Virtual and augmented reality technologies have continued to improve at a brisk pace, with Facebook’s Oculus Quest VR headset and Nreal’s Light AR glasses setting new standards for mobility and comfort. But as the hardware and software evolve, concern over their user privacy implications is also growing. The nonprofit XR Safety Initiative has released its own solution — the XRSI Privacy Framework — as a “baseline ruleset” to create accountability and trust for extended reality solutions while enhancing data privacy for users.
The XRSI Privacy Framework is urgently needed, the organization suggests, as “individuals and organizations are currently not fully aware of the irreversible and unintended consequences of XR on the digital and physical world.” From headsets to other wearables and related sensors, XR technologies are now capable of gathering untold quantities of user biometric data, potentially including everything from a person’s location and skin color to their eye and hand positions at any given split second. But comprehensive regulations are not in place to protect XR users. The National Institute of Standards and Technology has offered basic guidance, while regional laws such as GDPR, COPPA, and FERPA govern some forms of data in specific locations. But XRSI’s document ties them all together and goes further.
Developed and vetted by a group of academics, attorneys, XR industry executives, engineers, and writers, the Framework is a 45-page document with around 25 pages of regulatory and guideline meat that will be of more interest to lawyers and corporate privacy officers than end users. Broadly speaking, the Framework pushes companies such as Facebook to develop and use immersive technologies responsibly, rather than creating tools to harvest as much information from individuals as possible. It uses the aggregated threat of legal consequences to encourage voluntarily appropriate corporate behavior and is designed to get XR stakeholders to think before acting, rather than holding to the classic “move fast and break things” mantra.
From a user perspective, the XRSI aims to deliver transparent, easy-to-understand solutions that are inclusive while protecting individual privacy by design and default, including modern understandings of identity and respect for the user’s individual characteristics and preferences. It’s also timely: As schooling from home gains traction and XR potentially plays a larger role in remote education, the Framework canvasses existing laws protecting both children under 13 and older students against discrimination and inappropriate record keeping, helping XR companies understand their existing and future legal obligations in the scholastic arena.
The XRSI is working with liaison organizations — including Open AR Cloud, the University of Michigan, and the Georgia Institute of Technology — to further develop the Framework beyond its current “version 1.0” status and get it adopted and enforced. While the group credits individual experts from organizations like HERE and Niantic with helping to craft the document, it’s unclear at this stage whether XR platform developers such as Facebook, HTC, or Valve will support the initiative.