NEWSLETTER No 35 // Thursday 8 December 2022
|
|
|
|
METAVERSE: TIME FOR REFLECTION!
|
|
|
|
This month, La Lettre du DPO interviewed Professor Michel Beaudouin-Lafon, renowned academic who has won awards for his work on human-computer interaction and is a committed member of the prestigious ACM (Association for Computing Machinery), and Arnaud Tanguy, President of the Cercle de la Donnée (an independent and interdisciplinary think tank producing forward-looking reflections on data and digital technology). They have provided La Lettre du DPO with their view on the need to protect data generated in the metaverse and, more generally, on the very real impacts that the metaverse will have on the world and society.
A hot topic. It is the new buzzword in the world of Tech, but also within the large and emblematic companies that have recently announced their positioning in the metaverse: Nike (with the launch, in April 2022, of a pair of virtual trainers – associated with a non-fungible token (NFT) – that can be worn by an avatar), Axa (with the opening in the metaverse of an insurance agency affiliated to the Axa network, in March 2022), or Louis Vuitton (with the launch, in 2021, of a video game retracing the history of the brand and enabling players to buy virtual items to dress their avatar). The digital industry has not been outdone and is also making substantial investments in this area: Microsoft, for example, announced in early 2022 that it is in the process of buying Activision Blizzard (publisher of “Call of Duty” and “Warcraft”, immersive video games that are considered as precursors of the metaverse) for nearly $69 billion, and Meta (formerly Facebook) invested $10 billion in 2021 in metaverse technologies. To understand this craze, we need to look at the estimated revenues that could be generated by the metaverse economy (known as “metanomics” – the combination of the terms “meta” and “economics”): nearly $5 trillion by 2030 (according to a McKinsey study published in June 2022).
The metaverse: a long history. Originating from science-fiction (the fantasy of a fusion between the real/natural world and virtual/artificial worlds, which would make it possible to improve our capacities by better satisfying our desires), the concept of the metaverse (a term dating back to 1992, when it was used in the novel “Snow Crash” by Neal Stephenson) found its first significant incarnation in “Second Life”, a massively multiplayer online game launched in 2003, which was quickly challenged by the then emerging social networks.
A concept that is still nebulous, with uses to be invented. In this period of fervour, largely maintained by the Tech giants who are attempting to promote their investments in the area, the metaverse is touted as: (1) being virtual (digital), (2) being synchronous (events take place in real time, with zero latency), (3) having no limit (especially in terms of the number of users), (4) being persistent (it cannot be reset, paused or stopped), (5) having its own economic system (users can buy digital goods, and often pay for them via a crypto-currency that is sometimes specific to the platform), (6) being immersive (thanks to the use of connected devices such as headsets or bracelets for example, which enable a digital twin - called an avatar - to follow the movements of the user who controls it and who, in return, will perceive certain sensations resulting from events taking place in this virtual universe), and (7) plural (there is not only one but several metaverses, which are not natively interoperable). Among these characteristics, only the last two truly distinguish the metaverse from the Internet (the latter being equally digital, synchronous, having unlimited users, persistent and having its own economy): its immersive nature and its plurality. On this last point, the big challenge for the metaverse(s) will be to be interoperable, in order to maintain the greater logic of openness that presided when the Internet came into being. The main uses of the metaverse imagined to date are still in their infancy: leisure (concerts, games, cultural exhibitions, theme parks, etc.), professional activity (daily remote work, professional training, etc.), new ways of marketing products/services (such as improving the customer experience by testing products or services via virtual visualisation), creation of new sources of revenue (with, for example, digital goods such as NFTs, a kind of ”digital twin” of physical goods, provided upon purchase of the latter).
Before a “Metaverse Act”, we should apply the law to the metaverse, within which data protection is key. Voices are already being raised to question the law that will apply to the metaverse(s), a bit like for the Internet, which - in the early 2000s - raised similar questions. It is as if common law did not a priori have a natural vocation to be applied. These same voices wonder whether the metaverse is subject to criminal law [with its offences of damage to property (theft, fraud) or to people (violence, harassment, etc.)], to civil law (respect for private life, etc.), to contract law and consumer law, or even to civil liability law. On reflection, the challenge for legal professionals will be to show imagination and creativity in the exercise of legal qualification, by mobilising the arsenal of existing texts, before calling too quickly for the adoption of new texts (one or more “Metaverse Acts”). In any event, one thing is clear: data protection will be key in metaverses, where all interactions between avatars (conversations, transactions, etc.) will generate digital data. More than ever, the logic of impact analysis, introduced by the GDPR, is relevant. A subject that lawyers and DPOs cannot ignore!
