Credit: Golden Dayz Shutterstock

Growing public awareness of data privacy issues has pressured countries to introduce more stringent privacy laws. However, in the future, emerging technologies such as the metaverse, virtual reality (VR), and augmented reality (AR) will make the enforcement of data privacy regulations more challenging.

A history of data privacy regulation

At its inception, the internet was designed to be free, open, and innovative. At first, most governments adopted a light regulatory touch, allowing companies to grow with little intervention. As a result, companies like Facebook flourished with business models based on targeted advertising. Targeted advertising refers to advertisements that are served to a specific audience. The target of that advert is determined using user data sold by companies like Facebook to advertising agencies.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

Related Company Profiles

View all

Public awareness of data privacy issues eventually pressured countries to enact more stringent data privacy laws, with the EU’s General Data Protection Regulation (GDPR) being the gold standard of data privacy regulation. The GDPR sets out a legal framework for keeping citizens’ personal data safe by requiring companies to have robust processes in place for handling and storing personal information. The GDPR has cumulatively fined tech companies over $2.9 billion between 2018 and 2022. Although this is a large sum, enforcement frameworks remain extremely underfunded and short-staffed, and these fines remain a slap on the wrist for most Big Tech companies.

The GDPR promotes a ‘privacy by design’ approach in which companies are encouraged to adhere to data protection policies as an integral feature of data processing technologies. While European regulators have confirmed that the GDPR will apply to the metaverse and other related technologies operating within the EU, the enforcement of data privacy regulations will be incredibly challenging.

Data privacy in the metaverse

The metaverse is a virtual world where users share experiences and interact in real-time within simulated scenarios. It has been marketed as a revolutionary technology that will change how we shop, work, learn, socialize, and consume media content. Companies like Meta, Epic Games, and Microsoft have poured billions of dollars of investment into metaverse technologies and content. Nevertheless, the metaverse remains in its infancy.

GlobalData’s TMT Predictions 2023 report predicts that there will be a metaverse winter in 2023. Tech giants will continue to invest, but there will be less venture capital activity and fewer deals in the space. The year will not produce substantial returns instead, it will give an opportunity for underlying technologies, like AR and VR, to mature.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

It is not yet clear how much this ‘winter’ will hamper the metaverse’s long-term potential. However, one of its biggest obstacles will be public concern regarding data privacy. Multi-sensory experiences in the metaverse will expand the scope of data privacy beyond the normal data points to include emotional, biometric, and physiological data, meaning users will be monitored at an almost forensic level. This will make enforcement of data privacy regulation far more challenging. Firstly, it is unclear whether current data privacy regulations, aside from the GDPR, are legally applicable to new technologies. Secondly, while current regulations address billions of data points shared between users and tech companies, the metaverse and related technologies will give companies access to trillions of more invasive data points. There is already a lack of resources when it comes to enforcing data privacy laws, which will only worsen as we embark on an immersive future in the metaverse if regulators are not adequately prepared.

Looking forward

Regulators must draft legal frameworks with robust compliance processes that consider the potential dangers of the emergence of more invasive technologies with access to biometric data. Government resources will always be limited when it comes to data privacy enforcement, however, regulators can improve efficiency by using artificial intelligence and other technologies to track Big Tech activity in the data privacy space.

When the GDPR and other legal frameworks are expanded to cover the metaverse, the metaverse may see its functionality challenged. For instance, how can Meta render real-time avatars of people in the metaverse if it is not allowed to capture the biometric data needed to mimic the movement of people? Therefore, developers must collaborate with government entities to develop the technology with data privacy regulation in mind.