As technologies capable of tracking and even manipulating the workings of our minds become increasingly available for personal use, it is imperative that consumers understand exactly what kinds of access and control they grant over their brain data. A new report from the Neurorights Foundation sheds light on the often hidden practices of the fast-growing consumer neurotechnology industry and highlights the pressing need for stronger protections of mental privacy.

The report surveyed privacy policies from 30 companies offering direct-to-consumer neurotechnology products, ranging from meditation headbands to brain training systems to sleep aids containing biosensors. While technologies like these hold promise to enhance health and wellness, the findings illustrate the limitations of an industry thus far unchecked by meaningful oversight or standards. Across areas like information access, data practices, sharing and sales, user rights, and security, numerous protection gaps emerged between companies’ stated privacy frameworks and global standards for handling sensitive personal information.

Perhaps most concerning, the report found that eight of the 30 companies surveyed provided no policy documents whatsoever specific to their neurotechnology offerings prior to purchase. Without access to information, consumers use neural-data capturing products in the dark, unable to evaluate associated privacy risks or make informed choices. Even when policies were disclosed, ambiguity surrounded whether provisions governing “personal data” included brain data. This uncertainty leaves consumers in the lurch regarding application of their rights to an organ generating singularly intimate signals about internal experience.

With neural data carrying the very fingerprints of our identities, histories, and personalities, such ambiguities are unacceptable. Collection and storage practices likewise lacked clarity on minimizing or limiting sensitives like brain scans. International agreements emphasize restricting retention only to purposes of initial consent. Yet the majority of companies posed no information for judging compliance, instead retaining undefined discretion over data duration. Issues arose too surrounding access to contact companies, notification of policy changes, and available user controls like withdrawing consent or deleting data.

On security, most firms assured measures too generically to assess protecting a resource so intrinsically private. Barely a third committed in policies to notifying data breaches, anonymizing information, or encrypting stored brain signals. Overall, only 10% of companies comprehensively addressed the core protection pillars of consent, transparency, purpose limitation, and data safety according to global standards. That 90% did not outlines the need for enforceable rules attuned to advancing neuroprivacy rights worldwide.

Life sciences progress should uplift, not infringe, human welfare and dignity. Companies’ inability – or reluctance – to properly inform users about burgeoning databases of intimate neural profiles highlights why autonomous industry self-governance falls short. Stronger frameworks are urgently required with clear prohibitions, oversight, and remedies to bolster protections keeping pace with proliferating mind-tech. Though innovation in cognitive augmentation shows great promise, true progress realizes individual autonomy and consent as foundational to any applications affecting ourselves at our most irreducible level. Only through codifying neuroprivacy as a basic human right can emerging neurotechnologies realize their benefits for all humankind, not just for profit margins, by safeguarding mental sanctuaries we dare not compromise.