Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. In this edition, we will learn about the privacy concerns associated with extended reality technology.

Is extended reality a safe space for advancements in digital transformation?

Illustration by Derrick Deepak Roy I

Businesses all over the world are using digital transformation to drive growth and innovation. Emerging technologies such as augmented reality (AR) and virtual reality (VR) can enable digital transformation for organizations by changing the way businesses operate.

What exactly is extended reality?

Extended reality (XR) is an umbrella term that not only encompasses immersive technologies, including AR, VR, and mixed reality (MR), but those that are yet to be developed as well.

To put it simply, XR aids in the extension of physical reality into digital spaces, virtual reality into physical spaces, and represents a blend of the two to create fully immersive experiences. Today, XR is finding applications in industries such as retail, marketing, real estate, and entertainment.

However, as fascinating as it sounds, there are some obstacles to mainstream adoption. In this blog, we will discuss the most important challenge that XR developers face: privacy.

Our most intimate behaviors and thoughts must be safeguarded. The XR technologies we use today collect and process massive amounts of highly detailed and personal data. The information gathered can be extremely sensitive, revealing what we do, what we look at, and even our emotions at any given time.

Take, for example, eye-tracking technology, which is already being widely used in VR and AR headsets. This provides numerous benefits in terms of presenting high-fidelity graphics and responsiveness. However, eye-tracking allows businesses to collect highly personal data on your unconscious responses to visual cues (whether virtual, as in the case of VR, or real-world cues, as in the case of AR).

Patterns in our eye movements reveal what we’re focusing on at any given time, providing insight into our preferences and thoughts. Advertisers could use this information for any number of reasons, including to inject targeted ads in areas they know you’ll likely be looking.

This massive amount of sensitive personal information collected by XR technologies poses serious privacy concerns. Here’s a list of reads to build on your understanding regarding how XR affects privacy: 

1. The next privacy crisis

XR is considered to be the future of computing and many companies are stepping in to invest in it. But this technology raises some privacy, trust, and consent challenges. AR, which is a component of XR, is not just about augmentation, but it also allows the computing platform to analyze and capture the user’s surroundings without getting the consent of the other people in the same environment—which raises serious privacy issues.

2. Opportunities to mitigate the privacy risks of AR & VR technologies

 XR technology tracks details like biometric identifiers, real-time locations, and precise maps of the physical world. This includes personally identifiable information collected by the XR technology, which inevitably raises privacy concerns. These concerns must be addressed by the XR stakeholders to ensure that XR technology is implemented responsibly.

3. What makes XR privacy concerns different from existing privacy concerns

XR devices typically include many sensors that constantly track and monitor their users while they wear them. The devices also have the option to incorporate multiple kinds of sensors that can collect galvanic skin responses. When these physiological responses are collected as data and sold to other companies, this could cause serious privacy concerns—giving rise to growing needs for new privacy regulations specific to XR technology.

4. Minimizing AR/VR security and privacy risks

The data collected from XR devices can be used to launch social engineering attacks. Some of the common cyberattacks relevant to AR content include data manipulation, data sniffing, and data spoofing. Cyberattacks like ransomware can also be done by embedding malicious features into these XR platforms/devices, thereby misleading users to disclose their personal information.

5. Balancing user privacy and innovation in augmented and virtual reality

The existing privacy policies will not be sufficient to mitigate the risks induced by XR technologies, with the current AR/VR regulatory landscape not addressing privacy concerns for some people and over-regulating others. Policy-makers should consider all sets of people by updating the existing policies. They need to come up with a new innovation-friendly regulatory landscape that also ensures user privacy in the XR technology.

The potential for digital transformation that XR technology could bring to businesses is enormous. But, many aspects of XR is still unregulated and largely untested. Here are a few recommendations from the experts to ensure privacy while using the XR technology:

  • Read company privacy policies to help you understand how companies store user data in AR and VR platforms.

  • Use a VPN service when connecting XR devices to the internet to protect your identity and data.

  • Update the firmware on your VR headsets and AR wearables whenever possible to ensure these devices have the latest privacy policies.

Some regions have standard fair use policies, copyright acts, trademark acts, and anti-dilution acts in place in the aftermath of content ownership and IP theft disputes. Although there are no proper regulations for the bulk of XR technology as of now, we are expecting to have some soon. 

Given the technology’s maturity level, any vigorous attempt to regulate it risks impeding its evolution. As a result, the majority of regulators are taking a wait-and-see approach.