Tackling the data governance challenges of emerging digital technologies

Event report

Web 3.0, virtual platforms, and metaverse technologies are being developed in front of our eyes. Panellists discussed how these changes will bring unprecedented changes to data protection, privacy, and digital rights frameworks. They called upon multistakeholder processes and early actions to address future challenges.

As data-enabled technological innovation comes faster and faster, we are challenged with having to adapt and remain creative within the consumer protection regime and data protection framework. Mr Kudakwashe Hove (Digital Rights Lead, Consumer International (CI)) opened the session with an acknowledgement of the advancements that digital technology has brought for consumers, such as a wider range of goods and services and better access to marketplaces. With companies releasing virtual platforms and initiating debates about a metaverse era, Hove stressed that we must rethink consumer protection and digital rights frameworks carefully to adjust for emerging technologies.

Ms Ololade Shyllon (Head of Privacy Policy, Africa, Middle East and Turkey, Meta Inc) provided background by explaining the nascent stage in which Meta remains. At the very beginning of the next chapter of the Internet, she predicted a leeway of at least five to ten more years before metaverse technology becomes possible. Shyllon stated that Meta wishes to enhance digital experience without disconnecting users from reality, mainly by adopting augmented reality and virtual reality (AR/VR) and goggle technologies to provide an immersive experience. Ways in which we access products and services will be revolutionised. Unlike Shyllon’s positive outlook of the metaverse, however, Mr Samir Jain (Director of Policy, Center for Democracy & Technology (CDT)) took a more pessimistic tone, delineating three aspects in which consumer rights and data protection regimes could be challenged. The first concerns the capability of private companies to monitor and collect biometric data, including fingerprints, voiceprints, eyeball movements, and pupil dilation. The absence of regulations regarding detailed privacy and data security would render leading companies capable of tracking an individual on an unprecedented level. The second aspect relates to the ‘bystander’ privacy issue. In an AR/VR-assisted metaverse, users might wear goggles that record and monitor their surroundings and capture bystanders’ data by chance. This ability could be used and abused in identifying protestors, journalists, dissidents, people who exit abortion clinics or sensitive places, and more. Finally, the sharing of information could become more complicated in the metaverse. The appeal of the technology is to lower the barriers between multiple digital platforms. Therefore, the metaverse could enable interoperability among platforms, so that data could be transferred across platforms so seamlessly that when consumers want to report any data protection or digital rights abuses, policymakers might find it difficult to pinpoint whom to hold accountable.

While a plethora of issues require attention, both Jain and Shyllon expressed that the present is the time for changes. Jain reflected upon lessons learned from the Internet and offered two considerations. First, the issues should be addressed directly to prepare for when the technology arrives. Second, the policy and regulation design processes must be multistakeholder-oriented, inviting academia, civil society, and technological companies to jointly address difficult conundrums. Shyllon underscored Meta’s commitment to building responsibly a metaverse around core principles co-designed through multistakeholder processes. Some values it wishes to incorporate include transparency around data collection and sharing, boundary establishment between the virtual and reality to give users meaningful control over the technology, and inclusivity and diversity. Jain and Shyllon both emphasised equity and inclusion as core to preventing the extension of further social inequality into the metaverse.

All three experts offered insights about practical issue resolution and value embedding. Mr Danilo Doneda (Professor, State University of Rio de Janeiro) drew from his experiences of establishing data protection and consumer rights frameworks in Brazil. He criticised a previous focus on the ‘choice regime’, whereby digital companies are required to provide privacy options for customers to choose from. In these cases, users are often drowned in overwhelmingly long and complex terms of privacy; in return, users often choose to let companies collect whatever they wish for convenience. Jain believes that the burden of upholding privacy should be shifted from users to developers so that rules about privacy and data collection can be incorporated into the technical design process.

Shyllon and Hove exchanged thoughts about the fast-paced development of technology and the possibility of more efficient ways to catch up with data protection frameworks. Hove mentioned an approach whereby broad principles of privacy and digital rights are set in stone; so that with each new technology, policymakers make adjustments and a few ‘tweaks.’ Shyllon, on the other hand, highlighted the revolutionary changes in the metaverse and, thus, opted for a ‘rethinking and reinterpreting’ process in which data protection and privacy in evolutionary technologies are re-imagined.

By Yung-Hsuan Wu