Ienca Marcello, Malgieri Gianclaudio
EPFL, College of Humanities (CDH), Lausanne, Switzerland.
EDHEC Business School, Augmented Law Institute, Roubaix, France.
J Law Biosci. 2022 Apr 25;9(1):lsac006. doi: 10.1093/jlb/lsac006. eCollection 2022 Jan-Jun.
Although decoding the content of mental states is currently unachievable, technologies such as neural interfaces, affective computing systems, and digital behavioral technologies enable increasingly reliable statistical associations between certain data patterns and mental activities such as memories, intentions, and emotions. Furthermore, Artificial Intelligence enables the exploration of these activities not just retrospectively but also in a real-time and predictive manner. In this article, we introduce the notion of 'mental data', defined as any data that can be organized and processed to make inferences about the mental states of a person, including their cognitive, affective and conative states. Further, we analyze existing legal protections for mental data by considering the lawfulness of their processing in light of different legal bases and purposes, with special focus on the EU General Data Protection Regulation (GDPR). We argue that the GDPR is an adequate tool to mitigate risks related to mental data processing. However, we recommend that interpreters focus on processing characteristics, rather than merely on the category of data at issue. Finally, we call for a 'Mental Data Protection Impact Assessment', a specific data protection impact assessment designed to better assess and mitigate the risks to fundamental rights and freedoms associated with the processing of mental data.
尽管目前还无法解读心理状态的内容,但神经接口、情感计算系统和数字行为技术等技术能够在某些数据模式与记忆、意图和情感等心理活动之间建立起越来越可靠的统计关联。此外,人工智能不仅能够以追溯的方式,还能够以实时和预测的方式探索这些活动。在本文中,我们引入“心理数据”的概念,将其定义为任何可以被组织和处理以推断个人心理状态的数据,包括其认知、情感和意动状态。此外,我们通过根据不同的法律依据和目的考虑其处理的合法性,分析了对心理数据现有的法律保护,特别关注欧盟《通用数据保护条例》(GDPR)。我们认为,GDPR是减轻与心理数据处理相关风险的适当工具。然而,我们建议解释者关注处理特征,而不仅仅是争议数据的类别。最后,我们呼吁进行“心理数据保护影响评估”,这是一种特定的数据保护影响评估,旨在更好地评估和减轻与心理数据处理相关的对基本权利和自由的风险。
