Growing public awareness of data privacy has pressured countries to introduce stricter privacy laws. However, in the future, emerging technologies such as the metaverse, virtual reality (VR) and augmented reality (AR) will make the enforcement of data privacy rules more difficult.
History of data privacy regulation
At its inception, the internet was designed to be free, open and innovative. Initially, most governments adopted a light regulatory touch, allowing companies to grow with little intervention. As a result, companies like Facebook have thrived with business models based on targeted advertising. Targeted advertising refers to advertisements that are served to a specific audience. The purpose of that ad is determined by user data sold by companies like Facebook to advertising agencies.
Public awareness of data privacy issues has finally pressured countries to enact stricter data privacy laws, with the EU’s General Data Protection Regulation (GDPR) being the gold standard of data privacy regulation. The GDPR establishes a legal framework to keep citizens’ personal data secure by requiring companies to have robust processes for handling and storing personal information. The GDPR has cumulatively fined tech companies more than $2.9 billion between 2018 and 2022. Although this is a large sum, enforcement frameworks remain extremely underfunded and short-staffed, and these fines remain a slap in the face for most Big Tech companies.
The GDPR promotes a “privacy by design” approach in which companies are encouraged to adhere to data protection policies as an integral feature of data processing technologies. While European regulators have confirmed that the GDPR will apply to the metaverse and other related technologies operating within the EU, compliance with data privacy regulations will be incredibly difficult.
Data privacy in the metaverse
The metaverse is a virtual world where users share experiences and interact in real time within simulated scenarios. It has been marketed as a revolutionary technology that will change how we buy, work, learn, socialize and consume media content. Companies like Meta, Epic Games and Microsoft have poured billions of dollars of investment into metaverse technologies and content. However, the metaverse remains in its infancy.
GlobalData’s TMT Predictions 2023 report predicts that it will be a metaverse winter in 2023. Tech giants will continue to invest, but there will be less venture capital activity and fewer deals in the space. Instead, the year will not produce big returns, it will give underlying technologies, such as AR and VR, a chance to mature.
It’s not yet clear how much this ‘winter’ will hinder the metaverse’s long-term potential. However, one of its biggest obstacles will be public concern about data privacy. Multisensory experiences in the metaverse will expand the scope of data privacy beyond the normal data points to include emotional, biometric and physiological data, meaning users will be monitored at an almost forensic level. This will make compliance with data privacy regulation much more difficult. First, it is unclear whether current data privacy regulations, other than the GDPR, are legally applicable to new technologies. Second, while current regulations deal with billions of data points shared between users and tech companies, the metaverse and related technologies will give companies access to trillions of more invasive data points. There is already a lack of resources when it comes to enforcing data privacy laws, which will only get worse as we embark on an immersive future in the metaverse if regulators are not adequately prepared.
Looking forward to
Regulators must draft legal frameworks with robust enforcement processes that take into account the potential dangers of the emergence of more invasive technologies with access to biometric data. Government resources will always be limited when it comes to data privacy enforcement, however, regulators can improve efficiency by using artificial intelligence and other technologies to track Big Tech activity in the data privacy space.
When the GDPR and other legal frameworks are expanded to cover the metaverse, the metaverse may see its functionality challenged. For example, how can Meta render real-time avatars of people in the metaverse if it is not allowed to capture the biometric data needed to mimic the movement of people? Therefore, developers must collaborate with government entities to develop the technology with data privacy regulation in mind.