Privacy Concerns in the Metaverse




When ‘Meta’ Met Privacy

On October 28th Mark Zuckerberg announced that Facebook would be changing its name to Meta Platforms Inc., or Meta. The ultimate goal of Meta is the construction of the metaverse, a combination of multiple technologies to create a digital universe where people can live, work, travel, and communicate. 

Since this announcement, the metaverse has been subject to debate, criticism, and applause from professionals across many different fields and industries. The metaverse presents an exciting opportunity for companies, individuals, and creators to expand their network into a ‘brand-new world’, but this comes with its fair share of challenges. The fluidity of the metaverse and the ease of travel from one world to the next, each controlled by different entities and their own sets of values, presents a myriad of unique privacy issues.

At this point, it is hard to understand how the information collected through the metaverse will be used, stored, monetized, and regulated. From Mark Zuckerberg’s keynote presentation, it seems clear his dream for the metaverse is that it be crafted much like the current internet, meaning there will not be one single developer or company running the metaverse but many different companies, users, developers, and creators contributing to the metaverse and collecting user information, each with different policies on how to retain, use, and share this information. With this approach, though, the onus is on the individual to know how their data is being used – are privacy policies enough to provide this type of transparency? Should we rely on our current legal framework?

 A core concept of the metaverse is the ability for users to easily travel through realistic worlds through the help of virtual reality and augmented reality. This means it will be difficult to subject the metaverse to the current data privacy regime made up of a multitude of different data privacy regulations, each varying from country to country, and even state to state. To truly protect users’ privacy, the metaverse will need uniform and comprehensive privacy regulations to allow for sharing across the complex worlds of the metaverse, while keeping the sensitive personal data collected through virtual reality and augmented reality technologies secure. But which regulation will apply in these digital spaces? How do we conform inconsistent requirements for different types of data? How will Meta ensure transparency so the public can trust their intimate personal data is being used safely and appropriately? These are thorny questions.

Engaging in the metaverse will require us to reveal even more personal data – Virtual and augmented reality can track things like eye movements and physical reactions to stimuli, which can be used to form inferences about our personal lives. Technology in public spaces can begin to track people’s movements. When used together, this information acts like a fingerprint allowing companies to identify users and collect physical information about them and their environment. It’s safe to say the law is not as sophisticated as the technology.

 So far, Mark Zuckerberg has promised that Meta is working with experts to ensure that metaverse products will protect users’ privacy and give them “transparency and control over their data.” It is too early to tell whether these promises will be honored by Meta or whether other corporations are also placing a premium on the privacy of users in the metaverse. Though, as the metaverse develops, it will be important to proactively address privacy and ethics concerns and work with policymakers, developers, and companies to ensure protection of personal data as users begin to let these innovative new technologies into their daily lives.

 by Nicole Harris




by Heidi Yernberg
Partner-In-Charge, Chicago