Photo by stephan sorkin on Unsplash
Any discussion involving the metaverse starts with a touch of sci-fi, futurism, and multiverse theory, as it seems that we still do not have a uniform definition of what exactly we are talking about. This J.P. Morgan report has defined the metaverse as:
a seamless convergence of our physical and digital lives, creating a unified, virtual community where we can work, play, relax, transact and socialize
It looks like augmented, virtual, and mixed reality technologies (AR / VR / MR), artificial intelligence (AI), video games, avatars, non-fungible tokens (NFTs), and blockchain will be part of it. Some have summarized it as a 3D version of the internet; others, that it is the natural evolutionary next step for the digital economy. Some say that it is not possible to define it clearly yet, because it is being built, so in the same way nobody could describe today’s internet in the 70s or 80s, nobody can — yet — describe accurately what the metaverse is. Others are less impressed with the hype and say that the opportunity is already here, and it is called video games.
[ 💡Would you like to receive daily privacy and data protection insights? Follow me on Twitter and on LinkedIn.]
What is clear is that there is a lot of money being invested in the metaverse. And as I said a few times in this newsletter, to understand personal data exploitation, just follow the money. The global metaverse market is estimated to reach over $1.6 trillion by 2030, showing a compound annual growth rate of 43.3% from 2019 to 2030.
Tech giants are trying to get their share of the metaverse — whatever it means — early on: Meta (Facebook) is expecting to “make money from a creator economy, as people build businesses selling virtual goods and services.” Google is investing in a private fund for its metaverse projects (although the disclosed sum looks too low). For Apple, the Metaverse is linked to hardware and software in the AR/VR space, and according to Tim Cook, they are “investing accordingly.” Amazon is already investing in bringing the metaverse to the e-commerce arena through, e.g., View and Showroom. Lastly, Microsoft has made no secret that its $70 billion acquisition of Activision Blizzard is part of its bet on the metaverse. Emerging startups and venture capitalists are also tunned, creating new products and heavily investing in metaverse real estate. And I could go on and on — it seems that nobody wants to be left out. This article on Nasdaq’s website clearly shows that FOMO and YOLO with metaverse investment are real.
The metaverse is a megatrend — and Mark Zuckerberg is establishing himself as a genius marketer for rebranding Facebook as Meta and pushing the whole frenzy around the metaverse. A great choice to make everyone leave aside his numerous privacy slips and consumer trust scandals from the last years.
The same investors and shareholders fueling this megatrend are also looking for their mega profits. Personal data is constantly seen as a free or cheap digital asset that can be easily milked to the millions. So let us take a look at the privacy risks in the context of the metaverse.
The first privacy challenge is the amount of sensitive data that will be more freely available. With AR/VR devices and multiple sensors, a person’s movements, facial expressions, emotions, thoughts, personality, and any sensitive information related to their identity will be much more exposed. How will we protect this sensitive data in the context of complete immersion? Will there be specific rules to protect users’ rights in the metaverse? What if an avatar “leaks” sensitive data that the person did not intend to disclose beforehand? The answers to these topics are still unclear, and privacy advocates must be aware.
Transparency should be a growing requirement for companies to operate in the metaverse. Users must know what data is being collected, why, and when. It should be easy to access collected data, rectify, and delete it. There should be no black boxes about what happens with our personal data after a metaverse provider collects it. It should be easy to know when data is collected and processed and how it will affect our identity and dignity online and offline.
In connection with the challenge above comes the advertising issue: how will we regulate personalized advertising? Companies will have broader access to highly sensitive information about individuals, including biometric markers. What will be ethical in terms of targeted ads? Is it fair to allow ads when you can know the number of heartbeats per minute, pupil dilation, sweat levels, and all markers that denote vulnerability and susceptibility to exploitation? Should we review the model “free with ads” and possibly ban it in the metaverse?
A third challenge is privacy manipulation through design. This is one of my favorite topics, and I wrote multiple articles about it in this newsletter. Consent will remain important, but how much can you rely on it to collect data in an environment of total immersion and exposure? How can you establish guidelines to ensure that the metaverse will be accessible, fair, transparent, and respectful so that individuals can exercise their autonomy freely and in an informed way? Privacy-enhancing design will be more important than ever.
A fourth challenge, which is connected with security concerns, involves impersonation and phishing-style attacks. A convincing avatar imitating your favorite character is much more difficult to resist than a creepy email asking you to send money abroad. How will regulation tackle malicious third parties trying to obtain data and money? What extra security and privacy layers will be implemented to protect users?
There are also multiple practical challenges, such as the applicable privacy or data protection law, rules for transferring data from one country to another, data storage, data portability, and enforcement. An army of privacy regulators and policymakers will have to sort these issues out.
Do I think that privacy is impossible to achieve in the metaverse? Of course not. And there are two main reasons why.
The first one is that consumers value privacy and trust. Privacy and data protection are becoming more prominent every day, and consumers want to buy products and services from companies that preserve their privacy and respect their dignity.
The second one — a consequence of the first — is that we are hopefully transitioning to an economy where privacy is a mandatory feature of products and services. Laws, markets, social norms, and individuals are pushing toward a reality with more privacy embedded in products and services, and there is no way back.
In my view, our current phase — the beginning of the metaverse — is the one with the highest privacy risk. This is a period of adaptation, people are discovering the metaverse, and legislation is absent. It is similar to what happened in 2005–2018 concerning social networks. There were numerous privacy scandals, and people were adapting their privacy expectations to the new activities they were performing online.
I see the same happening with the metaverse in these next few years. Companies will take advantage of people’s lack of familiarity with the metaverse as an “identity space.” I can see negligence and abuse from companies wanting to profit from personal data at any cost. But after this initial adaptation period, I can see people, markets, and regulators demanding more privacy — real privacy — and the protection of our dignity also in the metaverse.
In this transition to the metaverse, we must remember that our identity, values, personality, intimacy, thoughts, feelings — and everything that makes us human — will be digitalized and transported to the metaverse. Protecting privacy is protecting our humanity in whatever medium it is being experienced.
What are your thoughts on that? What are additional privacy challenges in the metaverse that I did not mention? I would love to read your opinion in the comments below.
Privacy needs critical thinkers like you. Consider taking 2 minutes of your time to start a conversation about the topic.
See you next week.
All the best, Luiza Jarovsky
What if the Metaverse exposes your most intimate thoughts? was originally published in UX Collective on Medium, where people are continuing the conversation by highlighting and responding to this story.