The Future of Privacy Forum (FPF) has published a set of recommendations to deal with privacy risks associated with augmented reality (AR) and virtual reality (VR), often referred to as XR technologies.

The recommendations are contained in report called Augmented Reality + Virtual Reality: Privacy & Autonomy Considerations in Emerging, Immersive Digital Worlds, which also considers current and future use of XR technology.

Among FPF’s suggestions (see box below) are recommendations for how policymakers, hardware makers, XR developers and researchers on how data can be protected.

These include advice for policymakers considering how data protection laws can provide clear obligations regarding XR data; hardware makers considering how data collection, use and sharing can be transparent and XR developers considering how personal data can be processed locally.

“The vast amount of sensitive personal information collected by AR and VR technologies creates serious risks to consumers that could undermine the adoption of these platforms and limit their utility,” the Washington-headquartered think tank said.

The forum’s CEO Jules Polonetsky added: “XR technologies are rapidly being adopted by consumers and increasingly being used for work and for education. It’s essential that guidelines are set to ensure privacy and safety while business models are being established.”

FPF’s policy counsel Jeremy Greenberg pointed out XR technologies provide substantial benefits across the likes of education, gaming, architectural design and healthcare.

But he added: “XR technology systems often rely on biometric identifiers and measurements, real-time location tracking, and precise maps of the physical world.

“The collection of such sensitive personal information creates privacy risks that must be considered by stakeholders across the XR landscape in order to ensure this immersive technology is implemented responsibly.”

The FPF brings together industry, academics, consumer advocates and other thought leaders to explore the challenges posed by technological innovation and develop privacy protections, ethical norms and workable business practices.

FPF’s key recommendations at a glance

  • Policymakers should carefully consider how existing or proposed data protection laws can provide consumers with meaningful rights and companies with clear obligations regarding XR data
  • Hardware makers should consider how XR data collection, use and sharing can be performed in ways which are transparent to users, bystanders and other stakeholders
  • XR developers should consider the extent to which sensitive personal data can be processed locally and kept on-device
  • XR developers should ensure that sensitive personal data is encrypted in transit and at rest; and
  • Researchers should obtain informed consent prior to conducting research via XR technologies and consider seeking review by an institutional or ethical review board if consent is impractical.