Explore Legal.io

For Clients
Legal.io company logo
Hire Talent
Find the best fit for any legal role
For Members
Jobs
The best legal jobs, updated daily
Salaries
Benchmark compensation for any legal role
Learn
Learn and grow with our community
Events
Connect with peers at exclusive events
Apps
Tools to streamline legal work
Advertise on Legal.io
Post a job for free
Reach more qualified applicants quickly
Advertise with Us
Reach a targeted audience

For Clients

Hire Talent
Legal.io company logo
Solutions
Find the best fit for any legal role
New Hire
Get highly qualified candidates in days
Popular Roles
Data & Tools
Budget Calculator
Plan and manage your legal budget
Salary Insights
Compensation data for legal roles
Vendor Directory
The ultimate list of legal tech tools

California Extends Data Privacy Protections to Brain Waves with SB 1223

California has become the second state after Colorado to extend data privacy protections to brain waves after Gov. Gavin Newsom signed into law SB 1223, amending the CCPA to define neural data as persona-sensitive information, effective immediately.

 

  • California adds neural data to CCPA's protections, classifying them as sensitive personal information.
  • California I the second state following Colorado to regulate neural data, setting a precedent for broader protections.

  • The law comes with compliance changes for Big Tech companies operating out of the state, especially for those rolling out neurotech consumer products.

California Gov. Gavin Newsom signed SB 1223 into law, amending the California Consumer Privacy Act (CCPA) to include neural data as personal sensitive information, according to a Law.com report. The bill, authored by State Senator Josh Becker, comes into effect immediately.

This makes California the second state after Colorado to define brain waves as sensitive personal information, following an amendment to the Colorado Privacy Act (CPA), ensuring that consumer neurotechnological data is protected similarly to biometric and health data. Both SB 1223 and the Colorado bill were sponsored by the nonprofit NeuroRights Foundation.

Why this matters: 

  • According to a NeuroRights Foundation report, there are currently 30 consumer-grade tools on the market that collect neural data.

  • Under this new legislation, companies collecting brainwave data, particularly from devices measuring cognitive or neural activity, must now adhere to stricter privacy protocols.

 

What SB1223 Provides

  • Neural data, or "brain waves," care defined as "information that is generated by measuring the activity of a consumer's central or peripheral nervous system, and that is not inferred from nonneural information." 

  • Neural data will have the same protections under the CCPA as consumer's genetic data, biometric data, precise geolocation data, and credentials to access financial accounts.

  • Only neural data collected by non-invasive medical grade neurotechnologies will be subject to this bill.

The CCPA and, by extension, SB 1223 apply to businesses with an annual gross income of $25 million or more, if the business buys, sells, or shares the personal information of at least 100,000 California residents, and if the business derives at least 50% of its annual revenue from selling or sharing California residents' personal information.

Mixed Response

  • Neural data definitions in both California and Colorado are too ambiguous and don’t focus enough on “cognitive” or “mental” privacy, according to Nita Farahany, professor of law and philosophy at Duke Science and Society.

  • Farahany wrote in a post that SB 1223 should also include protections for data from heart rate, eye-tracking, and even fitness wearables.

  • Jared Genser, a former DLA Piper partner who now serves as the general counsel of NeuroRights Foundation, said non-neural data is not necessarily as dire and revealing as neural data which is collected by invasive neurotechnologies, so it did not need to be covered by the bill.

  • "Specifically, neural data in California matches the scientific definition of data that can only be captured by medical-grade neurotechnologies and it excludes non-neural inferential data captured from outside the body, which is much less sensitive," Genser said.

What Does This Mean for Silicon Valley?

For Silicon Valley, where neurotech development is expanding under companies such as Meta or Apple, this regulation adds a layer of complexity. While the list of companies rolling out neurotechnologies subject to SB 1223 largely consists of "only a handful of the smaller neurotech companies that meet" thresholds of CCPA compliance, this is likely to change in the near future.

According to Genser, the first company to roll out neurotech subject to the CCPA will be Meta, with the launch of its Orion AR glasses, which need to be combined with a neurotechnology wristband. Companies working on brain-computer interfaces, EEG devices, and neurofeedback tools will need to overhaul their data handling and consent practices in response to this new legislation.

Legal.io Logo
Welcome to Legal.io

Connect with peers, level up skills, and find jobs at the world's best in-house legal departments

More from Legal.io

Charter Communications Appoints Jamal Haughton as Executive Vice President, General Counsel, and Corporate Secretary

Jamal Haughton takes on the position of Executive Vice President, General Counsel & Corporate Secretary at Charter Communications

Charter Communications Appoints Jamal Haughton as Executive Vice President, General Counsel, and Corporate Secretary
General CounselIn-House CounselCareer
Contract negotiation: a basic introduction

Negotiation skills are useful in a personal and a business context. This guide provides helpful tips on what to think and prepare for before and during a negotiation.

CareerContracts
ACC Law Department Management Benchmarking Report

Despite the surge, legal counsel costs overall took up a smaller percentage of companies’ expenses, while in-house lawyers’ duties continued to broaden to reflect the business landscape’s current challenges.

ACC Law Department Management Benchmarking Report
CareerHiring
Ironclad Introduces AI Chat Interface for Complex Contract Analysis

Ironclad CAI is an “open book,” explaining the steps it took to perform the reasoning required to answer almost any contract-related question.

Ironclad Introduces AI Chat Interface for Complex Contract Analysis
TechnologyContracts
US Firms Show Strong Presence in UK Legal Market

US law firms are increasingly prominent in the UK legal market, with 11 of the top 30 firms by revenue being headquartered in the United States.

US Firms Show Strong Presence in UK Legal Market
Law FirmsInternational
First NCBE Pilot Test Insights

The NCBE's pilot test for the NextGen bar exam, conducted between August 2022 and April 2023, involved over 2,500 participants.

First NCBE Pilot Test Insights
CareerEducation
The Verdict on AI and Copyright: A Pivotal Moment for Legal and Tech Intersections

Given the rapid advancements in artificial intelligence and its increasing capability to generate content, the legal landscape surrounding AI's authorship rights has become a topic of significant debate.

The Verdict on AI and Copyright: A Pivotal Moment for Legal and Tech Intersections
Technology
June 16, 2023 Edition #163

Published weekly on Friday, the Legal.io Newsletter covers the latest in legal, talent & tech

June 16, 2023 Edition #163
Newsletter
Legal.io Logo
Welcome to Legal.io

Connect with peers, level up your skills, and find jobs at the world's best in-house legal departments