Regulators and Meta lay the foundations of the metaverse at RAID

 Regulators and Meta lay the foundations of the metaverse at RAID

At RAID Digital on 4th May, experts from Meta, the UK Information Commissioner’s Office, the Data Protection Commission Ireland and Deloitte uncovered the scale of opportunities and challenges presented by the metaverse and its regulation.


Stefano Fratta, Privacy Policy Director, Meta described the metaverse as the successor to the desktop internet. “The metaverse is a set of digital spaces, all interconnected so we can easily move between them,” he said.

A critical feature of the metaverse is that it will be a collaborative exercise, not owned by any one company. “All stakeholders will be contributing. It will be an open ecosystem in which Meta will be just one of many players.”

Interoperability between platforms will be crucial, enabling scenarios such as walking down a virtual street and entering a stadium.

Another main feature of the metaverse is a sense of presence. “It will be like living the internet, not looking at the internet.”

Unlike on Web 2.0, users of the metaverse will be visible to one another. Avatars will be an important part of achieving this vision.

“Seeing others interacting is a large part of what will be different from the current internet,” said Jan-Jan Lowijs, Risk Advisory Director, Deloitte.

“On a store in today’s internet, you are browsing through lists, selecting and going to a checkout and that’s it. In examples of the metaverse I have seen, you interact with the staff of the shop and can try on something that you pick up.”

“Now we are bringing a new chapter,” said Fratta. “Every chapter comes with new ideas, risks and disruptions.”


Economic opportunities

The metaverse could also bring major economic opportunities, and not just for the platforms.

“Think of the number of jobs in the internet that didn’t exist years ago,” said Fratta. “That’s what’s going to happen, in ways we can’t imagine. There are going to be creators – that’s going to be a new business.”

Today’s internet platforms are largely advertising-led, but this could change. “We might see ways to monetise services that we can’t imagine. Big brands are going to be selling stuff in the metaverse as they are in real world. This is the economic opportunity of the metaverse. We have to see how to take advantage of that.”

The prospect of going to concerts and sports events in the metaverse also opens up a whole new economy for entertainment.

“We will see a shift to things that happen offline will happen more online,” said Lowijs.


Public good

“We have to bear in mind there are choices to be made ethically and morally about what kind of platform it is,” said Ultan O’Carroll, Deputy Commissioner of the Data Protection Commission in Ireland. “Is it for public good, or is it somewhere you buy a plot to sell things?”

Fratta cited equity and inclusion as the challenges that come to mind first from a Meta perspective. Meta is focused on bringing in talent from around the world, representing different views and mentalities. “The metaverse can help us to break language barriers.”

Another challenge is making the technology universally accessible. “The metaverse is based on sophisticated technology, expensive devices. We need to make these available to a large amount of people.

“The experience will depend on whether you are accessing it on a 2D device or a 3D device – but it should be accessible via whatever tech you have available.”

Another challenge is connectivity, which Meta is investing in by laying subsea cables to Africa, for example.

Safety and integrity are also important priorities for Meta. “We want everyone to feel like they are in control of their experience in the platform. In Quest, our AR/VR tool, we enable people to report inappropriate contact.”


Privacy concerns

The internet of the future presents particular challenges around data privacy.

“The issues are to do with what data is collected, is it personal in the first place, who is the inferred data controller? said O’Carroll. “What kind of processing is going on? These are difficult questions; you often have joint controllers and data sharing. In cloud and telecoms, these things can become problems very quickly.”

The metaverse will have large numbers of smaller companies working with platforms. “That would bring problems that have to be mitigated – not least the volume and frequency of data collection.

“So in a world where we have a digital representation of ourself interacting with others, or AR where it’s not so contrived and more risky, problems have the potential to become exacerbated in the future.”

“Think about what you’ve done in the last 24 hours: your stress levels, every place you went,” said Stephen Almond, Director of Technology and Innovation, Information Commissioner’s Office in the UK. “Imagine if all this data was being stored. Bad actors could hack it and find about you. Imagine if you are a child or a vulnerable citizen.

