This module poses some questions for you relating to emerging or future privacy challenges. How, for example, can we build a privacy-preserving metaverse and Web 3.0? Will you soon need to wear a disguise or behave angrily in the supermarket to get the best price? And what novel privacy expectations might the first travellers to Mars have?

Virtual and Augmented Reality

“This poses a very serious privacy risk, as it potentially eliminates anonymity in the metaverse … ‘Moving around in a virtual world while streaming basic motion data would be like browsing the internet while sharing your fingerprints with every website you visit. However, unlike web-browsing, which does not require anyone to share their fingerprints, the streaming of motion data is a fundamental part of how the metaverse currently works.’”

A recent research study found that users could be uniquely identified at scale across multiple sessions using just a short sample of their head and hand motion. With a 10 second recording, accuracy was around 73%, and with 100 seconds of motion, accuracy was over 94%. This is a significant and troubling finding. It means that motion (biomechanics) data - which is of course necessary for VR to work, from initial device calibration to the user’s ongoing interactions with the VR world - would likely be considered biometric data under the EU’s GDPR. This special category of sensitive personal data requires a stronger legal basis for processing and potentially also a privacy impact assessment. And expecting your employees to come to work to your virtual office in the metaverse might be illegal under employee data protection law. This article (quoted above) discusses this in more detail and proposes some mitigations, such as adding noise to the motion data to make it less identifiable.

Web3 Privacy and Digital Identity

TODO.

• https://hbr.org/2022/05/why-blockchains-ethical-stakes-are-so-high
• European Digital Identity scheme
• Digital identity schemes in Africa

Biometric Pricing

TODO.

Space Privacy

TODO.

• https://80000hours.org/problem-profiles/space-governance/
• https://www.spacefoundation.org/space_brief/international-space-law/
• https://www.unoosa.org/oosa/en/ourwork/spacelaw/index.html
• https://www.michalsons.com/blog/spacetech-do-data-privacy-laws-apply-to-outer-space/45577
• https://digitalcommons.unl.edu/cgi/viewcontent.cgi?article=1098&context=spacelaw Outer Space Law Principles and Privacy
• https://www.unoosa.org/oosa/en/ourwork/copuos/index.html
• Earth observation and satellites
• privacy concerns with starlink?

Resources

• Unique Identification of 50,000+ Virtual Reality Users from Head & Hand Motion Data - Vivek Nair, Wenbo Guo, Justus Mattern, Rui Wang, James F. O’Brien, Louis Rosenberg, and Dawn Song, arXiv (2023).
• New research suggests that privacy in the metaverse might be impossible - VentureBeat
• SoK: Data Privacy in Virtual Reality - Gonzalo Munilla Garrido, Vivek Nair, and Dawn Song, arXiv (2023).