From digital pacemakers to human chips, how to protect the privacy of the world in the body?

When organs transmit information, when tissues send signals, when DNA is used for storage… the gradual informatization of the world in the body requires a response to privacy and personal information protection.

Using numbers from outside the body to understand the inside of people has always been the focus of privacy protection debates, but in contrast, in the face of another more fundamental and ongoing innovation-the privacy protection debate in the internal world seems to be much weaker.

When organs transmit information, when tissues send signals, when DNA is used for storage… the gradual informatization of the world in the body requires a response to privacy and personal information protection. At this time, how to arrange the right of privacy is related to the integrity and autonomy of the body and life.

From digital pacemakers to human chips, how to protect the privacy of the world in the body?

According to the order of technological maturity and actual application, the various innovations in the informatization of the internal world can be roughly divided into the following categories: The first category is medical diagnosis and treatment or human body enhancement equipment implanted in the body. This type of equipment is relatively common and has also caused legal conflicts (for example, whether the information on a pacemaker can be used for criminal investigation is a case that has just been concluded); the second type is that it has gradually been commercialized in recent years and can be implanted. Microchips in the body; the third category is biological storage that is still in the laboratory stage but has a broad application space in the future.

The pacemaker case in 2017 is straightforward.

The cause was that the suspect’s house was destroyed by fire. In the face of the police’s criminal investigation into arson and fraud, he claimed: When the fire broke out, he quickly removed the heavy objects in the house, and then jumped out of the window to survive. After obtaining the approval of the court, the police successfully retrieved the heart rate data stored by the pacemaker in the suspect’s body at the time of the fire, and found that it was inconsistent with the suspect’s narrative. The suspect immediately appealed, hoping to exclude evidence based on pacemaker data, but he passed away before he could wait for the verdict.

One of the significance of this case is that the information on the medical equipment in the body may be used for purposes other than medical treatment due to public interest.

Pacemakers, smart heart stents, smart drug delivery systems, and other in-vivo diagnosis and treatment devices that collect and process personal information are also a subset of human body augmentation devices that are more versatile. Human body enhancement not only seeks a cure, but also seeks to exceed the limit. For example, the exoskeleton helps to load heavy objects; advanced limbs can enable people with disabilities to reach the level of participating in international track and field events; the brain-computer interface made by Willett and other scholars and recently published in “Nature” can match the letters in the individual’s brain The imagination is quickly converted into typing letters in reality. Facing the increasingly practical reality of human body augmentation, the IEEE working group has begun to draft related privacy and security standards.

The microchip implanted in the body has also embarked on the commercialization process and initiated a limited range of trials.

The founder of BioHax publicly declared in 2018: In Sweden alone, about 4,000 people have implanted microchips, and there are also trialers of the same level abroad. By reading the chip, individuals can be accurately identified, verified or tracked. Currently, the application scenarios where this technology has been or will be put into practice include: when passengers board the bus, they read the chip to verify their identity; the company’s internal identification and verification for security protection; supermarkets identify customers.

Image source: BioHax
Image source: BioHax

The privacy problem similar to that of pacemakers brought by microchips is: even if the purpose of implanting the information on these chips is quite clear, such information may still cause unexpected troubles for individuals when similar public interest considerations arise. . Furthermore, at the moment when IoT devices can be seen everywhere, is it possible to match and integrate this information, and whether the microchip can be networked and linked with other devices? It is no longer a “sci-fi” type of questioning, but if you want to Options that can be realized by doing and technology.

Clemson University professor Jordan Frith concluded on the basis of system research microchips:”On the road to the Internet of Things (people), we are at a fork in the road.”

Biological storage is the furthest away from practicality, and the impact on the existing privacy and information protection system may be the most severe. The biological storage here includes at least two types of technologies that have been implemented in the laboratory-the first type is a hard disk made of silk and other materials that scholars such as Tao Hu have recently implemented. In short, devices that store information are expected to be safely implanted in the human body. The second category is DNA storage with a longer research history: After successfully achieving access to specific information on DNA molecules, at least in theory, the human body has considerable information storage potential.

Why is the impact here probably the most severe? Although academic research often mentions “cyborg” and “digital twins”, there is usually a clear distinction between the part of the body and the part of the information world when the rights of individuals are actually arranged by the system.

As a result, it is not a pleasant thing for individuals to discover that information devices in their bodies can be used in unexpected ways by the outside world. For society, it is hoped that the legal order of the information age will be established and there is a “good for all types of information flow.” The expectation of “Fa Ke Yi” also temporarily stops on the surface of the human body.

An answer is needed to how much information in the body world should be protected.

From digital pacemakers to human chips, how to protect the privacy of the world in the body?

01 The privacy of the world in the body

Does the internal world fall within the scope of privacy and personal information protection? If so, where and how much is the scope and degree of protection, the discussion on these issues still needs to be based on the law. Privacy strictly protected by law: Unless the law provides otherwise, or the individual expressly agrees, the right to privacy cannot be infringed. Regarding what is privacy, the “Civil Code” defines: “a natural person’s private life is peaceful and private spaces, private activities, and private information that are unwilling to be known to others.”