“The great news is that we are just at the outset, and we have an opportunity to hardwire data protection into the design of the metaverse. But to do so, we need to learn the data lessons from today’s internet.”

“What is novel about the metaverse is the scale and granularity of data that are being connected. For example, if VR and AR is the conduit to the metaverse, biometric data such as vital signs and mental state can be assessed. This is very intimate personal information.

“We need to think about how education authorities, employers, government can access people’s previously inaccessible highly personal data.

“In order for it to work, our individual data footprints need to grow. We need to think about how we protect this for the most vulnerable – children will be a core audience for the metaverse. We are going to have to think about how to tackle these challenges.”

“We have a real opportunity if firms like Meta who are looking to shape how the metaverse evolves really lean in and think about what a ‘privacy-first’ metaverse looks like.”

Meta is taking this approach, said Fratta. “It is true that the metaverse is data intensive, but there are ways you can mitigate the privacy impact.” For example, Quest monitors the way you use hands, if a user enables hand tracking. “But the movement data we collect is limited to what is needed to deliver the experience, it’s stored on the device and erased immediately, so there is no excessive collection of data.”


Who will regulate the metaverse?

“It’s important that we focus on the wide challenges of the metaverse,” said Almond. “Not all are privacy related. The privacy framework is in pretty good shape, having the right tenets in place.”

But the range of regulatory concerns that relate to the metaverse will run much broader. “For online safety in the UK, Ofcom is due to take a new regime. There are regulations around advertising. On competition, I was interested to hear references to an interoperable metaverse, which raises questions about who has the infrastructure that runs the metaverse itself. And the broader health, social and equity questions.

“It’s not going to be one regulator’s job to regulate the metaverse. It’s going to be important that regulators join up. In the UK we are working with a collection of regulators – the Digital Regulation Cooperation Forum. We need to get these choices right.”

“Whether current regulations deal with it, we can’t really tell, said O’Carroll. “We have GDPR and privacy laws.

“If we want the level of sophistication that is being dreamed about at the moment, there is a long way to do. The Digital Services Act, the Digital Markets Act and the AI act are all going to apply, but there might be some more niche regulation to go with it.

“We don’t want to end up with a bandaged solution.”

Fortunately, regulators and technology providers have the opportunity to align, not least at a forum like RAID. “We are at the very start of the journey – it’s not going to happen overnight,” said Fratta.

“If we start now, we have the option to build the policy while we develop the technology.”

Lowijs cautioned against overregulation and prohibiting things in the metaverse that are acceptable offline. “Here in Amsterdam, cyclists see traffic lights as recommendations; we go through reds all the time. We can do that in the physical world – but how will that be done in the metaverse? Can you move around without being identified? Will the rules allow for breaking the rules as well?”


Reducing energy consumption

Another major concern is the potential impact on the climate of the large amounts of energy the metaverse might require. The first of the “three Rs” of sustainability – “reduce” – applies here.

“We should apply the principles around data limitation,” said Almond. “We should create a metaverse that only contains what it needs to contains.”

Lowijs pointed out that advances in computing power will also increase efficiency, citing Moore’s law. “If computers get better, then this will level off.”

He also pointed out that people might have to travel less.

“Nothing beats being physically together, but if you cannot be then the metaverse is the way to be closer than is possible on the internet” said Fratta. “It is immersive, engaging and will unlock new ways for communities to be together.”

Fratta also assuaged concerns that people would spend more time hooked up to devices. “It’s not that we’ll spend more time online, but we’ll have a much better experience online: instead of staring at that screen on the phone, you’re going to have a better experience.”


The panel discussion on The Internet of the Future was moderated by Nicole Wolters Ruckert, Counsel, Allen & Overy. This article was written by Ben Avison, Editorial & Conference Director, Cavendish Group.