As the metaverse expands, it introduces novel challenges to data privacy and protection, particularly in the handling of biometric and inferred data. This paper examines the implications of existing European legal frameworks, notably the General Data Protection Regulation (GDPR), on the processing of biometric information and other sensitive data within immersive virtual environments. In the metaverse, avatars—often designed to closely resemble their creators—serve as rich sources of both explicit and inferred personal data, raising significant concerns regarding user consent, data processing, and privacy. By comparing regulations from both the EU and the United States, including the newly proposed American Privacy Rights Act, this study highlights the gaps in current legal protections surrounding avatars and the biometric or inferred data they may reveal. The findings indicate an urgent need for updated regulatory approaches to address the unique data privacy challenges of virtual identities and underscore the need for transparency and user control over digital representations in evolving digital landscapes.
Sorrentino, G., López-Guzmán, J. (2025). Rethinking privacy for avatars: biometric and inferred data in the metaverse. FRONTIERS IN VIRTUAL REALITY, 6, 1-10 [10.3389/frvir.2025.1520655].
Rethinking privacy for avatars: biometric and inferred data in the metaverse
Sorrentino, Giovanni
Primo
Writing – Original Draft Preparation
;
2025
Abstract
As the metaverse expands, it introduces novel challenges to data privacy and protection, particularly in the handling of biometric and inferred data. This paper examines the implications of existing European legal frameworks, notably the General Data Protection Regulation (GDPR), on the processing of biometric information and other sensitive data within immersive virtual environments. In the metaverse, avatars—often designed to closely resemble their creators—serve as rich sources of both explicit and inferred personal data, raising significant concerns regarding user consent, data processing, and privacy. By comparing regulations from both the EU and the United States, including the newly proposed American Privacy Rights Act, this study highlights the gaps in current legal protections surrounding avatars and the biometric or inferred data they may reveal. The findings indicate an urgent need for updated regulatory approaches to address the unique data privacy challenges of virtual identities and underscore the need for transparency and user control over digital representations in evolving digital landscapes.| File | Dimensione | Formato | |
|---|---|---|---|
|
frvir-6-1520655.pdf
accesso aperto
Tipo:
Versione (PDF) editoriale / Version Of Record
Licenza:
Creative commons
Dimensione
635.78 kB
Formato
Adobe PDF
|
635.78 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
