Heavy Meta: Privacy And Cybersecurity In The Metaverse
To print this article, all you need is to be registered or login on Mondaq.com.
The metaverse is poised to become the biggest technological
revolution of the 21st century. It is likely to change the way
humans engage with each other, revolutionizing social interaction,
building whole new economies, and ushering in a host of privacy and
cybersecurity issues. Emerging technologies companies should be
aware of these issues and take the necessary steps to mitigate risk
as these markets enter gray or wholly unexplored legal territories.
In this article, we examine some of the issues related to the areas
of privacy and cybersecurity in the metaverse.
The interconnected universe can be expected to collect, store,
and rely on more personal data than ever before by unifying
currently disparate personalized digital experiences that range
from shopping to virtual travel, to entertainment, and information
gathering. Metaverse providers will have access to even more
personal data, including biometric responses, physical location,
financial records, and even the appearance of users’ homes.
FurtherMetaverse companies such as Mark Zuckerberg’s Meta are likely to
collect personal information for individual
identification, advertisement targeting, tracking through multiple
channels, health monitoring (such as heart and respiratory rates),
and others to optimize the virtual experience. Metaverse companies
will combine and aggregate vast quantities of data that influence
every aspect of our lives.
Protecting user privacy presents a serious hurdle for metaverse,
XR, and video gaming platforms, both from a practical and a legal
standpoint. And the meta environment magnifies the cost of getting
- Device and Headset Proliferation –
According to Facebook whistleblower Frances Haugen, the
metaverse will require people to put “many, many more sensors
in our homes and our workplaces in addition to those attached to
our bodies to generate fully interactive virtual reality
experiences. A metaverse setup is likely to include added gear such
as headsets and AR glasses which could present major privacy
threats by bringing live cameras and microphones inside homes and
offices. This poses challenges from a privacy point of view as it
would give these sensors unprecedented real-time insight into the
everyday lives of individuals. International Data Corp reports that shipments of AR and VR
headsets more than doubled in the second quarter of 2021 to 2.2
million compared with the same period last year. The consultancy
expects total headset sales to reach 9.7 million in 2021 and nearly
triple again by 2025. Much of the growth is driven both by more
sophisticated gaming systems and the use of VR in events,
conferences, education, fitness, and the metaverse.
- Collaboration and
Interoperability – The primary purpose of the
metaverse is to allow people to interact in a digital world, which
means that each metaverse should be accessible from all devices and
headsets. This has ramifications from a privacy standpoint since
user data will be accessible across devices and platforms. To
mitigate the privacy challenges arising as a result of universal
interoperability, experts have proposed that technology companies
agree to certain standards for a connected metaverse that can
integrate among different creators. In the absence of such
standards, technology companies will have to license the rights to
use another company’s underlying technology to build its own
The metaverse poses significant privacy-related challenges. In
the absence of specific laws to protect data privacy over the
metaverse, emerging technologies companies should undertake
specific legal measures to minimize the risk of privacy-related
issues in the metaverse.
The metaverse’s cybersecurity legal challenges are similar
to those posed by the internet which, in turn, reflect those of
society in general. According to experts, the metaverse is likely
to give rise to entirely new cybercrimes due to its unique
infrastructure. For example, a metaverse, which is heavily centered
on the use of cryptocurrencies and non-fungible tokens (NFTs) can
be a hotbed for financial cybercrimes such as fraud, theft, and
money laundering, as well as “old-school” digital
malfeasance such as phishing, ransomware, and hacking.
- Cheating and duping – There
is a high likelihood of cheating and duping on the metaverse
primarily due to the ease by which attackers can conceal their true
identities behind multiple layers, screens, and avatars. Famous art
dealer Sotheby’s has recently introduced Sotheby’s Metaverse which is aimed at
digital art collectors. It offers a curated selection of NFTs
chosen by the auction house’s specialists. The NFTs available
on Sotheby’s Metaverse are verified and digitally tracked
through a public ledger of the blockchain via Ethereum. However,
just like in the real art world, collectors can easily be fooled by
counterfeits, replicas, and prints that are minted by
cybercriminals poised as legitimate authenticators.
- Cybersquatting – The ease of
obscuring one’s identity also enables would-be cybersquatters.
Fraudsters can take advantage of squatting on .eth websites that
use a legitimate company’s name. In this case, the
cybercriminals leverage the goodwill or reputation of established
businesses by creating Ethereum domain names and smart contracts
that ostensibly belong to the victim organizations. Hence,
transactions on the metaverse may not be safe as it is difficult to
ascertain a user’s identity.
In addition to the above, other questions must be answered
before users can truly feel comfortable spending time in the
metaverse and platform holders feel reassured that they will not be
held liable for enabling security breaches or harboring
- How will metaverse cybersecurity be managed?
- What requirements will apply with respect to keeping data
- How will regulation or site policies evolve to address deep
fakes, avatar impersonation, trolling, and other cyber
- What laws will apply and how will the various players
collaborate in addressing this issue?
The metaverse poses complex questions that most likely require
the amending of existing laws and regulations. Until then, having
appropriate legal and technological measures in place can help
mitigate risk and provide some degree of protection for metaverse
Recently, Facebook’s metaverse has come under scrutiny for
potentially violating users’ privacy. Haugen has argued that Facebook’s
metaverse (and the virtual reality world in general) could be
addictive and lead to the stealing of personal information. To
prevent similar allegations, Emerging technologies companies
working in the metaverse space should be fully aware of the privacy
law-related implications of the metaverse. These companies should
consider developing their own metaverse (or virtual platform)
privacy policies, personal data protection policy, data retention
policy, data subject consent form, licensing agreements, and other
legal documents in place. A law firm specializing in emerging
technologies can help you in drafting these legal documents and
provide you with guidance on the privacy and cybersecurity-related
regulatory challenges posed by the metaverse.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Privacy from United States