Data privacy is already a challenge–and the metaverse could make it worse

A scene of augmented reality.
The 3D metaverse can be a liberating place—if our privacy is protected. Photo by Matthew Modoono/Northeastern University

The metaverse is more than the latest obsession of Facebook founder Mark Zuckerberg. It’s a three-dimensional world of virtual and augmented reality that we will be exploring—via our digital avatars—over the next decade.

Amid the unlimited possibilities of what may be coming, consider this reality.

If our privacy is already under siege in the two-dimensional internet, imagine how vulnerable we may be in 3D?

“It’s going to aggravate the preexisting privacy issues that we’re not currently dealing with very well,” says Caglar Yildirim, an assistant teaching professor and director of the Mixed Reality research group at Northeastern. “And then we’ll have to deal with the more dire consequences of not paying enough attention to those issues.”

Left to right: Brooke Foucault Welles, an associate professor of communication studies, Caglar Yildirim, an assistant teaching professor and director of the Mixed Reality research group, and Meryl Alper, an associate professor of communication studies. Photos by Matthew Modoono, Adam Glanzman and Ruby Wallau/Northeastern University

It’s bad enough that cookies track our online movements today; in the future, our personal health data may be chronicled by virtual reality headsets.

How will financial transactions be managed? If we’re purchasing virtual real estate, how can we avoid being suckered into buying a digital version of the Brooklyn Bridge? 

“This is stuff we’ve been writing about since the 1990s: Like, what happens if your avatar rapes my avatar?” says Brooke Foucault Welles, a Northeastern associate professor of communication studies. “Those issues have not been resolved and they’re going to happen, I have no doubt. It seems reckless at this moment to move into that space without even thinking about it.”

A cause for optimism, says Welles, is that people are far more aware of privacy issues than in the 1990s, when the internet emerged as a commercial network. 

“So why not do a privacy-first metaverse?” Welles says. “What would a privacy-preserving metaverse look like if we can build it?”

Amid the myriad possibilities for the metaverse, Welles envisions a wide variety of safe spaces where people can explore different bodies, where queer youth can try different ways of coming out, where identities of all kinds can be celebrated without fear.

“The downside, of course, is all the stuff that you would imagine—that it becomes a place for all sorts of harassment, sexual exploitation, and targeted bullying,” says Welles.

Welles hopes that provisions can be made for people to own and maintain responsibility for their own data, enabling them to share or hide aspects of their lives and delete their online histories. It will probably require a level of coherent online legislation that the U.S. Congress has been unable to provide so far.

“Most of the public discourse that I have seen about the metaverse has largely focused on its potential profitability as another world to develop and sell,” says Meryl Alper, a Northeastern associate professor of communication studies. “When that is the ultimate goal, data surveillance, collection, and extraction from users are a given. 

“What new laws will have to be passed by governments to ensure that people, especially more vulnerable populations like children, are not taken advantage of?” says Alper. “There’s decades of research in the field of media and communication studies, for example, that shows that people do not leave their identities at the door when they create avatars online; if anything, such virtual spaces also empower people to harass and psychologically harm others.”

Zuckerberg’s recent commitment to building the metaverse over the next decade—which includes rebranding Facebook’s parent company as Meta—has created cynicism about the new online world based on his company’s exploitation of its users.

“Since the era of deregulation in the U.S. in the 1980s, the power of media conglomerates has been prioritized over consumer privacy,” Alper says. “What does make me optimistic, though, are recent developments from the U.K., like the Age Appropriate Design Code, which has already forced the hand of companies like Meta to better adapt their products to children’s developmental needs and digital rights.”

Welles and Yildirim also believe that digital companies may help drive the campaign for user privacy, mainly because it will be good for business to create online spaces that are inviting rather than threatening.

Instead of focusing on how his company can continue to mine the personal data of its users, Zuckerberg should be worried about rivals that may be empowered by the third dimension.

“If I were Mark Zuckerberg, I’d be thinking really carefully about where my competitive edge is and who’s going to pop up,” Welles says. “What if someone comes through and creates a metaverse that centers Black joy? I think there’s a big audience who would really love a metaverse like that.”

Yildirim says that users also must accept responsibility for their choices as the metaverse lures them to venture online ever more immersively. 

“There’s this idea of a privacy paradox, where people are willing to share all the information in the world on social media platforms,” Yildirim says. “But then the next day, when the revelations come out about how these companies are using that data, people are angry. I’m not saying that they don’t have the right to be angry, but they were willing to share stuff—it’s a paradox.

“It’s up to us, to some extent, to be mindful and cognizant of what we do on these social platforms,” adds Yildirim. “We have seen enough to be forewarned—so we can be forearmed as well.”

For media inquiries, please contact media@northeastern.edu.