• 1401 K St. NW, Suite 501 Washington, DC 20005
  • 1401 K St. NW, Suite 501 Washington, DC 20005

Business at OECD and USCIB-Foundation Release New Report: “Privacy, Immersive Technologies and the Metaverse”

On July 18, Business at OECD (BIAC), https://www.businessatoecd.org/, the officially recognized institutional business stakeholder at the OECD that represents over 10 million companies of all sizes and across sectors, and the US Council for International Business Foundation (USCIB Foundation) https://uscib.org, released Privacy, Immersive Technologies and the Metaverse. The document explores the promise of the metaverse and immersive technologies, and the privacy issues they raise. The new report is intended to provide policymakers with a business-oriented perspective about the need for data governance that both protects consumer privacy and encourages innovation in the emerging immersive environment. The BIAC- USCIB Foundation report emphasizes the role of the OECD Privacy Guidelines as a recognized, longstanding foundation for responsible data governance and how they may serve the metaverse and relevant immersive technologies.  Paula Bruening, a privacy fellow at the Innovator’s Network Foundation, served as consultant to the project, and in collaboration with BIAC’s Digital Policy Committee led the drafting of the report.

The Metaverse and Immersive Technologies

The metaverse can be thought of as the next iteration in the evolution of the Internet. While the origins of the metaverse and immersive technologies are found in gaming, today these digital experiences are being built from the ground up by companies of all sizes, individual innovators, and governments. The vision of the metaverse is that of an immersive, three-dimensional space that operates on multiple platforms and relies on shared data and technologies. In that space people will work, play, connect, and collaborate. They will interact with each other, with virtual objects, and with digitally rendered buildings, facilities, and landscapes. This emerging digital environment promises business opportunities across every industry sector and benefits across all aspects of society. The BIAC-USCIB Foundation report highlights the transformative nature of these new applications through practical examples that span health care to education, manufacturing to disaster response, children’s play to employee training.

Organizations from across a wide range of industry sectors are investing in efforts toward metaverse implementation, understanding the privacy risks it may raise, and identifying how those risks might be addressed. The quantity of data the metaverse and immersive technologies require will be vast, and that data collection and protection of that data will be central to their implementation. While much of the data will not be personal and will raise no privacy issues, creation of user avatars, for example, which will populate the metaverse, may require the collection of often sensitive personal data.

The report explained that while some privacy issues raised in the metaverse are new, many of the privacy challenges that arise exist in other spheres. The report noted the following:

  • The volume and sensitivity of the data collected in the metaverse and immersive technologies may be unprecedented.
  • The processing of data in the metaverse could yield new, highly sensitive insights about individuals.
  • New, powerful insights and profiles generated by processing of sensitive data collected in the metaverse will reinforce questions about in what circumstances its secondary use is appropriate.
  • As it evolves, the metaverse will require significant data sharing to facilitate interoperability.
  • The metaverse may introduce practical challenges to compliance with existing data protection law.
  • The metaverse may strain the ability to practically implement the Guidelines’ principles according to current norms of interpretation.
  • The global nature of the metaverse will reinforce existing challenges for compliance with children’s privacy law.
  • Because the creation and function of the metaverse will rely extensively on AI, it will mirror – and possibly intensify – the concerns AI raises, particularly with respect to fairness, bias and discrimination.
  • The metaverse may present risks to privacy and resulting harms that cannot currently be foreseen.

Realizing the promise of the metaverse will depend on fostering users’ trust that their data will be collected and processed in a protected, privacy-respectful way. Implementation and adherence to workable, broadly accepted privacy governance guidance will be needed to foster that trust. In this context, the report discusses the relevance of the OECD guidelines to metaverse governance, citing their adaptability, broad acceptance, applicability in complex environments, and ability to support multistakeholder solutions in environments that, like the metaverse, involve a range of actors.

The report also identifies tools and approaches that may offer privacy solutions.

  • Privacy by design and privacy enhancing technologies (PETs). Because the implementation of the metaverse and immersive technologies is in its early stages, application of privacy by design can facilitate companies’ efforts to make responsible business decisions about data collection and to build in privacy solutions at the outset. PETs can serve as important tools to enable developers to practically incorporate privacy solutions and demonstrate their commitment to protecting users’ data.
  • The privacy principle of accountability. The OECD principle of Accountability may offer an approach to considering privacy and data governance in the metaverse. Because it facilitates adherence to all of the OECD principles, particularly in complex technology and data environments, the accountability principle may also support the effective application of privacy by design and implementation of PETs.
  • Existing guidance related to AI, data sharing, children’s privacy and international data transfers. Many of the privacy concerns raised in the metaverse are those companies confront in other digital environments and technology applications. The evolving nature of the metaverse and its potential for growth from discrete, independent experiences toward more global ones may amplify these concerns. However, existing guidance and ongoing work on these issues can contribute to efforts to understand and address issues of privacy in the metaverse.

The BIAC-USCIB Foundation report closes with a series of recommendations for policymakers, including:

  1. Enhance the evidence base for the relevance and applicability of the OECD Guidelines in the metaverse with particular focus on practical case studies and multi-stakeholder led research.
  2. Map existing OECD instruments, reports, and ongoing work relevant to privacy in the metaverse, including initiatives related to AI, international data transfers, children, data sharing and data portability. 
  3. Explore how regulatory sandboxes may help innovators and regulators understand the strengths and limitations of the Guidelines as the basis for privacy governance in the metaverse and immersive technologies. 
  4. Consider whether workable, effective deployment of the governance principle of Accountability in the metaverse and immersive technologies could benefit from additional recommendations to complement existing guidance.

 

Sitemap  |  Privacy Policy

Website design and development by Ironistic