0:00-0:40 In episode three of Privacy Abbreviated, hosts Dona Fraser, Senior Vice President of Privacy Initiatives at BBB National Programs, and Catherine Dawson, General Counsel and Chief Privacy Officer of Osano, sit down to discuss the privacy concerns of the metaverse.
0:41-1:57 This episode features Tracy Shapiro, a partner at Wilson, Sonsini, Goodrich, and Rosati. Tracy has been with the firm in their privacy group for nearly a decade. Her role is to advise companies on how they can process consumer data. She also works with clients to spot red flags in project launches and help them with compliance issues and privacy laws.
1:58-4:39 To start the episode, Dona asks Tracy to describe the metaverse and what she believes it entails. She shares that the metaverse is a term used to describe the virtual world that exists online. It’s a place where you can interact with other people in various ways, including through social media, gaming, and even shopping. While the metaverse offers many benefits, it also raises some significant privacy concerns. For example, when you share information in the metaverse, you may not be aware of who else can access it. Additionally, your interactions in the metaverse can be tracked and used to create a profile of you without your consent. As the metaverse continues to grow and become more popular, it’s important to be mindful of these privacy issues and take steps to protect yourself.
4:40-5:12 Dona then asks Tracy what she foresees to be some of the biggest privacy challenges for companies whose primary business operations are intended to be in the metaverse. Tracy says she thinks the challenges exist in two categories: logistical compliance challenges and philosophical privacy challenges.
5:13-7:02 Tracy explains that she feels the world will be able to adjust existing laws as everyone did when mobile apps or IoT devices became a thing. She notes that lawyers have always had a “moment of panic” around how they will apply existing privacy laws to our clients’ new technologies. Tracy provides two examples of situations involving privacy notices and how to obtain consent from users properly. She ends her first point by stating that she feels one challenging question and one unknown is whether there will be interoperability in the metaverse moving forward.
7:03-7:55 Regarding the high-level privacy challenges, Tracy says one of the more complex issues is that the metaverse seems to straddle this space between an online experience and an experience that’s like the physical world. She feels that figuring out which rules of the road apply—the online or offline rules—will be one of the big challenges. Tracy uses the example of location tracking, for instance. There are privacy laws and industry standards that apply to the collection of an individual’s precise geolocation information. She says there’ll be a looming question of whether or not people’s precise location will be revealed or if it will be similar to visiting a website where your location information is coded.
7:56-8:54 She exacerbates her concerns by providing an example of virtually bank visits, doctor visits, yoga, or visiting a rally. With our current state of technology, it could be ascertained that these are four unique visits in four separate and distinct locations. She is concerned about whether movements in the metaverse will be akin to tracking real-world physical movement patterns. Tracy then brings up a valuable point about consumer expectations and the user experience. She asks whether the consumer expectations of how privacy is managed in the metaverse are more aligned with the real world or more akin to your traditional online experience.
8:55-29:41 Catherine shares that she agrees with the multiple concerns brought about by Tracy’s questions in conjunction with the logistical uncertainty of how the metaverse will tackle these issues in the coming future.
29:42-30:11 To close the interview, Dona asks if there are any areas or issues that Tracy thinks we should be paying extra attention to and what changes does she expect to see in the next year?
30:12-31:12 Tracy answers by saying that she believes government surveillance in the metaverse will be an essential issue to consider. She circles back to her original points regarding whether or not a person has the reasonable expectation of privacy in the metaverse. Tracy drives her point home by bringing up the topic of terrorism. “If the government suspects I’m hosting a meeting with suspected terrorists in my (virtual) living room, would coming into my home constitute a search? Does the fourth amendment apply? Maybe courts will conclude there’s no reasonable expectation of privacy at all.”
31:13-32:27 With virtual properties being an intangible yet accessible form of property, Tracy states that there is a very real issue regarding the expectation of privacy that a person has in their home—extending to a virtual or digital home. She leaves listeners with an important question, “Will I have that same right to privacy when I exist in this online world, or is that only going to exist when I am in my actual physical body?”
Listen to the full episode here.