In the matrix: protecting consumer privacy in the metaverse

The metaverse, developed mainly by the video game industry, offers a range of possibilities for consumers: meeting friends, playing a sport in a group, or taking part in events such as an online concert. Although an emerging phenomenon, industry players expect this new digital universe to grow significantly over the coming years.

The technologies that make the metaverse experience possible collect a great deal of data, including a person's physical, physiological and behavioral characteristics, such as voice and face. This data, correlated with other personal information, presents risks for consumers, especially vulnerable audiences such as children.

The privacy policies and terms of use of companies participating in the metaverse are not always transparent with regard to the increased risks for consumers. Among the main problems identified are a wide range of documentation and a lack of clear information, especially when it comes to the processing of personal data.

The metaverse environment raises a number of legal issues concerning the validity of consent, the definition of biometric data, and the protection of children's rights. Similarly, future technological advances, including the possibility of inferring consumer interests and preferences from eye-tracking captured by peripheral devices, expose the obsolescence of Canadian privacy laws.

As a solution, we issue recommendations based on international standards. Among other things, we propose that companies provide an exhaustive list of the conditions of use and privacy policies applying to their products. We also propose that legislators stipulate that decisions concerning children's information must be made in their best interests, and that information must be provided in clear language for consumers. Finally, we encourage the government to clarify the protections surrounding biometric data and the limits on its use.