DigitalFeaturedInsightsOpinionPartner content

Helping consumers understand privacy in the metaverse – by Heriot-Watt University’s Ullas Rao

Heriot-Watt University’s Ullas Rao outlines steps companies can take to assuage consumers’ fears

By Dr. Ullas Rao, assistant professor of finance and programme director for finance (undergraduate portfolio) at EBS Dubai, Heriot-Watt University

With the rapid evolution of the metaverse, data privacy in this unchartered territory is raising concerns from consumers. As technology becomes more immersive to emulate 3D presence, private information about the users and their activities will be collected to a greater extent than on social media. 

For a metaverse to operate, tech companies might require the biometric information and location of users to track their interaction in the metaverse. All the data collection and sharing is creating legitimate unease among users. Currently, there are no regulations or governing bodies tackling the privacy concerns that go along with new technology. This includes the metaverse’s two core technologies – virtual reality (VR) and augmented reality (AR) – that use potentially intrusive sensors and data collection. 

Businesses that are jumping into the metaverse world as property owners or even renters should be aware of the main dimensions of privacy. These include the privacy practices of the platform owners and their own privacy policies. Combining both in a privacy framework that customers can understand is essential to the adoption of the metaverse in the future. 

The lack of a regulatory framework is further complicating this for consumers. Therefore, businesses need to pay attention to their privacy policies to avoid risking privacy and potentially compromising their reputation. 

The metaverse is relatively new and unfamiliar, and consumers’ privacy concerns are valid. If businesses take a leadership role in explaining this concept in a simple manner, they can build a robust and loyal customer base, and therefore get ahead of others.

Potential security dangers

To minimise the dangers of potential privacy breaches, businesses should be aware of what could go wrong. For example, there has been a rise in phishing attacks after the emergence of phishing-as-a-service (PaaS). These could be in the form of malicious contracts designed to steal user information. In addition, vulnerable AR or VR devices can be a fertile ground for data breaches. Additionally, an issue that could compromise consumers’ privacy is advertisers collecting user information through avatars that collect personal data. Finally, personal information like biometric data, health information and preferences can pose real dangers to consumer privacy should it get into the wrong hands. 

Counteracting privacy issues

Some immersive technology platforms are being more transparent about how they collect and distribute data and allow users to control what they share and how they share. One of the ways this can be done is by providing stronger access control, such as combining a fingerprint with login and two-factor authentication. 

Currently, research is being conducted into video sanitisation by removing people from video feeds and replacing them with avatars, to protect the privacy of bystanders. In addition, using encryption-based techniques and multi-party computation can allow computation of data from two or more users without everybody being aware of each user’s data. This will enable the protection of user interactions, including collaborations and private and public interactions. 

In addition, businesses should dedicate more attention to blocking third parties from stealing information, to enhance user safety. Finally, the collection of biometric information is one of the top privacy concerns among consumers. Recent research from Duke University describes a system called EyeSyn that makes analysing a person’s eye movements easier than ever before. Instead of collecting huge amounts of data directly from human eyes, the researchers trained a set of ‘virtual eyes’ that mimic real eye movements. This could potentially reduce the need for the collection of detailed biometric data. 

Role of individuals

Similarly, individual users becoming a part of the metaverse should remain vigilant of the amount and type of information they share. The good news is a recent study by Wunderman Thompson Intelligence shows that metaverse awareness reached 74 per cent in March, with a majority of participants agreeing that the metaverse is ‘the future’.

The trouble with privacy policies is that innovation happens much faster than policy making. Therefore, there is always a conflict between mitigating privacy concerns and risking overregulation and hindering innovation. However, privacy concerns are hardly a new development. Aside from the steps that businesses should take to enhance consumer privacy, it’s important that consumers are also aware of the data they should share. 

Since the metaverse is a new development, it’s likely that companies may still be vulnerable to security attacks no matter how careful they are. Individuals and companies should work together to enhance their privacy and ease their concerns. Global legislation governing the use of metaverse technology is still in the making and will take effect eventually. Meanwhile, as the use of the metaverse becomes more prevalent, raising awareness about privacy and taking steps towards it should be the top priority.