top of page

Psychedelics and Privacy: Unveiling the Data Privacy Clause

Psychedelics and Privacy: Unveiling the Data Privacy Clause
Psychedelics and Privacy: Unveiling the Data Privacy Clause

What is Proposition 122 and why is it a need?

Proposition 122, or the “Natural Medicine Health Act of 2022,” would decriminalize psychedelics and require the state to establish a regulated system for accessing psychedelics by those 21 years of age or older. The proposition aims to improve the mental health of Coloradans. Research suggests psychedelics could be effective treatments for depression, post-traumatic stress disorder, and substance use conditions. The passage makes Colorado the second state to allow the use of psychedelics after Oregon.

Proposition 122 was designed to:

- Create a natural medicine services program for the supervised administration of such substances.

- Create the Natural Medicine Advisory Board to promulgate rules and implement the regulated access program.

- Create a framework for regulating the growth, distribution, and sale of such substances to permitted entities.

What you should be aware of:

Privacy related concerns:

- One concern that has been highlighted is the privacy and the surveillance of those who receive psychedelics. Colorado's Proposition 122 encourages people to take psilocybin at healing centers. However, their sensitive data isn't covered by medical privacy protections.

- It is concerning given the huge amount of data Colorado will collect under Proposition 122. Department of Regulatory Agencies (DORA) needs to gather sensitive information about clients’ psychedelic experiences at healing centers, which would be a gold mine of psychological data unavailable elsewhere, and an enticing prize for advertisers and pharmaceutical companies.

- Proposition 122’s data collection mandate may have more in common with commercial data practices, like Google, Facebook, which are generally governed by corporate terms of service, privacy policies, and contracts between companies and consumers.

- Colorado’s cache of psychedelic data could expose participants to social, legal, and financial risks.

- As Proposition 122 does not protect employees who use psychedelics from being fired, clients could lose their jobs if employers learn of their participation.

- Client information could be hacked or sold and exploited for commercial purposes. Even organizations that claim to help people in crisis tend to cash in on their sensitive information.

- Federal agencies such as the Drug Enforcement Administration (DEA) can easily access a state-run database of psychedelic client information.

- Psilocybin providers at Colorado healing centers might also face legal and privacy risks. After they collect client data and share it with DORA, they could be compelled to disclose it in court. Colorado’s client data could be used to evaluate the safety and effectiveness of psilocybin. There are claims that the data might be used to persuade insurance companies to cover psilocybin services in Colorado.

Impact on Employees:

- The passage of Proposition 122 could increase employers’ concerns with employees working under the influence of these drugs. Thus, the proposition may be an impetus for employers to review and revise their drug testing and drug-free workplace policies.

- The Natural Medicine Health Act states that it should not be construed “to require an employer to permit or accommodate the use, consumption, possession, transfer, display, transportation, or growing of natural medicines in the workplace.” This may allow employers to continue to enforce zero-tolerance policies regarding the use of psychedelics.

- Colorado law does not require employers to accommodate the use of marijuana in the workplace and the Colorado Supreme Court has held that employees are not protected from discharge by the state’s employment law protections for lawful, off-duty conduct due to marijuana’s continued illegal status under federal law.

Possible Solutions?

- Since Colorado’s psychedelic law could become a template for other states, it’s important to get psychedelic privacy right.

- Federal research and health privacy laws set standards for safety, ethics, and privacy. Participants are covered by the Health Insurance Portability and Accountability Act (HIPAA), which safeguards patient information, or the federal Common Rule, which protects people participating in FDA-sanctioned or federally funded research.

- The people and organizations that draft psychedelic laws, and state agencies that implement them, should put client privacy first.

- Oregon and Colorado's psychedelic laws serve as case studies in client privacy, illustrating why future laws must include stronger protections. Agreeing to share one’s data with outside parties should not be a requirement for participating in state psychedelic programs.

- Requests for clients to share data should be made using separate documents that state exactly who the data would be shared with and how it would be used.

- Vague descriptions like “research and other purposes” do not adequately inform people and are unacceptable.

- Blanket requests to share all information, de-identified or not, should be avoided. Instead, clients should be asked to renew their permissions every time data might be shared with someone else or used for a different purpose.

- Clients must be warned that sharing even de-identified data poses risks.

- Given the history of abuses in psychedelic research, and their illegal federal status, those who draft psychedelic laws must resist the temptation to monitor and monetize everything.

- Since psychedelics reduce inhibitions, the data collected during psychedelic experiences could be more sensitive than typical health information. Without more transparency and accountability, it’s difficult to know where one’s information will end up.

Though the risks of psychedelic surveillance outweigh the prospective benefits, responsible and effective ways can be adopted to prove the safety and efficacy of psychedelics.


bottom of page