IF we’re not careful, the arrival of the metaverse could be way worse for data privacy than traditional social media already is, thanks to the tracking power of virtual reality (VR) and augmented reality (AR) technology. The concerns may be (mostly) manageable…but only if governments update laws, platforms stay transparent, and users push for features that obscure data collection, especially on physical reactions like eye movements.
Immersive identification
IN immersive worlds, new technologies will siphon up data at an increasingly granular level—a person’s gait, eye movements, emotions and more—putting far greater strain on existing safeguards.
Privacy advocates are sounding the alarm on the metaverse:
• The metaverse will be accessible through VR and AR, which could be used by companies to track users’ physical responses to advertising or other media.
• At any given time, the way you move, the way you’re gazing, your pupil dilation, is giving away information to developers.
• These data points could be used to create a user profile that details subconscious states, mental states, or a health issue before a person even recognizes them or seeks medical or psychological attention.
In those instances, the data could be used to subtly manipulate users or even, if shared with third parties like an insurance company, lead to premium hikes. Data privacy laws will need to be updated to reflect changing technologies and their related privacy issues and economic possibilities.
Meta under microscope
IT seems impossible to discuss the metaverse without mentioning Meta (formally Facebook), which is trying to transform into a metaverse company. Unfortunately, Meta is notorious for alleged data abuses, paying billions in fines.
For its part, Meta says that it has pledged $50 million to outside researchers to focus on privacy and security on the platform, while its VR arm, Reality Labs, is issuing its own research grants. Considering that Meta has recently kept data hidden from outside researchers, expect the privacy community to keep a close eye on the company.
It is good to see that companies are bracing for more regulatory scrutiny in 2022 as UK and European Union watchdogs in antitrust and data privacy collaborate.
Joint policy initiatives between competition and data protection regulators picked up speed in 2021, aiming to crack down on how large companies use personal data.
Some regulators are calling for greater alignment between antitrust and privacy oversight bodies to control corporate data misuse and prevent companies from using consumer data to gain an unfair competitive advantage.
European regulators for data protection, competition, media and financial markets said that they will share expertise on data processing, artificial intelligence and other digital business areas, drawing on experiences from their own cases. The regulators said they would explore possibilities to jointly work on enforcement investigations.
Regulators in Europe, the US and other regions are realizing that large tech companies have become very powerful and collected huge amounts of data, while rules on their behavior lag.
Pending EU rules could add to the regulatory pressure on large data-centric companies. The draft digital markets act, which is currently in legislative negotiations, would introduce requirements on large digital companies, such as forcing them to offer data portability to end users.
The legislation could be quite a significant game changer for the way digital platforms are regulated. European regulators’ growing interest in digital platforms is likely accelerated by regular reports of new high-profile data breach scandals.
The European data protection regulator is organizing a conference in June on the future of privacy enforcement, hoping to gather feedback from participants to shape a new forum for digital regulation that includes privacy, competition, and consumer protection watchdogs.
At the same time, it will be essential that the private sector in the Philippines works closely with the National Privacy Commission and the Philippine Competition Commission to safeguard privacy factors associated with data.
Feedback would be very welcome; contact me at hjschumacher59@gmail.com