On Aug. 7, Colorado became the first U.S. state to directly regulate neurotechnology, as its new legislation, H.B. 24-1058, came into force. The new law, which Colorado Gov. Jared Polis signed back in April, amended the Colorado Privacy Act, or CPA, to protect biological and neural data. A number of health-focused apps and online services have begun to collect and analyze neural data through various means, such as using electroencephalogram, or EEG, headsets or smartphone sensors to track brain activity. Researchers believe that this data can provide insights into individuals' physical, mental and emotional health. If such devices are hacked or if data is vulnerable to unauthorized access, threat actors may be able to access — or, worse, influence — individuals' thoughts and emotions. With these concerns in mind, Colorado's amendment to the CPA expands the definition of "sensitive data" to include biological and neural data, defined as "information that is generated by the measurement of the activity of an individual's central or peripheral nervous systems," say Goodwin’s Omer Tene, partner in the firm’s Technology group and Data/Privacy & Cybersecurity practice, Jacqueline Klosek, partner in the firm’s Technology/Life Sciences Business unit, and Krystal Lin, an associate in the firm’s Business Law department. To find out more about Colorado’s neural privacy law, read the article on Law360.