top of page

The Dangers of the Metaverse for Data Privacy

As we move towards Web 3.0, a new level of Internet immersion, commonly called the Metaverse, is beginning to take shape. The effects of such high levels of augmented and virtual reality are yet to be determined. One matter in particular, that of data privacy, which has created significant controversy in the current generation of the Internet, can only be expected to compound as technologies advance. Many are questioning how such an interactive environment, likely integrating advertisement even further into our Internet experience than at present, will impact data privacy and security. As personal information such as biometric data (facial and bodily features, fingerprinting and beyond) becomes more ingrained for technology such as avatars, and the real world further blends with the virtual, companies will need to take significant precautions to uphold the trust of their users.

Skeptics of the Metaverse are fearing unparalleled levels of user surveillance once new technology is implemented. In 2021, Facebook whistleblower Frances Haugen told the Associated Press that the Metaverse will require “many, many more sensors in our homes and our workplaces.” Though the company pushing the Metaverse the hardest, Facebook, recently rebranded as Meta, has claimed that it will look into how it can minimize the amount of data collected, this is difficult to imagine in practice. Just 20 minutes of VR usage can generate over two million data points, including breathing patterns, walking patterns, thought, physical movement, and eye movement. Data collection without the Metaverse has already been lauded as rampant and exploitative for years – think back to the 2018 Facebook and Cambridge Analytica election scandal, the following Mark Zuckerberg Congress hearing, the testimonies of multiple whistleblowers, and beyond – and yet despite significant privacy concerns among the general public, federal regulation has lagged, with no legislation protecting consumers from current practices. Not to mention, though Meta has stated it will be investing billions into the Metaverse, in comparison, it has only allocated $50 million to metaverse privacy research. And there may be no escape: for example, Meta has introduced a virtual meeting software called Horizon Workrooms, and Haugen warns that forced participation, if people happen to disagree with such practices, places them at risk of losing their jobs. 

Though most people are not yet familiar with the concept of the Metaverse, those that are seem to be concerned. A recent survey showed that 50% of people are worried about identity issues, 47% are concerned about forced surveillance, and 45% are worried about abuse of personal data. These concerns are not unfounded – biometric data breaches, phishing attacks, and endless tracking are already netizen vulnerabilities, and will become even more so as Metaverse technology grows. 

Now more than ever, people are feeling commodified. Many are hesitant to join the Metaverse, despite the fact that it is a growing industry, with companies like Disney, Microsoft, and Epic Games announcing Metaverse plans, and even governments such as South Korea dedicating funds towards Metaverse development. Citi Global Insights states that by 2030, the Metaverse will be a $13 trillion global industry. And of course, this is all due to the value of personal data. 

If the Metaverse is not built with privacy and data security at the heart of new product architecture, disaster is sure to ensue. Furthermore, developers need to be transparent with users and potential users about their practices, while also giving people actual choices about how their data is used rather than, as we have experienced in Web 1.0 and 2.0, forcing someone to click “I agree” to pages upon pages of opaque legal jargon. Data should be encrypted and fully anonymized, with users’ rights as a priority, even over profit – something Meta reportedly does not do

User trust has been eroded by scandal after scandal, but not only so. Users have long been reduced to their data by companies, thus leaving them powerless and dehumanized. Implementing significant protections to and control over Metaverse data is likely to provide comfort and begin restoring the user-brand relationship. Yet, still, the profit of a soon-to-be multi-trillion dollar industry will be kept in the hands of companies. Web 3.0 does not and should not consist of only the Metaverse. One key point of Web 3.0 is the idea of an individual’s capability to participate in the data economy themselves, to get a cut out of the massive profits being generated by their personal information. Users should receive something in return, besides usage of a product, for relinquishing so much of themselves to companies. Brands who recognize this are likely to experience much more success. Compensating users for their data is undeniably a step towards a more fair future and a more equal Internet as we venture into the future.


bottom of page