by Domenico Orlando
- Data Protection Law Consultant
Previously, I presented a handful of opportunities that the use of eXtended Reality (XR) technology could provide. Colourful and promising as that virtual “brave new world” may be, though, it contains some serious pitfalls too. From a legal perspective in particular, there are several pertinent questions that require answering. Here are four of the most pressing and/or important concerns.
1. Violence and harassment protection
To begin with, violence and harassment, including of a sexual nature, have already surfaced in the virtual reality. In this respect, the major concern regards the protection of minors, as they usually approach new technologies before adults do and they often do so unsupervised. The law should also determine whether these deplorable virtual actions deserve the same punishment as real-life crimes and offenses. Indeed, the psychological effects of being harassed in the virtual world could be equivalent to those of being harassed in the real world.
2. Privacy and data protection
Secondly, XR technologies such as virtual reality (VR) and augmented reality (AR) highly challenge privacy and data protection. The devices enabling these technologies have to collect biometric data and other special personal data that could be used to detect their users’ emotions, such as facial expressions, gait and physical reactions.
3. Gamification protection
A third critical and potentially dangerous or damaging aspect is the increased gamification of activities. As users are more and more under the impression that they are acting in a video game, they tend to underestimate the (real-life) effects of their actions. One thing is playing on Fortnite, another is making financial transactions, attending job meetings or simply interacting with other persons (even if avatars), with all their rights and liberties to be respected.
4. Health protection
Last but not least, in the long run virtual reality devices such as the Oculus headset could also cause health problems. They weigh about half a kilo, which is a considerable amount to carry on your head. As a result, according to researchers, they could provoke serious neck problems if used for hours on end.
Regulating virtual reality
Certain laws are already in place today that can give us some guidance in terms of transparency, accountability and liability. Well-known examples are the EU’s GDPR (General Data Protection Regulation) for data protection and the EU’s NIS Directive for cybersecurity.
One could wonder therefore whether specific laws should be issued to regulate the use of XR technology, as is currently being done for AI (artificial intelligence). Or would it suffice to simply modify the existing laws to meet our new needs? The European Commission is carefully observing the technology already. And we are sure that when XR services become available and present in the life of the EU citizens, we will probably see the usual plot where the technology spreads and the regulator tries to catch up with the virtual world.
It would be a mistake, though, to think that so far the law has only dealt with the real world. In fact, the law has been disciplining the fictional dimension for a long time, through the so-called fictio iuris concept. Just think of the legal personality that is attributed to a corporation: an entity which is fictional, i.e. non-existing in flesh and bones, but has the capacity to legally operate. It can, for example, conclude contracts and relate to physical persons by, among other things, hiring them or selling them products and services. As we all know, corporations are well subject to rules and strict laws. The same could and should apply to the virtual reality.
By making data and applications legislation- and regulation-proof, Sopra Steria Benelux’s GRC team (Governance, Risk and Compliance) is able to create more value for its customers. Check out our new GRC approach and offering!