In our previous post Metaverse: Back to First Principles, Crispian Wong explored South Korea’s pioneering ‘Metaverse strategy’ and identified three key principles that industry and governments should uphold in the development of the metaverse. This article will explore the first of those principles: interoperability. A metaverse that optimises user experience and creator opportunities will only exist if there is collaboration between a diverse range of actors, including product designers and content creators. Our previous post discussed the need for open standards that technically enable metaverse hardware and content to be accessed and developed across the board. This article will focus on the challenges around interoperable privacy and security standards.
Interoperability across services, and between technologies and environments is a fundamental characteristic of the metaverse. It enables scalability, consumer choice, innovation, and enhances opportunities for creators and users. Interoperability of the metaverse will inherently require increased data collection and sharing, with a clear emphasis on a user’s behavioural personal data. Operators of technologies and platforms will no longer have sole discretion on how the data they collect is used, as this data will be shared among other actors in the metaverse who provide services, environments, and user interaction through the primary operators’ technologies or platforms.
A significant amount of personal data is collected during a visit to the metaverse. The risks associated with personal data collection can include user authentication, identity fraud, pervasive user profiling, tracking, and unauthorised or misuse of data.
Take the following example: On an uneventful day, I may log into an art gallery in the metaverse, taking on my avatar which was purchased from my favourite sports team. I then proceed to visit a metaverse co-working space to chat with a colleague. For my experience to be seamless, both the hardware and software elements (which will be provided by different companies) will need to be interoperable.
As I experience the metaverse, different apps will need access to my hand movements and facial expressions, and they will collect and process data about my interactions to enrich the experience. Unless privacy and security standards are fully interoperable, this seamless movement between metaverses, and the ability to transport digital goods between them, will be impossible.
A proactive and consensus driven approach to interoperability standards
The experiences of web 2.0, where regulatory safeguards were only implemented reactively as a consequence of growing competition, security, and privacy concerns, need to be avoided. Current legislation such as the EU’s GDPR, Data Act, and the Digital Services Act, are not designed for the circumstances and challenges brought by the metaverse.
To facilitate the open, interoperable, and decentralised nature of the metaverse, minimum common standards which ensure user and data security and integrity must be agreed upon by all actors (developers of technologies, experts, academics and government regulators) Such standards could include user consent guidelines for the collection of data, limitations on the transferral of data, obligations concerning data encryption, as well as transparency, reporting and accountability recommendations.
Developing clear standards and guidelines for creators and developers of the metaverse will ensure the metaverse which is built is safe, secure, trustworthy, and a reflection of our democratic values.
Failure to engage in discussions and form a consensus on standards from the outset will constrain the development of an interoperable metaverse for creators, hinder the scalability of the metaverse, risk severe security and privacy breaches, diminish consumer trust in the metaverse and risk the subsequent development of ineffective and inefficient regulation.
As the technical development of the metaverse continues, now is the time for stakeholders from industry, academia, experts, and government to participate in this dialogue and begin developing a consensus on minimum safety and security standards. In fact, Access Partnership’s Metaverse Policy Lab will host its first webinar on the topic of interoperability – where we will bring together industry experts, academics, and government stakeholders and create a platform where we can adopt a consensus-based approach to interoperability standards.