Data Privacy and the Metaverse

It seems that since Mark Zuckerberg announced the rebranding of the former Facebook to Meta, the world got in an urgent quest for understanding what metaverse truly means and how it is going to shape our future.


Metaverse at the forefront of the privacy debate?


No company will own or operate the metaverse alone. The company created by Mark Zuckerberg is only taking the lead into this new virtual reality world, which considering the company’s erratic relationship with data privacy in the past, has raised the concern of many.


To most people surprise, the social media giant has decided to establish the metaverse development in Europe, home of one of the world’s strictest data privacy regulations, the General Data Protection Regulation (GDPR), which points to a changing scenario and growing awareness by even the most controversial companies about the importance of being compliant even before a product launch (or, in this case, to a whole new reality).

Although Meta’s initial attitude is worthy of praise, many questions remain regarding the metaverse level of respect for privacy laws.


The Oculus Quest 2, recently bought by Facebook, imposes the need for a Facebook account, which has displeased German antitrust regulators, but also, raised concerns regarding the data collection of the user, people whom the user interacts with, and surroundings. All of which contradicts the current principles established by the GDPR.


Metaverse and its Data Protection Implications for Tech Companies


Also important to mention, Biometric Data is categorized as Personal Data because it constitutes information capable of identifying a natural person, and that means that all rights regarding the use of Personal Data are applicable:

  • The right to be informed;

  • The right of access;

  • The right to erasure,

  • The right to restrict processing;

  • The right to data portability;

  • The right to object;

  • The right to data rectification;

  • And rights concerning automated decision making and profiling.


In other words, companies relying on data must be transparent about how the data will be used and when it is being collected. Also, it is critical that both opt-out and erase options are freely available.


In a positive light, Meta recently dropped the use of facial recognition in its apps. So, when it comes to such innovative world-changing technology, if the recent years have taught us anything, it is that as exciting as fiction is, reality imposes respect for legal rules. Therefore tech companies must be prepared to deal with clients’ growing data protection concerns.


Book a free compliance consultation with Ascentrix Consulting today, and understand how to implement the data protection measures to safeguard your company and your client’s interests.