Therefore, the next question is how to interpret private space, private activities, and private information in the in vivo world information era.

Is the body a private space? It’s hard to say “no”.

Generally speaking, we resist others from invading the body, and we also expect the body to be a private space. This is why the detection of invading anal swabs has become a controversial topic. From a more macro perspective, before the 19th century, the understanding of the right to privacy was more of “home is the castle”; in the 20th century, starting from “the womb is also the castle of the individual”, the privacy of the internal space is sex and fertility. An important basis for autonomy. In addition, unless the law provides otherwise, the boundary of privacy depends on the individual’s explicit consent; physical autonomy is one of the cornerstones of the development of the concept of “consent” in modern times.

Of course, in practice, there may be very subtle questions about who is located inside the “private space”. The pacemaker, the chip and the silk hard disk themselves are of course located in the internal space in a physical sense; however, there are different views on whether the information collected, processed, and provided to the outside is also located in the internal space.

Especially when the corresponding in-vivo devices are connected to the outside world, it is reasonable to think that this part of information is actually in the cyberspace/information space without clear physical boundaries.

Therefore, we also need to consider private information. And determine whether the private information, there are at least three kinds of ideas –

First of all, Article 1033 of the “Civil Code” clarifies that “private parts of the body” belong to privacy. However, since the words used with the “private part” are “shooting, peeking”, it is difficult to determine whether the space below the body surface can be classified as a private part.

Secondly, it is judged by the type of information. According to Professor Cheng Xiao of the Law School of Tsinghua University’s analysis of the categories of personal information, “…individual health information, criminal records, property status, sexual orientation, etc. are of course private information”, and some are “controversial.” The range of information collected by in-vivo devices is so wide that it cannot be simply judged by category.

Finally, there are judgments based on scenarios, which to a large extent means specific situations and specific analysis, and it is difficult to draw conclusions beforehand.

Faced with real-life cases such as pacemakers or microchips, at the stage when judicial practice has just begun and consensus is still to be formed, such a two-step approach is more realistic: First, start from the “of course” category that is not controversial. The information collected and processed by the in-vivo equipment can be judged at this step, and the problem can be solved; secondly, if the judgment cannot be obtained in the first step, it is likely to enter a scene analysis that requires a comprehensive balance of multiple factors. At this time, the information taken from the body can be used as a weight Very high, a consideration that tends to be considered private information.

Although there is little correlation between in-vivo information devices and “private activities” from an intuitive point of view, in the three cases, the two will overlap.First, individuals may regard implanting the device itself in the body as a private activity. To judge this, you need to see what equipment it is.Second, the information collected by in-vivo devices directly reflects private activities. The classic case here is: Combining the heart rate and time information recorded by the fitness bracelet can clearly reflect the pattern of sex life.Third, further analysis of the information collected by in-vivo devices is sufficient to reveal private activities. For example, the trajectory of actions may reveal an individual’s health status, religious beliefs, and sexual orientation.

From digital pacemakers to human chips, how to protect the privacy of the world in the body?

02 Protection of personal information in the internal world

Even if the information collected and processed by in-vivo devices is not private, the information is likely to comply with the regulations for personal information protection. The starting point of the question is still “what belongs to personal information”. According to the “Civil Code” definition: “Personal information is a variety of information recorded electronically or in other ways that can identify a specific natural person alone or in combination with other information…”

It can be seen that “be able to identify” is the most critical criterion.

In specific practice, how to judge the scope of personal information can be further divided into two steps-

First look off with , if personal information has been established and the association, for example, in the form of data on the same line, which should belong to personal information. Many of the information collected and processed by the in-vivo information equipment can be judged at this step. Especially all kinds of “smart” in-body devices: personalization often implies the meaning of association.

Second, look at identification . For in-vivo devices, this step is not so easy. For example, it is often difficult to identify a specific natural person by just looking at the heart rate or trajectory without using other information. Of course, if there is other information that can be easily obtained by ordinary people, which can be identified after being combined, then it can also be judged as personal information.

It is worth pointing out that the “Personal Information Protection Law (Second Review)” confers a higher degree of protection on “sensitive personal information”. Sensitive information refers to:”Once leaked or illegally used, personal information that may lead to personal discrimination or serious harm to personal and property safety, including race, ethnicity, religious beliefs, personal biological characteristics, medical health, financial accounts, personal whereabouts and other information.”

The “two-step approach” for judging private information is also applicable here: First, see whether it belongs to the category clearly enumerated by the law, and then judge whether it will cause discrimination or serious harm. The information collected and processed by in-vivo devices, especially the corresponding information of diagnosis and treatment or human body enhancement devices, is likely to meet the requirements of “serious hazards” and thus belong to sensitive personal information.

After judging that the information collected and processed by in-vivo devices is (sensitive) personal information, it becomes a more “real” question: to what extent should it be protected?

