrating experiences
Share:Is OneReach AI The Tesla Of Conversational AI?
4 min read
Is OneReach AI The Tesla Of Conversational AI?

This website uses cookies to ensure you get the best experience on our website. Check our privacy policy and