Research Question: How does the EU General Data Protection Regulation (GDPR) address the challenges of biometric data collection and processing in the Metaverse, and what additional legal safeguards are necessary to protect consumers?
Methodology: The methodology for this thesis combines doctrinal legal research, and normative evaluation to in order to address how the GDPR regulates biometric data in the metaverse and the additional safeguards required for consumer protection. Doctrinal research will focus on a detailed examination of GDPR’s provisions, particularly Articles 4 (4(14)),5,9 and recital 51(although recital 51 is not legaly binding). These specific articles, define and regulate special categories of biometric data, transparency, consent, and data minimization. This will be applied across chapters 3 and 4, where the analysis centers on the GDPR’s legal framework and where I will be diving into possible compliance challenges within virtual environments. The normative analysis part will be used to evaluate ethical considerations, such as autonomy and consumer rights in immersive spaces, covered under chapters 3.4 and 6. I will be using case studies like Meta’s (formerly known as Facebook) compliance strategies (chapter 5), and possible scenarios that showcase issues of consent, data minimization, and profiling. My research paper will also briefly explore other upcoming data regulations for the metaverse. Finally,throughout chapter 6, I will identify specific areas where the GDPR falls short in addressing the various challenges posed by biometric data in the metaverse. I will try to provide concrete reform proposals, such as increasing transparency requirements,and recommending that the European Data Protection Board (EDPB) develop metaverse-specific guidelines.
Table of Contents
- Introduction 1.1 Introductory background on the Metaverse
1.2 The collection and use of biometric data in immersive digital environments
1.3 Research question
1.4 Outline of the Thesis
1.5 Methodology - The Metaverse and Biometric Data: New frontiers of Digital Interaction
2.1 The Concept of the Metaverse and its Expansion
2.2 Data controllers in the metaverse; Joint control
2.3 Types of Biometric Data Collected in the Metaverse; Extensive and invasive data collection
2.4 Consumer Interactions in the Metaverse: General Legal Implications in the Metaverse
- Balancing Innovation and Ethics: Legal Framework for Consumer Protection in the EU 3.1 The Evolution of Consumer Protection Laws in the Digital Age
3.2 GDPR overview and key provisions
3.3 Special Categories of Personal Data under GDPR: Biometric Data
3.4 Consumer Rights under GDPR Principles of transparency, consent, and data minimization - Biometric Data and GDPR Compliance in the Metaverse 4.1 GDPR’s Territorial and Extraterritorial Scope in the Context of the Metaverse
4.2 GDPR Provisions on Biometric Data: Article 9 and Special Categories of Data
4.3 Challenges to consent in the Metaverse: Informed consent, continuous consent, default settings - Case Study: Meta’s (formerly Facebook) Compliance with GDPR in the Metaverse 5.1 Overview of Meta’s Biometric Data Collection Practices
5.2 Analysis of Meta’s Biometric Tracking Features
5.3 Issues of Consent, Profiling, and Transparency in Meta’s Metaverse
5.4 Enforcement Challenges for Data Protection Authorities in Cross-border Virtual Spaces
6. Future Legal Challenges and Recommendations for Protecting Consumers in the Metaverse
6.1 The Evolving Nature of Biometric Data and the Need for More Specific Regulations
6.2 Strengthening Consumer Control
6.3 The Role of AI and Machine Learning in the Metaverse; Adressing Ethical issues
6.4 Proposals for Amending the GDPR to Enhance Protection in the Metaverse
- Conclusion
In the first chapter:
Focus on the consumer. B2C relationship. AI ACT, DIGITAL SERVICES ACT.
Prove the link between who is the business and who is the consumer; can we look at users as consumers in the metaverse?
Look in the metaverse business model
Setting the foundations so that i can conduct my legal analysis
GDPR is not a consumer protection
Make it more consumer protection-focused.
Research question: take into account consumer protection legislation.
Have two sides, both data protection and consumer protection.
Why is consumer protection beneficial since data protection is not efficient enough?
Provide a more nuanced research question answer to the research question.
Compliance challenges→ how will I dive into that?
Look into terms of conditions and policies used in the Meta
SET THE SCOPE!!
First steps on what is data protection What is consumer protection, and how do they overlap?
DSA → in the metaverse, journal articles.
In the metaverse, what is the link between data protection and consumer protection?