Who Owns the Data Your Scalp Leaks?

Pick up a consumer EEG headset — a Muse, a Neurosity Crown, an Emotiv Insight, the Apple AirPods Pro 3 that quietly ship with two skin-contact electrodes in the soft tip — and the first thing it asks you to do is sign a terms-of-service agreement. The second thing it asks you to do is grant cloud upload permissions. Neither of those documents will use the phrase "neural data." Most of them will not even use the phrase "biometric data." They will refer, blandly, to "device telemetry" or "sensor readings" or "usage analytics."

What is actually being uploaded, in most cases, is a stream of voltage measurements taken at 256 Hz from electrodes positioned on locations the 10-20 system would recognise as Fp1, Fp2, TP9, TP10, and sometimes a handful of others. That data, in raw form, supports inference of attentional state, emotional valence, sleep stage, fatigue level, and — depending on the electrode density and the model running over the data — a surprising amount about the user's response to specific stimuli they encountered while wearing the device.

Colorado passed an amendment to its Privacy Act in September 2025 explicitly classifying "neural data" as sensitive personal information requiring opt-in consent. As of this writing, no other US state has matched it. Federal law, including HIPAA, is silent on the question because the data is not being collected by a covered entity. The EU's GDPR, on a generous reading, covers it under the "data concerning health" provision; on a strict reading, it does not, because the consumer device manufacturer is not making a health claim.

In other words: for most users of most consumer neural-sensing devices in most jurisdictions, the legal status of the data leaving your scalp is somewhere between "ambient WiFi telemetry" and "fingerprint biometric." It is not, and this is the part worth sitting with, clearly either.

What Can Actually Be Inferred

The defenders of the current regulatory ambiguity make a reasonable-sounding argument: consumer-grade EEG is low-channel-count, electrode-placement is inconsistent, signal quality is poor, and the actual inferences a device can make are limited to coarse-grained attention or relaxation metrics that the user themselves can broadly self-report. The data is not, the argument goes, that sensitive.

The argument was probably true in 2018. It is increasingly not true now.

Two things have changed. First, the models that operate on EEG data have become substantially more capable. Self-supervised pretraining on large EEG corpora — work coming out of the FACETS consortium in Europe, the BrainBERT line of research from MIT, and several large industrial efforts at Meta Reality Labs and at Apple — has produced foundation models that can pull surprisingly fine-grained inferences out of surprisingly low-channel-count data. The 2024 demonstration by the Reality Labs team that a four-electrode consumer-grade signal could distinguish, with above-chance accuracy, whether a user was reading text versus looking at images was the moment a lot of people in the policy community started paying attention.

Second, the data is being collected continuously and longitudinally. Even noisy signals, integrated over thousands of hours of use, support inferences that are not possible from short sessions. The variability of an individual's alpha rhythm response to specific brands of advertising, integrated over six months of headphone use, produces a behavioural fingerprint that is — in a meaningful sense — unique and stable.

What can be inferred from large-scale consumer neural data, with current methods:

• Engagement and attention with high reliability. This has been true for years.
• Approximate emotional state, particularly valence (positive/negative) and arousal (calm/excited), with moderate reliability.
• Cognitive load and fatigue, with high reliability for the individual user over time.
• Coarse-grained response to specific content — whether a particular advertisement, image, or piece of music produced an engagement response.
• Sleep-stage architecture with quality approaching clinical polysomnography for the consumer-grade devices that include accelerometry.
• Individual identification — multiple research groups have demonstrated that EEG patterns over a few minutes of resting-state data are sufficient to re-identify a user from a known cohort with 90%+ accuracy.

What cannot reliably be inferred, despite the marketing implications of some products:

• Specific thoughts, memories, or images. This is the science-fiction version. It is not where we are.
• Truthfulness or deception. EEG-based "lie detection" remains in the same scientific category as polygraph: highly suggestive in controlled lab settings, not reliable enough for individual application.
• Demographic attributes beyond what would be inferable from other sensor data on the same device.

The gap between what can be inferred and what cannot matters enormously, because the privacy harm vectors are very different. A device that knows whether you found a particular ad engaging is selling that information to an advertiser. A device that knows whether you are sleep-deprived during a video interview is selling that information to an employer. A device that can re-identify you across services is selling that information to a data broker. All three things are happening now. The fourth thing — a device that knows what you are thinking — is not happening and probably will not for the foreseeable future.

The Chile Precedent

Chile passed the world's first constitutional protection of "neurorights" in October 2021, amending Article 19 of its constitution to protect "brain activity and the information from it." The law has, in the four years since, been mostly symbolic — there has been no enforcement action, the implementing regulations are still being drafted, and the constitutional protection is being challenged on free-speech grounds by domestic civil-liberties groups. But the symbolic value matters. It established, for the first time, that a country could choose to put neural data in a separate legal category before the underlying technology forced the question.

UNESCO published a Recommendation on the Ethics of Neurotechnology in November 2024, urging member states to adopt similar protections. Mexico, Spain, and Brazil have draft legislation in progress as of early 2026. The US federal landscape is, predictably, focused on more narrowly-scoped questions — the FTC's enforcement action against Brainwave Trends Inc in March, the proposed Neural Data Protection Act introduced (but not advanced) by Senator Markey last summer — and the patchwork of state laws is going to make life interesting for any company building a national-scale product.

What This Means If You Wear One

The pragmatic guidance for anyone using consumer neural-sensing hardware in 2026 is straightforward and slightly grim:

1. Read the data export and deletion provisions. Some devices retain data indefinitely by default. Some allow local-only processing. The difference matters.

2. Assume cloud-uploaded data is being used for model training. Most consumer-EEG companies have explicit clauses in their terms permitting this. The data leaving your head is, in many cases, being aggregated to improve products you will not personally use.

3. Be aware that the legal landscape is in motion. The data you are uploading today may be governed by laws that do not yet exist. That is good, on net, for privacy outcomes — but only if the laws actually pass.

4. Pay attention to whether your device manufacturer is in the medical-device business. A device cleared by the FDA as a medical device, even a Class II, is subject to a different regulatory regime than a wellness gadget. The wellness gadget is, paradoxically, less protected.

The honest read on the current state of consumer neurotech privacy is that the technology is moving substantially faster than the law, the law is moving substantially faster than public awareness, and public awareness is moving substantially faster than informed consent. The gap between those four things is where the harms are going to land, and the harms are going to land disproportionately on users who are least equipped to evaluate the technical claims being made by the companies collecting their data.

This is a solvable problem. It requires deliberate regulatory choices. It is not, currently, being solved.