Recommended Sponsor - Buy Original Artwork Directly from the Artist

Source: The Conversation (Au and NZ) – By Edward Musole, PhD Law Student, University of New England

Girts Ragelis/Shutterstock

Recent trends show Australians are increasingly buying wearables such as smartwatches and fitness trackers. These electronics track our body movements or vital signs to provide data throughout the day, with or without the help of artificial intelligence (AI).

There’s also a newer product category that engages directly with the brain. It’s part of what UNESCO broadly defines as the emerging industry of “neurotechnology”:

devices and procedures that seek to access, assess, emulate and act on neural systems.

Much of neurotechnology is either still in development stage, or confined to research and medical settings. But consumers can already purchase several headsets that use electroencephalography (EEG).

Often marketed as meditation headbands, these devices provide real-time data on a person’s brain activity and feed it into an app.

Such headsets can be useful for people wanting to meditate, monitor their sleep and improve wellness. However, they also raise privacy concerns – a person’s brain activity is intrinsically personal data. This is particularly concerning when it comes to EEG headsets and wearables designed for children.

The subtle creep in neural and cognitive data wearables are capable of collecting is resulting in a data “gold rush”, with companies mining even our brains so they can develop and improve their products.

A serious privacy concern

In a background paper published earlier this year, the Australian Human Rights Commission identified several risks to human rights that neurotechnology may pose, including rights to privacy and non-discrimination. Legal scholars, policymakers, lawmakers and the public need to pay serious attention to the issue.

The extent to which tech companies can harvest cognitive and neural data is particularly concerning when that data comes from children. This is because children fall outside of the protection provided by Australia’s privacy legislation, as it doesn’t specify an age when a person can make their own privacy decisions.

The government and relevant industry associations should conduct a candid inquiry to investigate the extent to which neurotechnology companies collect and retain this data from children in Australia.

The private data collected through such devices is also increasingly fed into AI algorithms, raising additional concerns. These algorithms rely on machine learning, which can manipulate datasets in ways unlikely to align with any consent given by a user.

What does the privacy law say?

Users should have complete transparency over what data their wearables collect, and how it is being used.

Currently, the Privacy Act and the Australian Privacy Principles govern the collection, use and disclosure of personal information in Australia.

Right now, Australians don’t have any legal protections from privacy infringement on their brain and cognitive data. Technology companies can mine the neural data of Australians – including children – and store this information outside Australia.

We urgently need to update the laws to provide more robust privacy protections for when neurotechnology comes into play. This would proactively protect the privacy of Australians of all ages at all times.

A child's hand in closeup tapping on a smartwatch screen.
With children having access to wearable devices, data privacy concerns intensify.
StoryTime Studio/Shutterstock

How should we change the laws?

One potential solution would be to update our privacy legislation to work in conjunction with the Therapeutic Goods Administration (TGA), which regulates the supply of medical devices in Australia.

This would ensure wearables compatible with mobile apps and software that currently circumvent the TGA would fall within their stringent oversight. Such devices include fitness trackers and smartwatches, but also EEG headbands.

Doing this would mean these privacy-invasive technologies have to align with the TGA’s regulations, protecting the cognitive and neural data of Australians.

We could also establish additional data collection oversights to monitor neural data collection by companies within and outside Australia. This way, we could ensure compliance with privacy regulations and put into place measures that prevent unauthorised data collection or surveillance through wearables.

Such changes should also provide users with the right to access their neural and cognitive data. For example, users should always have the option to have their data permanently erased. Doing this would ensure that Australians’ data is treated in a transparent, ethical and legally sound manner.

Australia is at a pivotal crossroads. We need to address the risks associated with data harvesting through neurotechnology. The industry of devices that can access our neural and cognitive data is only going to expand.

If we make these reforms now, Australia could become a global leader in privacy protection. And we could all enjoy the benefits of wearable tech while knowing our privacy rights are stringently protected.

The Conversation

Edward Musole does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.

ref. Wearable devices can now harvest our brain data. Australia needs urgent privacy reforms –