{"id":1383,"date":"2022-07-28T11:30:33","date_gmt":"2022-07-28T09:30:33","guid":{"rendered":"https:\/\/blog.eprivacy.eu\/?p=1383"},"modified":"2022-07-28T11:58:03","modified_gmt":"2022-07-28T09:58:03","slug":"outlook-the-metaverse-and-data-protection-compliance","status":"publish","type":"post","link":"https:\/\/blog.eprivacy.eu\/?p=1383","title":{"rendered":"Outlook: The Metaverse and Data Protection Compliance"},"content":{"rendered":"\n

One of the most discussed and controversial modern technology is the metaverse. Many big tech companies describe the metaverse as the next era of the mobile internet which is fully\u00a0immersive<\/strong>\u00a0and a constant\u00a03D world<\/strong>. However, there is no agreed definition of the term metaverse.

During the last months, the metaverse has gone mainstream and major tech companies have strongly invested in this technology: Meta, Microsoft, NVIDA, Alibaba, ByteDance, The Sandbox Games and many more. Only to name a few. Recent research from Grant View predicts the metaverse market size to attain more than 678 billion USD in 2030.

The most common feature will be likely a digital identity also known as an avatar.\u00a0Matthew Ball<\/a>, venture capitalists and metaverse expert, describes the metaverse as an \u201c\u2026persistent and\u00a0interconnected network of 3D virtual worlds<\/strong>\u00a0that will eventually serve as the gateway to most online experiences, and also\u00a0underpin<\/strong>much of the\u00a0physical world<\/strong>.<\/em>\u201d

Meta recently showed a futuristic looking headset for medical students practicing surgery using an input device on each fingerprint. These haptic gloves create a feeling of really holding an object – according to this\u00a0video<\/a>. This is just one example of many use cases within the metaverse. All of this leads to\u00a0a massive amount of data collection<\/strong>\u00a0and raises several\u00a0data protection<\/strong>\u00a0related questions and\u00a0concerns<\/strong>.

The use of\u00a0AR or VR glasses<\/strong>\u00a0– which creates an immersive experience – means collecting new kinds of data such as\u00a0biometrical<\/strong>, psychological & emotional response and\u00a0eye-tracking data\u00a0<\/strong>from users. According to the\u00a0GDPR<\/strong>\u00a0this means collecting and processing highly\u00a0sensitive data<\/strong>. Additional measures need to be in place and\u00a0explicit consent<\/strong>\u00a0from users is needed when processing sensitive data.

Furthermore, it will be difficult to\u00a0define data controller, data processor<\/strong>\u00a0or joint controller roles. It is a major challenge to explain and\u00a0define who does what on behalf of whom<\/strong>\u00a0as the metaverse is highly interoperable and intermingle. It is not easy to collect consent from users for each metaverse application while not interrupting the experience.

The Metaverse experience will likely be a \u201cno boarder<\/strong>\u201d experience which means\u00a0third party data transfer<\/strong>\u00a0is something to look at. Currently, the privacy shield between EU and US is invalid and there is an agreement in principle about new transfer mechanisms to create a \u201cPrivacy Shield 2.0\u201d. How exactly the new transatlantic data framework will look like remains unclear. This could be another legal implication for the metaverse.

One\u00a0possible solution<\/strong>\u00a0to address some of the data protection issues (like user consent) is developing\u00a0data intermediaries<\/strong>\u00a0acting on behalf of the user and serving as a trusted and neutral link between people and organizations. The EU has recently developed a framework for data sharing and consent management for people via data intermediaries in their\u00a0Data Governance Act.<\/a>\u00a0ePrivacy is also working on research about data intermediaries for medical data (TreuMed<\/a>).<\/p>\n\n\n\n


There are many opportunities for the metaverse to have a positive impact on education and even on healthcare. The risks such as data protection and cybersecurity remain. Many risks have been identified but are not clear to their full extent yet and more research and testing are necessary.<\/p>\n","protected":false},"excerpt":{"rendered":"

One of the most discussed and controversial modern technology is the metaverse. Many big tech companies describe the metaverse as the next<\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=\/wp\/v2\/posts\/1383"}],"collection":[{"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1383"}],"version-history":[{"count":1,"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=\/wp\/v2\/posts\/1383\/revisions"}],"predecessor-version":[{"id":1384,"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=\/wp\/v2\/posts\/1383\/revisions\/1384"}],"wp:attachment":[{"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1383"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1383"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.eprivacy.eu\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}