By - Prashant Kataria on May 19, 2022
Metaverse is Mark Zuckerberg’s attempt to rebrand Facebook after years of being mired in data mining and false news controversies in Europe, North America and Asia. While the platform is still under construction and is expected to take another decade to be refined, there is no doubt millions of users still do spend several hours of their day on virtual social media platforms and there are regulations governing their interactions with and within these spaces.
The metaverse is an attempt to increase the overlap of our social and digital lives in areas such as socializing, productivity, and prosperity through the use of Virtual Reality (VR) and Augmented Reality (AR) in online communities. However, the pursuit of this futuristic technical frontier raises concerns around already contentious issues such as data privacy, anti-trust, and intellectual property rights (IPR), all of which must be addressed to fully appreciate the technology’s potential.
The main offerings of Metaverse include complete immersion in a virtual space, augmentation, automation, decentralization, mobilization, autonomy, and real-time action. Several organizations and technologies must work flawlessly in sync to weave together independent virtual reality experiences employing visual, audio, and haptic technology, as well as open-source and proprietary solutions. This combination is expected to spawn unique modes of participation, content creation, socialization, and monetization in new arenas of digital environments.
Due to information technology behemoths like Meta, Google, and Microsoft’s interests in developing the metaverse, regular people have begun to invest heavily in digital assets to ease their migration into this virtual world. This requires governments across all countries to take note of and plan for the influence of virtual realities on our future.
To avoid the misuse of cutting-edge technologies at the start of a new era, new regulations may be required. The metaverse is a parallel digital universe that necessitates the use of extremely personal data for smooth provision of services, as well as other sensors and software, all of which add to the complexity of overseeing these platforms.
As such, to protect users from data breaches and solve regulatory loopholes – facial recognition data, body language data, biometric data, search data, and other personal data must be monitored. If such data is not safeguarded, firms may seize it and exploit it to create personalized advertisements and boost income through effective advertisement distribution.
The existing data protection system is governed by a set of rules titled the Information Technology Rules, 2011 under the Information Technology Act, 2000. According to these guidelines, a company must demonstrate code compliance by having documented security plans, and information security policies which must include technological, operational, and physical security measures.
The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (IT Rules), were published by the government in a notification dated February 25th 2021, with the primary goal of regulating and protecting consumers from various potentially hazardous contents. To comply with the standards for data accuracy, choice, consent, disclosure, portability, and security, the organization must follow precise technical and design criteria. Furthermore, the organization must put in place management systems to enforce privacy standards, out-of-date policies, and make recommendations that are compatible with the quantity of information required.
The legal and regulatory concerns are five-fold:
Given the predicted number of Metaverse users, the platform is expected to amass vast volumes of sensitive personal data. In the privacy policy of any AR-VR device, it is generally claimed that it would gather data about an individual’s biological information, physical surroundings and other personal information. Since such biometric data is being collected, this would fall under the definition of “sensitive personal data” under the IT Rules.
Section 69 of the IT Act empowers the government to issue orders authorizing the interception/decryption of information to “ensure the security, sovereignty, or integrity of the state”. The government can monitor data in the Metaverse environment, and if it is seen to be against public policy, it can be withheld, and the company can be penalized for failing to comply with the rules. In the metaverse era, it is expected that the law would inject itself in a way that balances fundamental rights, such as freedom of expression, with the preservation of the public interest, though it remains to be seen how successful this is in practical terms.
Due to the unusual nature of the metaverse, the application of existing laws has been fraught with controversy. Anti-trust has been engaged in existential dilemmas since the metaverse’s inception.
The Competition Ac 2002 enforces antitrust laws by “making any contract, combination, or conspiracy to hinder commerce, as well as monopolization, attempted monopolization, or conspiracy or combination to monopolize, illegal”. It also prohibits undue restraints. As a result, if numerous apps compete in a market and one unfairly dominates or threatens to establish a monopoly, this acti can be applied.
While the bulk of anti-competitive practices that occur in the actual world can also exist in some form in the metaverse, the metaverse’s fundamental nature and the blockchain make such activities impossible to detect and punish, letting corporations engage in such practices with impunity.
Anti-competitive firms can use private blockchains to share commercially sensitive information among themselves, such as price-related details. These blockchains can only be accessed by those who have the authorization of the blockchain’s owner. Authorities will be unable to access these communications and, as a result, prosecute such behavior – however by way of demand under the relevant statutes, authorities may ask for such information. This is different from the current scenario, in which authorities can easily examine businesses’ facilities to gather evidence concerning such infringements.
Since Metaverse’s inception, the market for virtual accessories has witnessed an expansion; people are more inclined to spend real money on virtual fashion items for their avatars as their attachment to them deepens. Metaverse has experienced a flood of trademark infringement accusations due to the ease with which virtual products can be replicated. Businesses are now concerned about the extension of their physical product trademarks to their online counterparts.
While there is currently a lacuna in any government legislation that can provide redressals to virtual IPR-infringements, a possible solution for companies is blockchain technology. A blockchain is a permanent and immutable record of data, which means that once data is entered into it, it cannot be erased or changed until a consensus method is used.
This technology can be used when a company’s virtual goods or services reside outside of a single Metaverse platform. This technology incorporates and protects intellectual property rights in content associated with goods and services. Descriptions of the relevant commodities, their ownership history, and the scope of the relevant rights are attached. This information can establish the product’s permissible and forbidden applications. Furthermore, this data is linked to the product throughout its digital life, even as it moves from platform to platform. This is a purportedly effective means of protecting a brand’s intellectual property.
As mentioned above, blockchain technology considerably improves security because no single user may change the data on a blockchain without the agreement of other users. Another important aspect of blockchain technology is pseudonymity, which means that even if a user’s virtual identity is known, their real-world identity cannot be discovered.
However, despite the potential advantages of blockchain technology, this poses very specific and distinct concerns. For example, if one virtual avatar harasses another virtual avatar. Will the harasser face consequences for their actions? Law enforcement would be problematic since authorities would be powerless to hold anyone accountable for their crimes in the metaverse due to a lack of understanding and application of law in such domains.
Given that Metaverse is expected to be used by people from many origins, nations, and locations, the question emerges as to which nation’s laws will regulate the digital realm and Metaverse environment. Jurisdiction will be even more uncertain in a borderless virtual space and this is a point of significant concern to several government bodies.
The position on this topic is still quite ambiguous, and there is no clear response from the authorities. The only feasible solution is to combine and develop legislation together. The rules must evolve in response to changing dynamics, incorporating numerous provisions to cope with new challenges and providing the world with solutions.
To summarize, there are no specific regulations in India that currently oversee Metaverse appropriately, which increases the risk to its users. There is a legal void yawning before us when it comes to overseeing the safe execution of this new platform. Since Metaverse is still in its infancy, regulators must intervene now before the technology matures; otherwise, it will be harder to supervise once there is a higher level of user dependency. While disruptive developments in technologies such as VR, AR, blockchain, etc. have immense potential in their applications, their impact on established legal systems gives rise to a certain skepticism. It is obvious that governing new technology would be difficult and would necessitate a reworking of existing legal systems.
Contributed by Prashant Kataria, Partner & Dhaval Bothra
