How Will Personal Privacy be Regulated in the Metaverse?

From VR headsets to entire virtual worlds where consumers can interact with each another via the internet, the metaverse stands to usher in a new era of innovation and technological advancement in the upcoming years. Nevertheless, the same problems that mankind is currently facing, in reality, will still be present in the metaverse. To this point, many privacy and consumer protection advocates are beginning to question the manner in which personal privacy will be regulated within the metaverse, as there have been many troubling developments thus far.

To illustrate this point further, an academic paper that was published by two different groups of researchers at both UC Berkeley and the Technical University of Munich in Germany respectively detailed several experiments within an “escape room” that was created within the confines of a VR game, with the aim of uncovering the potential risks that online users playing the game might experience when engaging in activities with other users. What’s more, these studies also sought to understand what level of privacy protection would be needed to mitigate these negative effects.

A study on VR usage

As stated in an article published by the British technology news website The Register concerning the matter this past July, “Through a 30-person study of VR usage, the researchers – Vivek Nair (UCB), Gonzalo Munilla Garrido (TUM), and Dawn Song (UCB) – created a framework for assessing and analyzing potential privacy threats. They identified more than 25 examples of private data attributes available to potential attackers, some of which would be difficult or impossible to obtain from traditional mobile or web applications.”

Most obviously, due to the inherent nature of VR headsets and glasses, any person that uses such hardware will invariably be disclosing their biometric information, as well as information regarding their behavioral patterns. Nonetheless, the experiment that was conducted also found that an adversarial program that was present within the virtual environment had “accurately inferred over 25 personal data attributes, from anthropometrics like height and wingspan to demographics like age and gender, within just a few minutes of gameplay.” In this way, concerns regarding personal privacy protection within the metaverse are very much rooted in reality.

Tech companies and privacy

In addition to this, many of the current leaders in the virtual video game industry, as well as the metaverse, have already gained a reputation for failing to protect the personal information and privacy of the millions of consumers around the world that are currently using their numerous products and services on a daily basis. For example, current Meta CEO Mark Zuckerberg is currently leading the charge as it relates to the metaverse, as he recently debuted an avatar of himself within the digital online space this past week.

Described as “the first time the Facebook founder has held a public conference in Meta’s Horizon World metaverse” by Business Insider, Zuckerberg has publicly boasted about the benefits of interacting with online users within this new digital landscape. However, Facebook’s own history regarding data privacy does not inspire optimism as it pertains to the protection of the personal information that consumers disclose when engaging with each other in the metaverse, irrespective of how their avatars look while doing so. Even without taking into account the infamous Cambridge Analytica political scandal that was first exposed in 2018, Meta has been accused of violating the personal privacy of its users several times during this year alone.

Data protection violations

For instance, the social media company agreed to pay a $37.5 million settlement after it was alleged that the company had used the geolocation data of California residents to track their whereabouts without their consent. In conjunction with the provisions of the California Privacy Rights Act (CCPA), these actions constituted a serious violation of the law. However, due to the overwhelming lack of privacy legislation within the U.S., the true extent to which companies such as Meta effectively steal the personal information of their own users remains to be seen. On top of this, many of the hardware companies that currently produce VR headsets, including South Korean electronics company Samsung, among others, also have a less than stellar record of safeguarding the personal data of their customers.

Despite the fact that any experiment that is conducted regarding any particular topic or issue is not necessarily indicative of how events will play out in the future, the fact that many of the companies that are looking to expand their business into the metaverse have consistently been accused of data privacy violations casts doubt that anything will change within a new digital environment. For these reasons, consumers that are interested in VR headsets and other products that will enable them to experience virtual reality will have to take into consideration the ways in which these practices could infringe upon their personal privacy.