Exciting Metaverse! but what about my Data Privacy Protection?

If we’re not careful, the arrival of the metaverse could be way worse for data privacy than traditional social media already is, thanks to the tracking power of Virtual Reality (VR) and Augmented (AR) technology. The concerns may be (mostly) manageable… but only if governments update laws, platforms stay transparent, and users push for features that obscure data collection, especially on physical reactions like eye movements.

Immersive identification

In immersive worlds, new technologies will siphon up data at an increasingly granular level—a person’s way to walk, eye movements, emotions and more—putting far greater strain on existing safeguards.

Privacy advocates are sounding the alarm on the metaverse:

 •The metaverse will be accessible through VR and AR, which could be used by companies to track users' physical responses to advertising or other media.

•At any given time, the way you move, the way you’re gazing, your pupil dilation, is giving away information to developers.

•These data points could be used to create a user profile that details subconscious states, mental states, or a health issue before a person even recognizes them or seeks medical or psychological attention.

 In those instances, the data could be used to subtly manipulate users or even, if shared with third parties like an insurance company, lead to premium hikes. Data privacy laws will need to be updated to reflect changing technologies and their related privacy issues and economic possibilities.

Meta under a microscope

It seems impossible to discuss the metaverse without mentioning Meta (formally Facebook), which is trying to transform into a metaverse company. Unfortunately, Meta is notorious for alleged data abuses, paying billions in fines.

 For its part, Meta says that it has pledged $50 million to outside researchers to focus on privacy and security on the platform, while its VR arm, Reality Labs, is issuing its own research grants. Considering that Meta has recently kept data hidden from outside researchers, expect the privacy community to keep a close eye on the company.

Some regulators are calling for greater alignment between antitrust and privacy oversight bodies to control corporate data misuse and prevent companies from using consumer data to gain an unfair competitive advantage.

European regulators for data protection, competition, media and financial markets said that they will share expertise on data processing, artificial intelligence and other digital business areas, drawing on experiences from their own cases. The regulators said they would explore possibilities to jointly work on enforcement investigations.

Regulators in Europe, the U.S. and other regions are realizing that large tech companies have become very powerful and collected huge amounts of data, while rules on their behavior lag.

The European data protection regulator is organizing a conference in June this year on the future of privacy enforcement, hoping to gather feedback from participants to shape a new forum for digital regulation that includes privacy, competition, and consumer protection watchdogs.

At the same time, it will be essential that the private sector in the Philippines works closely with the National Privacy Commission (NPC) and the Philippine Competition Commission (PCC) to safeguard privacy factors associated with data.

Feedback would be very welcome; contact me at [email protected]