The analysis of MDT regulation across specific use cases – particularly in mental health and well-being, commercial advertising, political advertising, and employment monitoring – suggests that MDTs, especially neurotechnologies, do not necessarily present entirely new legal questions or phenomena. Rather, they occasionally highlight existing deficiencies and weaknesses that have long been recognised, albeit sometimes exacerbating their effects. By strategically adapting and utilising existing laws and legal instruments, substantial improvements can be made to the legal framework governing MDTs. In some cases, stricter regulations are urgently needed, while in others, compliance and enforcement present significant challenges. Although recent legislation has created important opportunities to address these shortcomings, a political consensus has yet to be reached on all necessary aspects. Throughout the book, alternative approaches and adaptations de lege ferenda within both established and newly adopted laws have been proposed as sources of inspiration. The concluding remarks reiterate key legislative adaptations.

In Chapter 2, the classification of data processed by MDTs under the General Data Protection Regulation (GDPR) is examined. While the data processed by MDTs is typically linked to the category of biometric data, accurately classifying the data as special category biometric data is complex. As a result, substantial amounts of data lack the special protections afforded by the GDPR. Notably, data processed by text-based MDTs falls entirely outside the realm of special protection unless associated with another protected category. The book advocates for a shift away from focusing on the technological or biophysical parameters that render mental processes datafiable. Instead, it emphasises the need to prioritise the protection of the information itself. To address this, Chapter 2 proposes the inclusion of a new special category of ‘mind data’ within the GDPR. The analysis shows that classifying mind data as a sui generis special category aligns with the rationale and tradition of special category data in data protection law.