ARTICLES

Protecting the Metaverse

The metaverse is a concept straight out of a 70s science fiction movie. It’s the interconnection of experiences and identities within a digital universe where people can log in and live. Originally coined as a term in the 1992 novel ‘Snow Crash’ by Neal Stephenson, it came into sharp hype relief in the last quarter of 2021 when Facebook announced its new name –Meta –and intent –building the metaverse. The idea is interesting, and certainly the CEO’s vision is dynamic, but aside from being painted with a faintly dystopian brush, the metaverse itself introduces safeguarding and privacy concerns that have already risen to the top of the social media pool.

Guidelines adopted by the European Data Protection Board(EPB)in April 2021 highlighted many of the risks inherent in social media. These platforms have evolved from simple engagement platforms to spaces where users are tracked and targeted on the basis of their personal data, with third-parties collecting information and using it to serve up content and messages that are curated and customised. For marketers, this is a delicious dream. For individuals, this scraping of personal data and information within this rich metaverse is potentially invasive and insidious. This is one of the reasons why the EPB’s guidelines plus legislation like the General Data Protection Regulation(GDPR) are invaluable guardians of personal information.

“The question that needs to be asked right now is how these social media platforms are approaching compliance, how they’re handling all these layers of information and insight,” says Brendon Ambrose, General Manager and Data Privacy Lawyer at Atvance IntellectBV. “What measures are they putting in place to ensure that information is being correctly protected, particularly when it comes to younger users. Many platforms are populated by children and the information they provide to these platforms can potentially put them at risk.”

The reality is that these social media worlds are filled with data about people of all ages and incomes. Data that can be used to drive sales, build empires and gain legions of fans. It’s also changing fast, adapting to shifting market and consumer needs, and is incredibly dynamic and exciting for those that are willing to brave its depths. While there have been plenty of shots taken at the minds behind the metaverse, with the Guardian describing it as the ‘new utopian boondoggle’ for tech billionaires, but there is value in the idea.

“The concept of virtual reality and mixed reality is definitely interesting and has immense potential” says Ambrose. “However, it needs to be a world that’s not controlled by only a few elite people or companies. It has to follow ethical tenets, set by the societies within which they operate,and personal data has to be protected at every touchpoint and interaction. Even though most of the ideas around the metaverse are conjecture right now, this is the right time to look at the foundations and walls that needto be built to ensure that the construct is safe.”

The challenge, however, is how can regulations such as the GDPR legislate information protection and the safeguarding of personal data in a universe where the rules haven’t even been defined as yet? Legislation can’t be made around things that may or may not happen –this will only create further complexities and may create problems, not solve them.

"How can you legislate for something that you cannot even comprehend yet?” says Ambrose. “This is a constantly evolving and developing world that hasn't even been properly defined yet. Some say it’s the Matrix; some describe it as a virtual reality paradise; others believe it’s simply centralised digital services access from anywhere and on any device. This is too vague to put a pin in it, much less legislate for it.”

However, there’s little doubt that, if the metaverse explodes into being, it will need protections put in place. Guidelines around the use of artificial intelligence (AI) and machine learning. Regulations that ensure user privacy and protect vulnerable people. These regulations and protections aren’t taking away the fun, they’re making sure that the fun doesn’t have unintended consequences.

"As organisations, social media giants, users and innovators eye up the metaverse and its potential, they need to continuously assess how they’re tackling user privacy and data,” concludes Ambrose. “For companies specifically, they need to take the guidelines already outlined in legislation and apply these to the virtual realm and the solutions they offer within it. This will not only minimise the risk to users, but the risk of over-regulation that may stifle innovation.”

The future of the metaverse is still up for debate, its potential up for grabs, but it’s evolution should be monitored and managed with a clear eye on the protection of personal information. Users must remain wary of individual companies taking their information and dig deep into who will own that information and where it will be used. Companies need to temper innovation with regulation and consideration, keeping compliance at the forefront of engagements. Then, perhaps, the metaverse will be less a boondoggle and more a truly digital experience.

Get in touch with Atvance Intellect, experts in data privacy, data law, compliance and global best practice to ensure that your business doesn’t just survive compliance, it leverages it for growth.