Recent leaps in neurotechnology signal a distinct shift from a world in which we 'use' technology, to one where we 'become' the technology. The third generation of the Internet of Bodies is approaching, so what exactly is it, what are the legal issues, what are countries doing (or not doing) to get ahead of the game and why is the UK taking a different approach to some of its global counterparts?
Internet-connected devices like smart fridges, video doorbells and voice assistants are all examples of the Internet of Things (IoTs) – smart devices that connect and communicate through a network.
The Internet of Bodies (IoB) describes a sub-set of IoT devices that interact far more intimately with the human body. They connect the body to an online network through technology that you can wear, ingest, implant or otherwise link to a human body. IoB devices fall into three categories:
External and internal devices are already commonplace but embedded devices are the next frontier. With Elon Musk proclaiming at the latest Neuralink 'Show and Tell' event that the first chip will be installed in a human by June 2023, now is a prime time to consider the impact of such devices.
BCIs are the most talked embedded device to date – these are devices that merge with the human brain, allowing for a real-time connection with remote computers that receive live data updates for the purposes of controlling and monitoring aspects of human health.
BCIs offer the first real step towards uniting humans and artificial intelligence. Their functionality extends far beyond the health stats you'll be familiar with on your smartwatch. They have the potential not only to track our data and provide assistive support, but also to enhance our body's functions – the Milken Institute predicts that AI BCIs could unlock cures to health conditions that have phased scientists for decades, including Alzheimer’s and Parkinson’s disease, and we are quickly seeing companies line up to deliver:
For those currently suffering from severe health conditions, BCIs can't come soon enough, but such technological leaps are not generally characterised by sunshine and rainbows, and if the Borg in Star Trek are anything to go by, it's worth considering the potential downsides and how we can mitigate them.
In August 2022, the UK Law Society published a report on the potential impact of BCIs, identifying questions we need to consider before we begin to think about realising the potential benefits:
Some of these questions will depend on how we realise the technology in the context of military, health and consumer applications. While Neuralink and Synchron are focussing on health, companies like Facebook have been considering how to use brain data for marketing ads for some years. This being the case, it's clear that regulation will be needed to ensure the safe deployment of the technology. The question then becomes when and how do we start?
To date 39 countries have taken steps to consider regulation of neurotechnology by signing up to the OECD’s non-binding recommendation on responsible innovation in neurotechnology. Adopted in 2019, the recommendation outlines nine principles that guide stakeholders through each stage of the innovation process (from research to commercialisation) with the goal of maximising the benefits of neurotechnology and minimising its risks. Examples of principles include:
Although a good first step to get the conversation going (which is a success in itself), the breadth of principles and their non-binding nature, are significant limitations. Something more robust with real 'bite' is needed to effectively regulate BCIs and this is where Chile is leading the pack.
The world led by Chile
Back in 2021, Chilean Senator Girardi understood the need to get ahead of the technology:
"we didn’t regulate the big social media and internet platforms in time, and it cost us…"
Shortly after this statement, Chile became the first country to implement legislation in the form of a constitutional amendment that enshrines the right of mental integrity of all citizens. The aim of the legislation is to protect mental privacy, free will, equal access to cognitive enhancement technologies and protection against algorithmic bias. The constitutional amendment was quickly followed up by a draft Chilean neuro-protection bill that seeks to underpin the new and broadly drafted constitutional rights, by giving personal brain data 'organ status' – meaning it cannot be bought or sold, trafficked or manipulated, and any data collection will require explicit 'opt-in' authorisation from the user.
EU – the first steps have been taken
In 2021, several EU countries went beyond the OECD's recommendation:
UK – let them innovate
Having signed the OCED's recommendations in 2019 and with the Law Society publishing a report in 2022, it's clear that neurotechnology is on the UK government's radar, but unlike Chile and its EU counterparts, the UK is taking a more commercial approach.
As the Law Society explains, there are risks if we regulate too late, but there are also risks if we regulate too early:
"It would be disastrous if progress in treating conditions that cause so much suffering and quite properly could be viewed as requiring urgent action, were unnecessarily slowed by too cautious a regulatory environment..."
This commercial approach to regulation is increasingly the norm in the UK, especially in areas like data protection and Artificial Intelligence. The UK's data protection authority (the ICO) is leading the way with its regulatory sandbox – a service that creates a space for technology companies to innovate in collaboration with the regulator, to push the limits of innovation within the boundaries of applicable regulation.
Whether neurotechnology is a good fit for the ICO's sandbox depends on how you view BCI technology. This problem has already been considered by the UK Parliament Office of Science and Technology – should neurotechnology be considered a 'personal data technology' regulated by the ICO, or a medical device regulated by the MHRA, or a consumer technology regulated by the CMA? Or maybe we need something new? In which case the UK's current approach seems sensible… at least for now.
Neurotechnology is both exciting and potentially terrifying, BCIs offer clear benefits to humans in that they may be the key to managing or curing some of our most debilitating health conditions, and driving our functional advancements far beyond what seems possible today. But achieving those benefits comes with a ream of risks that need to be considered in order to safely realise the technology's full potential.
How we go about regulating neurotechnology is still up for debate. Each country seems to have very different views on how and when such regulation should come into being, the promising take away is that at least one of them has to be right…right?
Thomas Kahl looks at key legal issues for connected mobility manufacturers and related businesses from a German law perspective.
2 of 5 Insights
Matt Quezada looks at what the UK's PSTI Act means for the security of the Internet of Things.
3 of 5 Insights
Advancing technologies are forcing legal updates to product safety but what are the proposed changes and how will they impact manufacturers of connected products?
4 of 5 Insights
Paul Voigt looks at the EU's plans to protect the security of digital products.
5 of 5 Insights