|
|
|
|
“IT IS IMPERATIVE TO APPLY THE SAME RULES IN THE METAVERSE AS IN THE PHYSICAL WORLD”
|
|
|
|
Michel Beaudouin-Lafon is a renowned academic who has won awards for his work on human-computer interaction and is a committed member of the prestigious ACM (Association for Computing Machinery) - the largest international learned society dedicated to computer science. He is interested in the metaverse and urges measuring its impacts, which, far from being virtual, he considers will be very real. For La Lettre du DPO, Professor Beaudouin-Lafon looks back in detail on his committed career and provides us with his vision of the future of this evolution of the web and its impact on society, which he calls on not to be left outside the law.
|
|
|
|
1/- What is your background, and what led you to take an interest in digital technology and data?
After attending a school of engineering in computer science, I embarked on a thesis at the Université Paris-Sud (now Paris-Saclay) where I still teach. During this thesis, I discovered the fundamental aspects of human-computer interaction ("HCI"), which I made my field of research for the rest of my career, and which triggered my interest in the design and development of digital tools, taking into account their societal and ethical impacts. HCI is a discipline that is the interface between technology and humans. What interests me is seeking to design systems that are best adapted to the needs of users and above all to human capabilities, and not only driven by what the machine can do. To achieve this, the role of data is important, as it enables designers of digital tools to try to better understand the habits, and perhaps also the needs, of users. This is the reason for my interest in data.
2/- What are your current responsibilities and projects in this regard?
First of all, I shall start with my responsibilities. At the national level, I was Chair of the Department of Science and Technology of Information and Communication (STIC) at the Université Paris-Saclay and, since March 2022, I am deputy director of the LISN (Interdisciplinary Laboratory of Digital Sciences, common to Paris-Saclay, the CNRS, CentraleSupélec and Inria). I am also head of the ‘Continuum’ project, a national network of 30 large interactive visualisation platforms, funded by the PIA (Plan d’Investissement d’Avenir). This project aims to respond to the problem posed by increasingly powerful machines that collect and generate such large volumes of data that it becomes very difficult to visualise them: by working on what I call a ‘digital macroscope’, which is a tool that enables us to ‘see’ this data, we are creating solutions that make it possible to understand this data and thus make it usable. At the international level, I am involved in the ACM (Association for Computing Machinery), the largest international learned society dedicated to computer science, where I serve as Vice-Chair of the Technology Policy Council, informing decision-makers and policy-leaders about the challenges and dangers of digital technologies. In this context, I took a keen interest in the GDPR, and am currently interested in the future economic, societal and political impacts of the metaverse. Secondly, to tell you about my projects, I shall mention two that are related to the metaverse: I was awarded funding from the European Research Council (ERC) for a research project related to the future of our digital user interfaces, and I co-direct a national exploratory project called eNSEMBLE on the future of digital collaboration. The concepts I develop in these projects can perfectly well apply to the metaverse. For example, while in the physical world we know how to easily use an object in an unexpected way (for a use other than that intended by its designer), this is not the case in the digital world. We are therefore seeking to broaden the possibilities of digital tools, which implies more interoperability and in turn requires improved access to data, hopefully breaking down the ‘walled gardens’ in which digital companies confine us.
3/- What is your vision of the future of digital technology, and more specifically of the metaverse?
In my opinion, there are three main reasons for the metaverse craze. Firstly, the digital giants (in particular Facebook, renamed ‘Meta’ for the occasion) are seeking a vector of growth and believe they have found it by making the use of digital technology more immersive, and are communicating at great expense to promote their investments in this area. Secondly, these same companies want to create a new market by multiplying the amount of data collected, which will then be monetised. Lastly, the metaverse is an easy, and therefore tempting, means of existence for all those who prefer to hide behind an avatar rather than face reality; if this technical shield can be a precious tool in certain therapies, and enable some people (disabled people, for example) to free themselves from the critical gaze of others, it can also serve as a mask for others to savagely indulge their worst impulses (sexual or verbal assault, etc.) via their avatar, not to mention the scams linked in particular to NFTs. I consider that it is imperative to apply the same rules in the metaverse as in the physical world because, undeniably, the metaverse will have real impacts on people’s lives.
|
|
|
|
The underlying idea of the metaverse is [therefore] to empower Internet users by creating a “decentralised” Web
|
|
|
|
Arnaud Tanguy is president and founding member of the Cercle de la Donnée, an independent think tank bringing together professionals interested in the uses of data beyond its technological dimension. Passionate about innovation and technology, with a degree in engineering and a former officer in the French Navy, Arnaud Tanguy has also worked in the audit and consulting sectors, specialising in digital transformation and information security. He is a regular speaker in broadcasts and at conferences dealing with the opportunities and risks associated with the metaverse. He has agreed to share his views on this subject with La Lettre du DPO.
