Privacy in the Metaverse: Who is Responsible?

Share This Post

What is the Metaverse?

Ever since the word “Metaverse” hit our vocabularies in 2021, there has been ample confusion with many publications trying their hands at making sense of what it means:

It may even be the case that any real “Metaverse” would be little more than some cool AR applications, VR games and digital avatars in Zoom calls, but mostly just something we still think of as the internet.”Wired

I believe the confusion stems from a few examples given of what the Metaverse could be (a place to hang out with friends, a place to do work, a place to experience things without physically being there…) but no actual analogy to help guide the concept.

Imagine having the Internet explained as a place where there’s electronic mail and “other things” or explained what art is by being shown a Van Gogh and the statue of David, or even what video games are by just being shown Doom and Pac Man then being told that anything in the same realm can count as fitting under these terms. It would be just as confusing. These are all concepts that we’ve learnt about over time and have developed our own perceptions of, often differing from those of others.

Perhaps, the Metaverse will blend into the term Internet and some of us will have a different understanding of what the Internet means, or maybe we’ll associate it mainly with extended reality (XR), but whatever we call it, it will be something that we each make our own. 

What the Metaverse Means to Me

I started out just as confused as the rest of the world. 

Whatever the Metaverse is, it’s not just virtual reality, or augmented reality, or the blockchain and NFTs, or virtual worlds and games.” – NYT

The Metaverse may not be VR on its own, but it does seem like the closest place to start. Having tried VR back in 2016, it was difficult to understand why now is the time to be driving excitement towards the concept of the Metaverse. Being lucky enough to be able to pick up a VR system myself this year, I was amazed by how far the technology has come in only 6 years.

My initial reaction to seeing that YouTube and Netflix were available in VR was to snicker: why would anyone want to watch Netflix on here? Curious, I booted it up and it felt just like standing in your own personal giant movie theater. Trying YouTube VR meant exploring Petra as if one were actually there. 

I loved it. I love it so much. The possibilities are so exciting. The educational possibilities, the ability to recreate scenarios that simulate emotional lived experiences, the experiences, even the ability to gamify fitness like never before, all of which can all lead to a healthier, more compassionate, and more educated world. 

I want this to work out from the very core of my being, but only without it leading to a dystopian future. For that, from the very beginning, VR has to be developed with privacy by design and deployed with a privacy-first ethos. Privacy will be more relevant and important than ever. 

Privacy and the Metaverse

The Wall Street Journal published  “Come the Metaverse, can Privacy Exist?” where David Uberti quotes Kavya Pearlman (founder of the XR Safety Initiative) as saying:

“At any given time, the way you move, the way your gait is, the way you’re gazing, your pupil dilation, is giving away information to developers. […] For instance, she said, an insurance company might obtain information that suggests a user has a health problem before the person noticed any physical changes or saw a doctor.”

The sort of things that can be determined on an individual-basis when using systems that collect massive amounts of personal, environmental, biological and contextual data, and more, are endless. These include:

  • Socioeconomic status
  • Cognitive and physical conditions
  • Effects of aging
  • People in your environment
  • Learning speed
  • Persistence
  • Teamwork
  • Ability to focus

Systems that will be used to access the Metaverse will have Operating Systems installed that define the initial boundaries around our personal data. We need to be able to trust these systems and we need to be able to trust that these systems will protect us from misuse, abuse and malicious actions. 

Privacy and the Different VR Devices: What Kind of Start Are We Off To?

Let’s take the top 4 VR devices of 2022:

Oculus Quest 2: We all know what sort of relationship Meta/Facebook has had with privacy over the past decade. Let’s pretend we believe that they will put privacy first when it comes to the data they collect, although their current privacy policy does not make me hopeful. With regards to the data third parties collect on their system, here’s what their privacy policy says:

Third-party content providers may also collect information from you directly through the experiences they provide. Please note that any information you share with these (or other) third parties will be subject to those third parties’ own privacy policies, not this one.”

This is simply not good enough! 

Sony PlayStation VR and Valve Index VR Kit: Both of these have privacy policies which are not specific to their VR systems. Privacy policies need to be updated to account for the new levels of types and sensitivities of the data that can be collected through VR systems as opposed to PC games and game consoles. 

HTC Vive Pro 2: This is the provider that comes the closest to truly highlighting a concern for user privacy, with a privacy policy that is clearer than many, but that still says:

We also cannot control and are not responsible for any Third-Party Sharing Services or their actions, including the data that these Third-Party Sharing Services collect from you and your device, or how they use such data. Please review the privacy policies of all Third-Party Sharing Services to understand their privacy practices. “

What Else Could These Providers be Doing?

While it is understandable that providers do not want to take on the responsibility or liability of what a third party does with their users’ data, imagine the sort of controls these companies have the power to implement – and the fundamental ethical obligation to enforce – in order to limit the harm from the applications they allow onto their platforms. Imagine how seriously companies would take the right to privacy if an entire revenue stream could disappear were they non-compliant with the privacy requirements of the platform.

There are limitless ways in which self-expression, knowledge, empathy, and otherwise inaccessible experiences can be created and enhanced through the Metaverse. Let’s work together to ensure that users’ personal information and privacy rights are regulated and protected in order to drive the growth of this amazing new technology without enabling a dystopian world.

Are you building products for the Metaverse and concerned about privacy? Private AI can identify the personal information within your systems and help you manage, protect and use it in a safe and effective way. Let’s collaborate!

Subscribe To Our Newsletter

Sign up for Private AI’s mailing list to stay up to date with more fresh content, upcoming events, company news, and more! 

More To Explore


Testé sur un ensemble de données composé de données conversationnelles désordonnées contenant des informations de santé sensibles. Téléchargez notre livre blanc pour plus de détails, ainsi que nos performances en termes d’exactitude et de score F1, ou contactez-nous pour obtenir une copie du code d’évaluation.

99.5%+ Accuracy

Number quoted is the number of PII words missed as a fraction of total number of words. Computed on a 268 thousand word internal test dataset, comprising data from over 50 different sources, including web scrapes, emails and ASR transcripts.

Please contact us for a copy of the code used to compute these metrics, try it yourself here, or download our whitepaper.