Neuralink is an American neurotechnology company founded by Elon Musk and eight neuroscientists in San Francisco in 2016, to invent implantable brain-machine interfaces. Thanks to this device which is implanted into the human brain and has the technology to enable the implant to send neurologic signals acquired from the brain to computers, interference with the human brain is now becoming possible. The motive behind the production of this device is to provide remedies to spinal cord disorders or illnesses such as depression, Alzheimer’s, Parkinson’s, and addiction.
The device developed by Musk’s company does include more than three thousand electrodes upon, which are capable of monitoring activities by a thousand neurons. The said device follows up a certain sector in the human brain, may analyze neuron activation records using artificial intelligence, and determines what kind of impetus it should send to which brain sector. Thanks to that, learning, storage of information, and liaising between data are now possible. Although this device instills hope for many remedies in medicine and has many advantages, it should be regarded that the device may bring in some challenging situations, freedom of movement, personal liberty, and personal data being in the first place. It should be noted that Neuralink should be studied in particular in the scope of criminal law and personal data protection, given the problems arising out of a brain becoming available to outside interference and affection.
II. NEURALINK WITHIN THE SCOPE OF CRIMINAL LAW
Neuralink, thanks to its artificial intelligence technology, achieves duties regarding high mental processes such as reasoning, deduction, learning from past experiences, which are deemed as human-specific abilities; as such it may interfere with the brain through a chip implanted into the human brain. As mentioned above, it is of great importance to consider the human brain becoming exposed to control and interference through Neuralink technology in the scope of criminal law. Primarily, the security problems to which this device may lead should be found, and the measures to prevent them should be determined. Once an interference to the brain is at stake, the authorized person and/or institutions, and circumstances where the interference is allowed must be explicitly determined. Additionally, even if the circumstances where the interference is allowed have already been determined, it should also be designated the limits for the interference and the sanctions in failure to abide by the rules. Also, it is important to obtain prior consent by the person who will be exposed to brain interference; and delineate the limits for the interference even in cases where the consent has been duly obtained.
In light of the foregoing, an evaluation may be made in terms of violation on private life, recording personal data, acquisition, dissemination of personal data or deliverance thereof to third parties out of the crimes as having been set out under Turkish Criminal Code no. 5237 (“TCC”). Primarily, the possibility to interfere with the human brain thanks to the device implanted on human brains may cause the violation on private life which provides legal protection for the individual, thereby leading to the intrusion into the private areas of one’s life which in no circumstances would he have not wished to be known. The crime for violation of private life imposes a penalty for the actions through which people figure out or record by intruding into each other’s private life areas where no one else is likely to become aware of. Indeed, this device highly interferes with the personal area; and even if the person has given consent to that, the crime is likely to be committed, and it is difficult to delineate it.
Apart from that, the crime for recording personal data emerge when any information belonging to a person who is or can be identified, and of personal data nature has been illegally recorded. Likewise, the crime for the acquisition of personal data may also be at stake when personal data has become under subjection to the perpetrator. Neuralink records the data to which it has access and which it follows up a certain sector therein through the chip implanted into the person’s brain. In consideration of the fact that the data accessible via this chip are unlimited or not known yet, the data recorded are likely to be assessed under personal data. Therefore, it is considered that Neuralink technology, by recording the data, may cause the occurrence of the crimes for recording and acquisition of personal data.
Besides, another question to be noted arises as to whether the interference with the human brain and its functioning through Neuralink would remove the person’s free will, or whether it would encourage the person to faulty actions out of his free will. At this point, the limits in the delineation of the person’s free will likely to become uncertain, as such the evaluation of deliberation and negligence in a person’s action may become difficult. That said, within the framework of fault liability; it is considered that Neuralink company who has produced the artificial intelligent implementation in question and offered it for sale, as well as the seller companies from which the end consumers/users have purchased this device, may be held liable, from the aspect of concrete outcomes of the actions.
III. NEURALINK WITHIN THE SCOPE OF PROTECTION OF PERSONAL DATA
Another legal field that may be affected by technology such as Neuralink is undoubtedly the law on the protection of personal data. This is because, data that may be collected with a device implantable into the brain will continuously and incrementally increase, also the said collected data may contain private data that need protection and which are highly confidential. In the law on the protection of personal data, the lack of classification on data acquired by brain-machine interfaces in General Data Protection Regulation (“GDPR”) as the global legislation and the Code no. 6698 on Protection on Personal Data as the legislation in effect in Turkey brings in debates relating to whether the said data fall within the scope of the relevant legislation. In this article, it will be presumed that the said data fall within the scope of the relevant legislation, and the considerations on the relation between the collection of the said data and the explicit consent -which is among the top principles in terms of the law on the protection of personal data- will be given.
One of the points to be noted primarily is the limit and the amount for the data to be collected through the device implanted into the brain. Under normal circumstances, persons have a level of control on explicit consent regarding the questions as to which of their data to be collected, to what end such data may be processed and to which third parties the data may be disclosed. In this respect, the person may opt for disclosing and allowing for processing some of their data. However, a device implanted into the brain may directly and unlimitedly collects data from the person’s brain and leave the person unnoticed; and even he is, he may not be capable of controlling it. In such a case, the person’s consent to unlimited collection of all data and the process for the sake of the expected benefits from the device falls too short of carrying the certainty element required from the term “explicit consent”.
Besides, another point to be noted concerning consent to data collection concerns the validity of the person’s consent, if the device is used for remedies for illnesses which are likely to affect the free will, such as Alzheimer’s. As GDPR and KVKK require explicit consent except for the derogations set out, one may articulate that before any data collection, prior explicit consent by such persons is also needed. However, debates may arise as to whether in illnesses capable of affecting the brain, the clarification to the person has been genuinely understood, or the existence or soundness of the person’s will at the time of consent. At this point, it may be suggested that, as it is obligatory for the protection of life and bodily integrity of the person who may not give his explicit consent to data collection due to material impossibility, or whose consent is declared invalid, obtaining explicit consent would not be necessary. However, in such a case, we believe that the element for “obligation for the protection of life and bodily integrity” will be in dispute.
In light of the explanations above, and consideration of the technological developments in further terms, it has become compulsory for states to enact regulations that accommodate requirements and which are convenient for developing technologies. Practicing artificial intelligence implementations needs a legal framework where the balance between rights and freedoms, and the benefits provided through the technology is regarded. To enable justification for these technologies, they should be practiced relying on law and proportionally. Otherwise, wherever they may be implemented, the legality of this and similar implementations will always be open for debate.
Kılınç Law & Consulting
 For detailed information relating to debates on this subject, please see “Dato, Alessandro “Brain-Computer Interface: a Data Protection Perspective”, Tilburg Institute for Law, Technology and Society.” and referred articles therein.
Innovation & Fintech
Kılınç Law & Consulting's Innovation & Fintech department represents established companies with regards to their digital endeavors