Skip to main content

METAVERSE AND PRIVACY: POTENTIAL IMPLICATIONS

g.d.p.r

 

Participation in the Metaverse will involve the collection of personal data never seen before. Today, smartphone apps and websites allow organisations to understand how people move around the Web or surf an app. Tomorrow, in the Metaverse, organisations will be able to collect information on individuals' physiological reactions and movements, thus measuring a much deeper understanding of their customers' thought processes and behaviour.
Users browsing the Metaverse will also be 'switched on' for long periods of time; this will mean that behaviour patterns will be continuously monitored, enabling the Metaverse and companies to better serve users in a targeted manner.

 

EUROPEAN REGULATIONS FIT FOR THE METAVERSE, PRESENT AND FUTURE

 

privacy

 

GDPR, DSA, DMA, AI 

The fact that Metaverses are rule-free is a false myth. They already have rules and conditions for life within them. 
Sandbox, initially, allowed positive approaches to other avatars but also allowed non-shareable access; whereas today,  there is a rule that does not allow you to exceed a certain limit to approach a person. 


Although these are simple technical rules, they affect the experience within the Metaverse.
There are not only rules dictated by the terms and conditions of service, but there are some that are directly discussed: the GDPR, the Digital Service Act, the Digital Market Act but also the Artificial Intelligence Act.

We are going to analyse them together.


IS THE GDPR SUITABLE TO REGULATE THE METAVERSE?

 

The European Data Protection Regulation (GDPR) will apply to the metaverse; it is a common law regulation that tells us which general principles offer very broad directives; through the principle of accountability, the person who creates the metaverse or the company that enters the metaverse, must decide how to achieve its result. He has to be accountable for his decisions; this involves a lot of discretion. And so we see that the GDPR is open to innovation and technology, and applicable in ever-changing contexts. 


The GDPR is already 4 years old; it can certainly be adapted to new technologies, but not to all of them. The Metaverse is a new technological paradigm, something that did not exist when the regulation was conceived. Unfortunately, today there are no other alternatives, since the legislator has not yet pronounced on ad hoc regulations. 


The application of this regulation to blockchain technology, for example, has been impossible, due to the inconsistency of the immutability of the blockchain itself with the principles of the GDPR, which say all personal data must sooner or later be deleted, or at least anonymised; the same panorama will happen with the Metaverse, and there will probably be some aspects that it will not be possible to conform to this regulation. 

 

Digital Markets Act

The Digital Markets Act (DMA), which entered into force on 1 November 2022, with the Digital Services Act (DSA), protects competition in the digital world within the EU.
With the DMA, the European Union claims there are 10,000 platforms in Europe, although in reality there are at most 10 that dominate the market very strongly. 
Amazon, in 2021, had a turnover of $469 Billion; Portugal's GDP in 2020 was $231 million. This makes us realise that Amazon is a dream that makes more money than a Nation!


This similarity between Big Tech and Nation is very important if we look at the Metaverse... these companies are no longer just companies


Facebook has all the cards on the table to become a State: it has citizens, it has laws, it has a judicial system, it has the GDP of a State and now it also has a territory (with the new move to Meta). 
Big Tech makes decisions that affect the course of history (e.g. the case of Trump being banned from Twitter). These actors that could potentially dominate the Metaverse, then, are not just more companies. 


These actors, having more data than the commercial operators using the platforms, are able to act by imposing their own conditions, like Amazon, which is under investigation for a supposed use of commercial users' data to compete with them. In simple terms, if I look for a red skirt online, the next time I enter Amazon, I will be offered its red skirts: thus, not only the damage, but also the joke for the operators.

 

d.m.a.

 

The EU has acted in advance and released the DMA whose discipline revolves around the so-called gatekeepers (BigTech, players with a significant impact on the internal market) allowing business users to operate in a fairer environment.
In the event of a violation of the DMA provisions, gatekeepers risk a penalty of up to 10% of their total annual worldwide turnover. In the event of a recidivism, the penalty can also be increased to up to 20% of the annual global turnover.


The aforementioned situation, linked to the Metaverse, will get worse, because these companies will no longer only have data relating to navigation, but will have data relating to the essence of a person, (the way they walk around within the Metaverse, the way they dress, or interact..) all aspects, for now, still out of GAFA's control.

 

FURTHER REGULATIONS

metaver.se experience


The European Commission has proposed a new piece of legislation, the Digital Services Act (DSA), which will come into force on 16 November 2022, and which is aimed at anyone offering digital services in the EU, going to protect consumption (even though it is not really a consumer directive, as the subject is not consumer rights, but the fundamental rights of users).
A new European regulation on AI, proposed by the EU on 21 April 2021, will be applied, if it is approved, to providers who market artificial intelligence systems, whether these providers are based in the EU or are located in a third country but the system is used in the EU.


Already from this draft, we can see the attention placed by the European legislator on the necessity of ensuring the correct balance between modern technology and data protection.
 

FPC