Nar Hari Singh
As neurotechnology enters Indian homes and workplaces, the law faces a mind-bending challenge: how do we regulate what’s inside our heads?
Brain-computer interfaces (BCIs) and wearable neurodevices are no longer science fiction. In India, startups like Neuphony and Nexstem have introduced EEG-based headsets for wellness and gaming, while global firms like Emotiv market brainwave-tracking devices to Indian consumers. These gadgets can detect focus, mood, even subconscious reactions-capturing data far more intimate than a fingerprint.
Yet Indian law offers no clear answers. Who owns this data? Can it be used in court? What rights protect individuals from unwanted mental surveillance?
Globally, the legal tide is turning. Chile has added neurorights to its Constitution, and its Supreme Court has enforced them in a landmark case involving unauthorized EEG data use. U.S. lawmakers propose treating neural signals as “sensitive data,” while UK regulators warn that consumer neurotech may bypass existing health protections.
As neurotechnology begins influencing daily life in India, the legal framework must evolve. This article explores how constitutional rights, data laws, and medical regulations intersect with neural data-and where urgent gaps remain. Drawing from international models, it calls for a forward-looking regulatory approach to safeguard the privacy and autonomy of the human mind.
Neurorights and Neurotechnology: A Global Perspective
Chile: Constitutional Neurorights and Girardi v. Emotiv
In 2021, Chile became the first country to constitutionally recognize mental privacy, amending its supreme law to protect brain activity and mental integrity. This landmark protection was tested in 2023, when Senator Guido Girardi sued U.S.-based neurotech firm Emotiv for collecting his brainwave data without specific consent. The Supreme Court ruled in his favor, declaring neural data among “the most intimate aspects of human personality” and ordering its deletion. This historic verdict marked the world’s first judicial recognition of neuroprivacy.
UnitedStates:EmergingStateLawsandFederalScrutiny
While the U.S. lacks a comprehensive federal framework for neural data, states like California, Colorado, and Minnesota are taking steps. They’re pushing laws that classify brainwave data as “sensitive” and are demanding informed consent before collection. In Congress, senators are pressuring regulators to scrutinize whether neurotech companies are safeguarding brain data, warning that even anonymized brainwaves can reveal mental health conditions or emotional patterns. Though regulation is still embryonic, the message is clear: the mind is not free game for corporate surveillance.
UnitedKingdom:MedicalDeviceRulesandDataProtection
The UK has no dedicated neurorights, but brain devices used for medical purposes are regulated under its Medical Devices Regulation. Consumer EEG headsets, however-like those used for gaming or relaxation-largely escape scrutiny. Similarly, while neural data collected in clinical settings receives protection under UK GDPR, signals from consumer devices may not. This regulatory blind spot has prompted experts and organizations like the Royal Society to call for clearer rules and explicit informed consent standards for all neural data.
Indian Legal Landscape and Regulatory Gaps
India, despite being a major tech market, currently lacks any specific law protecting neural data. While the Supreme Court has recognized privacy as a fundamental right (Puttaswamy v. Union of India, 2017), its application to brain data is still theoretical. A 2023 judgment (Kaushal Kishor v. State of U.P.) broadened constitutional rights to apply against private entities-but gaps remain. The Digital Personal Data Protection Act 2023 doesn’t categorize neural signals separately, and India’s medical device rules overlook consumer BCIs unless marketed for treatment. As it stands, a wellness-focused EEG headband could enter Indian markets unregulated, leaving consumers exposed. Without legal updates, brain data could be collected under vague IT rules or buried in complex terms of service.
Neuro technology in Practice: Indian Examples and Case Law
While brain-computer interfaces (BCIs) are gaining ground in India-from IITs building mind-controlled devices to startups and global brands marketing EEG-based headsets-legal protections remain minimal. Devices from firms like Emotiv and Muse are widely sold, yet no specific regulation governs how brain data is collected or used, leaving users exposed.
One early legal brush came in the 2008 Aditi Sharma case, where police used EEG-based “brain fingerprinting” to link a suspect to murder. The conviction was later overturned, reflecting deep concerns over the scientific reliability and admissibility of such evidence. Since then, Indian courts have not revisited neurodata, despite its growing presence.
Key Legal Gaps:
Mental Privacy & Cognitive Liberty: Article 21 protects privacy, but whether it extends to brainwaves remains untested. Scholars call for recognizing “cognitive liberty”-the right to think free from intrusion-akin to Chile’s constitutional model.
Consent & Future Use: The 2023 Data Protection Act requires consent for “sensitive” data, but if neural data isn’t explicitly included, protections may be weak. Users often accept terms without grasping that their brain data could be repurposed, including for AI or advertising.
Brain Data in Courts: Indian law lacks standards for admitting neural evidence. Globally, EEG-based lie detection is often rejected as unreliable. Such data may also clash with Article 20 (protection against self-incrimination).
Ownership & Data Rights: There’s no legal clarity on who owns brain data. Companies may assert rights through contracts, risking misuse of deeply personal signals.
Workplace Neuro-Surveillance: BCIs could be used to monitor employee focus or fatigue. However, Indian labor law offers no safeguards. Article 21 may help challenge invasive monitoring, but clearer rules are urgently needed.
Recommendations for India
Giventhesechallenges,Indiashouldconsideramulti-prongedresponse:
Legislate Neurorights: India should consider enshrining neurorights like mental privacy and cognitive liberty in law-either by amending Article 21 or introducing new legislation-to protect against unauthorized access or manipulation of brain data.
Regulate BCI Devices Under CDSCO : The CDSCO must formally classify brain-computer interfaces (BCIs) as medical or wellness devices, enforcing health claims scrutiny, performance standards, and import norms to close existing regulatory gaps.
Expand Privacy and IT Laws: Neural data should be declared “sensitive personal data” under the DPDP Act, with explicit consent requirements and stricter safeguards to align with global data protection standards.
Uphold Privacy in the Workplace: Neuro-surveillance at work must be regulated through departmental rules or data protection norms, ensuring brain data is treated as sensitive health information requiring employee consent.
Integrate With Constitutional Rights: Recognizing neurorights as extensions of Articles 21 and 19 can empower citizens to challenge private intrusions, reinforcing brain-data protection as part of fundamental rights.
Learn from Global Guidelines: India should adapt best practices from UNESCO, OECD, and Latin American models to design ethical, rights-based neurotechnology governance tailored to Indian realities.
Public Awareness and Education: Public campaigns and legal education must inform citizens and stakeholders about neurorights and brain data ownership to ensure informed consent and responsible technology use.
Conclusion
Neurotechnology is no longer fiction-devices can now read, interpret, and even alter brain activity. As Chile enshrines cognitive liberty, and the U.S. and UK develop emerging protections, India remains without a legal compass in this uncharted domain. The implications are profound: neural data isn’t just information-it’s identity, emotion, autonomy, and thought itself. Delay risks normalizing invisible intrusions into the sanctity of the mind. India must act decisively. By strengthening privacy law, regulating BCIs under medical and tech norms, and enshrining mental privacy as a constitutional right, we can ensure one truth remains sacred: our thoughts, our freedom, our own.
History will not wait. In the age of machines that read minds, silence is complicity-and inaction, a slow surrender.
(The author is an Advocate-on-Record in the Supreme Court of India and a Senior Counsel to the Union Government.)
Follow our WhatsApp channel
