The big-tech revolution is fuelled by the growth of VR and AR. According to projections, by 2026, 25% of the global population will log on to virtual worlds for at least an hour a day. That’s not just to shop, work or attend events — they’re also there to socialize with other people.
The technological advances in AR, VR, 5G and AI can pose some issues for privacy and data security. According to a report by Agora, 33% of developers believe this is the biggest obstacle the metaverse has to overcome.
New Gartner findings say that “75% of all organizations will restructure risk and security governance for digital transformation as a result of contemporary cybersecurity threats, insider activity, and an increase in attack surfaces and vulnerabilities.”
Recent legislation has addressed the privacy of personal data. The GDPR, for example, gives consumers the right to be forgotten. This mandates that companies delete consumers’ information upon request. It also mandates that enterprises get consent from people before storing their data. Regulatory compliance is a growing business, and European regulators are now taking stricter enforcement actions. As regulations become tougher, organizations that want to lead in the metaverse will prioritize data privacy more than ever.
Digital privacy is a hot topic right now. While it’s been established in many industries and websites, the virtual world is still brand new and lacks legislation to protect people there. According to Tim Bos, founder and CEO of ShareRing, “many of the breakout metaverses will be ones where people can experience genuine things they can’t currently do in the real world.” He added that “most of these companies are looking for something with the appeal of Fortnite or Minecraft, but want to keep you coming back.”
In Web 2.0 the threat to privacy is lower, since people only log in for a limited time. However, in Web 3.0 and the metaverse the threat to privacy is greater than before. Every 20 minutes of VR use can generate some two million unique data elements – this includes everything from how you breathe and walk to how often you think, move or stare. These data are mapped by algorithms with your body language to give insights as to who you are and what motivates you. The problem is that these companies collect data from users whether they consent or not .
Existing data protection frameworks are woefully inadequate for handling the breaches of privacy that can be caused by new technologies. We also know that with just five minutes of collected VR data, machine learning algorithms can correctly identify users 95% of the time. Laws are catching up, but there’s still a lot to do.
Privacy issues in the metaverse are difficult to solve. For example, influencer and CEO of Spectrum Labs, Justin Davis, said “I think the reason it [concern about harassment] applies to the metaverse, whatever that even means, is right now in Web2, we clearly haven’t gotten that right.” So far we haven’t gotten content moderation at any given company or allowing anonymous comments correctly.
The global reach of the metaverse falls across several data privacy regimes, according to Bos. He said that “one of the most considerate policies on digital privacy remains the GDPR, as it seems to be a baseline for data privacy. It’s a moving target though, as the developers need to consider traceability of the user if they’re storing information on the blockchain.”
Tim Bos noted, “There’s also the challenge of security when people are connecting their wallets to the metaverse.” “How can they be sure that a virtual event won’t happen to their NFTs?”
As the world evolves, so will digital privacy and security. In a Web3 world, there are fears that some data being collected might be deeply invasive. For example, Brittan Heller has called “biometric psychography” a term to describe “the gathering and use of biological data to reveal intimate details about an individual’s likes and dislikes.” In VR experiences, it’s not just outward behavior that is captured. Algorithms also record subconscious emotional reactions during specific situations through features like pupil dilation or facial expressions.
The metaverse offers immense promise for a more connected, immersive world. However, organizations looking to establish themselves in this virtual realm need to prioritize data privacy and security as they’re building their universes.