EPIC Comments on EU Metaverse Vision
May 23, 2023
EPIC has contributed to the EU Commission’s call for input to inform its vision for regulations and guidance related to the metaverse. EPIC’s comments focus on the privacy risks and harms present in the metaverse, how the metaverse interacts with existing regulations, and proposals that may mitigate privacy risks.
While many privacy risks of the metaverse are also present in other technologies and systems, the metaverse is set apart by risks to bystanders, the volume of personal data (including sensitive personal data) collected, and the inferences that can be made from that data. Several of these risks come into direct tension with the GDPR—particularly with respect to notification, choice, and processing of sensitive personal data—and may also conflict with the AI Act.
In order to mitigate these risks, EPIC’s comments propose a ban on certain processing (including, for example, “social scoring,” trait inferences, and emotion detection), technical and legal protection for bystanders, and regulation specific to extended reality technologies.