Regulating emotion technology and mental health data: two questions worth sitting with

Regulating emotion technology and mental health data: two questions worth sitting with

30 April 2026

Elisabeth Steindl’s recent book A Datafied Mind raises two questions I keep coming back to. The book focuses on EU regulation of emotion technology and neurotechnology, and one of the four use cases she examines in great detail is mental health and wellbeing, painting a nuanced picture of current challenges, with concrete examples including a number of notorious cases where things go wrong, such as Doctena and Vastaamo.

The importance of future data uses

In the EU, the distinction between personal and non-personal data is key. Within personal data, we also distinguish between sensitive and non-sensitive data. Gathering sensitive personal data comes with safeguards and precautions. At the same time, we increasingly see devices gathering huge amounts of data. Not all data is fully decipherable yet or able to offer us relevant information regarding our (mental) health. However, advances in data analytics mean such information could be extracted in the near future. To what extent will we still be able to talk about non-sensitive data then? This also resonates strongly with me personally, after having had several conversations with DPOs in recent months about challenges related to data sharing agreements.

Fixing digital mental health’s position in the EU regulatory space

There is growing concern that the way digital mental health apps are currently regulated in the EU (as Class IIa medical devices) is suboptimal. The associated high costs and requirements have resulted in a greater number of devices choosing to avoid seeking certification. Potential solutions could include reclassifying mental health apps as Class I, or addressing digital mental health separately within the MDR, for example by offering conditional MDR exemption after passing a quality and efficacy assessment and obtaining a GDPR certificate, though such reforms remain open to debate.

Like many researchers and clinicians, I really want to see the field advance as soon as possible. At the same time, I think we also need to acknowledge the importance of paying sufficient attention to rules and regulations. Given the delicate nature of this domain and the risks involved when things go wrong, that is absolutely key. Analyses like those in this book make complex legal matters tangible and concrete, and hopefully also inspire improvements in safe and effective practice.

A Datafied Mind is available here.