In our previous article entitled “The importance of creating an interoperable Metaverse,” Lydia Dettling discussed how much data Metaverse platforms will collect, arguing that the success of the Metaverse is dependent on interoperable privacy and security standards, that can only be achieved by industry consensus and collaboration. In this article, we aim to explore some of the privacy concerns related to Meta’s Metaverse and what can be done to allay privacy fears.
Meta (the parent company of Facebook, Instagram, and WhatsApp) has struggled to secure users’ data privacy. Apple’s decision last year to make changes to its ‘Identifiers for Advertisers’ policy gave users more control over their data and prevented third-party applications from tracking user data for targeted advertising. Meta has estimated that this policy change has resulted in USD 10 billion in lost advertisement sales revenue.
Privacy concerns in the metaverse
While Apple has taken the lead in protecting its customer’s privacy and data, the Metaverse provides the ideal opportunity for Meta to redefine its relationship with customer privacy and data and to adopt a more transparent privacy-centric approach to how the platform will collect and use customer data. In doing so, Meta can ensure that users trust Meta’s metaverse platforms and technology and perhaps it can also win over users who left its Facebook, Instagram and WhatsaApp platforms due to privacy concerns.
Earlier this month, Meta released its Human Rights Report where it argued that “the right to privacy is essential to realizing the right to freedom of expression.” The report goes on to state that Meta protects users from “unlawful or overbroad government data requests …” however the report does not adequately address how Meta itself makes use of user data and what safeguards it has put in place.
A survey conducted in 2022 found that user privacy is one of the key concerns for participants of the Metaverse. 50% of those surveyed were worried about user identity issues, 47% worried about the forced surveillance that users might have to go through, and 45% are concerned about the potential abuse of personal information.
Interactions in the metaverse are likely to include the collection of biometric data, movements and gestures, reactions to certain situations and environments, and other sensory data points. For example, Oculus headsets are used to immerse users in the Metaverse – users should be concerned about how to obscure data on eye movements with privacy filters without sacrificing too much utility, since eye-trackers could give companies a wealth of information for targeted advertising at a very granular level.
A new business model – not based on user data?
Meta’s current business model is premised on understanding its users’ preferences (based on data collected and analyzed by algorithms) and then selling these preferences to advertisers and retailers. The metaverse provides an opportunity for Meta to reevaluate its business model and how it wishes to interact with its users. Meta could, at the outset, inform data subjects about the information collected and how it will be used, requesting their explicit consent. Currently, websites allow users to accept cookies or decline them – could a similar data privacy-related feature be adopted in the Metaverse?
Metaverse users could also be more “data-savvy” and ask explicitly what aspects of their data will be stored and by whom. They could even look at charging or being compensated for their data via cryptocurrency. Interestingly, there are already several companies that help individuals to monetize their data.
Meta’s solution: privacy policies informed by research
Meta has pledged USD 50 million to outside researchers focusing on privacy and security in the Metaverse, including a partnership with the National University of Singapore to investigate data use. Separately, Meta’s augmented- and virtual-reality arm, Reality Labs, is issuing grants to study topics such as how to authenticate users and detect novel forms of cyberattacks across new devices and services. The findings of this combined research should inform data and security Metaverse policies that are transparent and make navigating privacy controls easy.