Conventional data protection approaches, which focus on enterprise data centers, will not be sufficient to ensure data privacy in the metaverse.
The metaverse has barely taken root, but it is already predicted to create an astounding valuation of US$ 5 trillion by 2030 and to multiply data usage by 20 times by 2032.
The metaverse creates new levels of virtual reality (VR), augmented reality (AR), and mixed reality (MR) in ways that allow us to create wholly separate—or aligned—virtual lives. Intricate personal details will be read by devices to create the most accurate digital representation of individuals in the metaverse to prevent people from pretending that they are someone else.
The metaverse’s functionality will depend on its ability to process information quickly, which will be facilitated by AI and edge processing. However, there is a need to build these experiences on the core foundation of trust, ethics, data privacy, and governance.
See also: Here Comes the ‘Industrial Metaverse’
Key stakeholders in the metaverse will be individuals, platform/service providers, governments, and regulatory bodies. For each stakeholder, the metaverse will provide different experiences and opportunities.
- Individual Users – As the metaverse develops, people will be able to do everything in it, including shopping, traveling, learning, making personal interactions, etc. Data collection will be more sensitive and personal than it is now, as the metaverse will gather additional data such as facial expressions and biometrics. Below are examples where the metaverse will bring change in an individual’s life:
Instead of meeting over a platform by audio or video, metaverse meetings can be conducted in a virtual meeting room, which will resemble a physical meeting more closely.
Currently, the only way to truly experience a place is to visit it physically. However, with the metaverse, it will be possible to virtually visit a variety of places, wander around city streets and spend time in a five-star hotel without having to travel there or spend a lot of money. Imagine visiting the world’s treasures without having to pay for a trip, a hotel, or meals.
- Platform/Goods and Service Providers – As people share more data, the metaverse will enable businesses to communicate more personally with organizations. This will enable organizations to effectively target consumers, assess and forecast market demands, develop value propositions, and improve the entire customer journey.
For example, retailers will be able to convert their physical stores into virtual counterparts, allowing customers to have a realistic shopping experience from entering a store, being greeted by virtual employees, browsing clothes, and adding them to virtual shopping bags and waiting in line to purchase.
The metaverse will enable businesses to conduct hyper-personalized marketing and advertising campaigns because it will gather client footprints with their permission. For instance, currently, if a company needs to conduct targeted advertising, it will base it on profiling which uses data shared by customers and captured by companies through various sites. However, with the metaverse, it will be possible for companies to capture how a customer responds to a specific product billboard or advertisement in the metaverse world, which will help the organization in minimizing and targeting the right audience for its product.
- Government and Regulatory Authorities – The metaverse will enable governments to offer services and applications to citizens in a seamless manner. For instance, the government would be able to establish better communication with citizens with a digital avatar presence available 24/7. It will help them speed-up trade and commerce, which now might be affected due to geographic and economic barriers.
Governments will have the opportunity, through new models, to come together to establish authorities that will define frameworks, regulations, and mechanisms for the unique identification of avatars, and trade activities to monitor and minimize illegitimate activities.
With the positive changes that the metaverse will bring into the world, it will have its own challenges and barriers for the user community, such as affordability of hardware, addiction and effects on mental health, and protecting user privacy.
The metaverse’s personal data privacy conundrum
The metaverse will create a trove of personal data and, in turn, use it to curate personalized products and services based on consent, which is critical to participate in the data economy. Data privacy is a big concern when it comes to sensitive data of consumers, such as identity, behavioral patterns, buying preferences, health information, biometric details, and geographic details.
There will be critical issues in the management of personal data that must be addressed, which include selling data to third parties, maintaining data autonomy, protection of personal data, and redressal systems.
The way forward
Conventional data protection approaches, which focus on enterprise data centers, will not be sufficient. Privacy must be ensured by leveraging the power of technology while securing it through a strong regulatory framework incorporating best practices around privacy by design, architectural security, data subject consent, and data subject rights.
Privacy concerns will require to be addressed by each stakeholder type:
- Individual Users – As customers seek an immersive experience on the metaverse, a large variety of personal data in high volumes will be generated, and it is important for data subjects to have a sound awareness of why and for what purpose they are sharing the consent. A high-level understanding of data privacy policies, the rights of data subjects, and the redressal procedures that are available for them as per relevant laws. A data subject must be aware of the accuracy of the digital avatar that exists on the metaverse and the identifiers that these avatars generate.
- Platform/Goods and Service Providers – Organizations must maintain a record of all data processing activities in the metaverse to help establish processing legitimacy. Organizations must empower the user to provide free consent (perpetual consent should not be assumed) and to not allow any unauthorized access to their data in the metaverse by implementing privacy through a design approach.
Privacy-enhancing technologies (PETs) that combine encryption and statistical methods should also be used to limit the use of personal data collected in the metaverse for generating insights. Prudence must be taken at the organizational level while performing cross-border transfers, complying with regulations in the metaverse, and processing of data along the entire processor chain.
Safeguards against malware, virtual identity management, accountability to secure data, awareness about metaverse risks and appropriate behaviors, rights, and responsibilities, and a proactive approach to security using AI tools to monitor suspicious behavioral patterns must be implemented.
- Government and Regulatory authorities – Just like the physical world, data processing in the metaverse must have legal backing, and communities should be set up to provide redressal procedures for data subjects in case of privacy violations. Today, there are many countries that have implemented their own data privacy and protection legislation, such as – GDPR, CPRA, PIPEDA, etc. Laws will need to be modified as the metaverse becomes a part of daily life because the data gathered will be very sensitive and personal in nature. User privacy, including location privacy, habit privacy, living styles, and so on, shall be protected to ensure a safe and trusted environment.
The world has come a long way since the metaverse was first described in the 1992 novel “Snow Crash.” The future of the metaverse depends on our ability to make it ethical, safe, and inclusive. This means creating policies and guidelines around issues like data privacy, security, physical safety, sustainability, equity, and ethics.
About Sunil Senan
Sunil Senan is SVP and Business Head of Data & Analytics at Infosys. In this role, he is responsible for the growth of the Data & Analytics service line for Infosys. He works closely with several of Infosys's strategic clients on their data & analytics initiatives. In his 20+ years of professional experience, he has worked with many Fortune 500 clients in their Enterprise Solutions and Digital transformation journeys.