Brain–computer interfaces (BCIs) face multidimensional privacy risks in real-world applications, including neural data leakage, inference of sensitive information, and tight coupling between models and user privacy. This work proposes the first privacy-protection strength grading framework specifically designed for BCIs, establishing a systematic taxonomy across three dimensions: protected entities, lifecycle stages, and protection strength. Through conceptual modeling, risk pathway analysis, and joint evaluation, existing approaches are categorized into four protection levels. The framework emphasizes decoupling task-irrelevant sensitive information to achieve an optimal balance between privacy preservation and functional utility. By providing a structured foundation for understanding and addressing neural privacy threats, this study offers both theoretical grounding and technical guidance for tackling emerging challenges in neuroethics and privacy-aware BCI design.

Brain-computer interfaces (BCIs) are moving rapidly from laboratory research into clinical, edge, and real-world settings. Under ISO/IEC 8663:2025, a BCI is a direct communication link between central nervous system activity and external software or hardware systems. This link expands privacy risk beyond raw neural-signal leakage: neural data, derived representations, model assets, and decoded outputs can be re-associated with individuals across collection, transmission, storage, training, inference, and feedback, or used to infer information beyond what a task requires. Starting from the general BCI paradigm, this review deffnes privacy-protection boundaries, protection objects, and the relationship between user data privacy and model privacy within a shared risk pathway. It then proposes a three-dimensional framework - protection object, lifecycle stage, and dominant protection-strength level - to classify existing work into four levels of protection strength. Finally, mental privacy and neuroethical risks are treated as open issues, emphasizing that BCI privacy protection should not only obscure data but also disentangle task-irrelevant sensitive information while preserving downstream utility. Keywords: Brain-computer interface, Neural data privacy, User data privacy, Model privacy, Disentanglement of task-irrelevant sensitive information, Protection-strength grading, Neuroethical risks