Based on the individual’s fully informed consent is the minimum requirement. In the scene of implanted devices, in addition to the usual notifications on what information is collected, how to process, whether it will be provided to the outside world, how long it will be stored, etc., there is not yet a fully mature and robust device, such as microchip , Or biological hard drives, it is at least as important to fully inform the information security risks.

Unlike privacy, obtaining consent is not the only “pass” for collecting and processing personal information. If the individual has disclosed information on his own, if the processing of the information is necessary for the conclusion of a contract, or out of considerations of public interest, it is also possible to process personal information.

Here comes the question raised in the pacemaker case: Where is the boundary?

If self-disclosure is regarded as an implied consent, then for the remaining two “holes”, whether “necessary for the contract” or “consideration of public interest”, there are requirements for the strength of the relationship: the corresponding individual The connection between information and the conclusion of a contract or public interest must be sufficiently close. If it is sensitive information, the intensity needs to reach “sufficient necessity”. For in-vivo information equipment, maintaining “restraint” at the hardware level and allowing the equipment to only be used for sufficient and necessary functions will be a very effective and trustworthy compliance approach.

In addition, from the perspective of data/information governance, the separation between the body and the information world will become a “gap” in the future.

  • At the macro level, the “triple balance”, which is the core trade-off between personal information protection and data governance, is the balance of interests between the country, enterprises, and individuals, and it still exists in the body and the world.
  • At the micro level, for example, although the governance assumptions for cross-border transmission have covered every layer of the network model, these assumptions may not cover the possibility of carrying a large amount of information in and out of the country.

Nonetheless, if the privacy protection and data governance systems are extended to the internal world for reasons of making up for the gap, this in itself will become a difficult privacy issue.

From digital pacemakers to human chips, how to protect the privacy of the world in the body?

Concluding remarks

There have been many ideas for the (sufficient) informatization of the internal world. When this day finally emerges, the system that has been working hard to foresee will still expose many aspects that have not been fully considered.

On the basis of concisely summarizing the three types of related technologies that are already or close to practical, starting from the two systems of privacy and personal information protection, we try to describe the scope and degree of protection in a slightly “tipping” way. This does not mean that there are only these protections, such as the provisions on physical rights, which overlap with this; it does not mean that the system has reached the limit, and technical standards can play a role in many parts that cannot be concluded in advance.

Finally, there is something worth adding: Although the article only talks about the system, if there is no technical consideration from two aspects, the article can hardly be called complete.

On the one hand, network security protection can be regarded as a prerequisite: without this, both the system’s protection of individuals and the system’s deterrence against potential evildoers appear quite pale. Of course, a sufficient level of safety protection is also part of the system regulations.

On the other hand, in-vivo information equipment can be as private, as sensitive and as important as possible. From this point of view, the collection, transmission and processing of relevant information should always consider the best anonymization technology at the current level. .


1. Regarding the pacemaker case, you can see the series of reports in the place where the case occurred, such as “Judge: Pacemaker data can be used in Middletown arson trial”, link: pacemaker-data-can-used-middletown-arson-trial/Utxy63jyrwpT2Jmy9ltHQP/, last access date: May 16, 2021.

2. Regarding the IEEE working group drafting a privacy standard for human body enhancement devices, the results of the IEEE P2049.2 “” project are expected to be completed by the end of 2022.

3. Regarding the commercial practice of BioHax, you can see various media reports, such as “I am microchipped and have no regrets”, link:, finally Date of visit: May 16, 2021.

4. For the analysis of Cheng Xiao, please see “Sensitive and Private Information in the Protection of Personal Information”, link:, last visit Date: May 16, 2021.

5. For the controversy about fitness bracelet information reflecting sex life, see related series of reports, such as “Fitbit moves quickly after users’ sex stats exposed”, link: /05/fitbit-moves-quickly-after-users-sex-stats-exposed/?sh=5af3142a4327. Last visit date: May 16, 2021.

6. For “Tripartite Balance”, please see Zhang Xinbao, “From Privacy to Personal Information: Theoretical and Institutional Arrangements for Revaluation of Interests”, China Law 3.38 (2015): pp. 38-59.

Ceze, Luis, Jeff Nivala, and Karin Strauss. “Molecular digital data storage using DNA.” Nature Reviews Genetics 20.8 (2019): 456-466.

Faden, Ruth R., Tom L. Beauchamp, and Nancy MP King. A History and Theory of Informed Consent. Oxford University Press, 1986.

Frith, Jordan. A Billion Little Pieces: RFID and Infrastructures of Identification. MIT Press, 2019.

Lee, Woonsoo, et al. “A rewritable optical storage medium of silk proteins using near-field nano-optics.” Nature Nanotechnology 15.11 (2020): 941-947.

Willett, Francis R., et al. “High-performance brain-to-text communication via imagined handwriting.” Nature 593 (2021): 249–254.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-07-20 07:04
Next 2021-07-20 07:07

Related articles