A promise of a user-driven Internet that encourages interaction and collaboration. One of the particularities of the metaverse is that it enables independence from large groups and the economy. Online platforms today are very centralised and controlled by a handful of large companies, such as Meta (Facebook’s parent company). The key to the metaverse is Web 3 (a decentralised version of the Internet based on blockchain) which enables direct interaction and highly decentralised activities. All this is made possible by the “coming of age” of certain technologies such as blockchain and NFTs (non-fungible tokens). The underlying idea of the metaverse is therefore to empower Internet users by creating a “decentralised” Web by enacting rules close to community values aimed at being freed from commercial pressure. The metaverse also makes possible the emergence of “digital twins”, i.e. the replication of reality in a virtual world in conditions close to the real world. This makes it possible to test innovations at lower cost. For example, in the medical field, the idea is to work on the virtual double of a patient to better prepare for surgery. The aim is to reduce risks and improve safety. Lastly, one of the other positive ideas of the metaverse is the proposal of a more harmonised and unified vision of the uses of the Internet, which to date are somewhat fragmented.
A technology in its infancy, with major challenges to reach maturity. We are in the early stages of a technology that is a source of multiple issues. With regard to users, there is the question of acceptability. Will they adhere to it? Especially as it is relatively complex to use. Indeed, using the metaverse today can be seen as a tough battle, especially because it implies a good understanding of how cryptocurrency works and being familiar with the platform to which one must connect. In addition, there is the question of whether users would find it worthwhile entering the metaverse. The promise of full interaction implies regular monitoring of user activities, which could be perceived as surveillance. Lastly, there is a potential public health issue. The metaverse seeks to be intrinsically immersive, using 3D-generated universes accessible through devises such as virtual-reality headsets. There is therefore a risk of people adopting a sedentary lifestyle, losing awareness of their physical integrity, sitting on a sofa with a headset covering their eyes, cutting them off from the real world. Hyperconnectivity to the machine would in a way lead to a disconnection from the body.
|
|
|
|
Report of the mission on the development of the metaverse: the desire to bring together French players around a common horizon
|
|
|
|
After the successive missions on cloud computing, blockchain, virtual and augmented reality and lastly non-fungible tokens (NFT), the Minister of the Economy, Finance and Recovery, the Minister of Culture, as well as the Secretary of State for Digital Transition and Electronic Communications, wanted to set up an exploratory mission on the development of the metaverse.
The aim of this exploratory mission was to present, within a short time, the challenges of the metaverse for France. It therefore submitted an initial report on the subject on 24 October 2022. In this latter it sought, on the one hand, to clarify the terms of and the main players in the metaverse and, on the other hand, to outline a strategy for France, in particular by proposing lines of thought so that the public authorities can quickly take up the essential projects for developing such a strategy.
For more information, click here
|
|
|
|
The software publisher Discord is found guilty of several GDPR violations
|
|
|
|
Founded in 2015, the American company Discord Inc. markets a communication software of the same name originating from the field of video games. Since the year 2020, marked by the global lockdown, the Discord tool has rocketed to the rank of one of the five most downloaded applications in France. Having become a kind of social network enabling its users to communicate orally and in writing, the popular application among the gaming community has however just been sanctioned by the CNIL with a fine of 800 000 euros. Various breaches of the GDPR are at issue, including (i) the absence of a retention period policy, which led to the retention of inactive user accounts for more than two years, (ii) the resulting lack of information for users, (iii) the failure to comply with the principle of privacy by default relating to the technical procedures for leaving a voice chat room, (iv) a lack of policy for defining and managing sufficiently robust and binding passwords, and, lastly, (v) the failure to carry out an impact assessment, which was necessary because of the volume of data processed and the possibility of use by minors. Discord has taken note of these shortcomings, which it has since partially rectified, justifying the low amount of this penalty in comparison with the company’s multi-million-dollar turnover.
|
|
|
|
Facial recognition: CLEARVIEW AI sanctioned by the CNIL to the tune of 20 million euros
|
|
|
|
CLEARVIEW AI, a US company specialising in facial recognition, has been extracting photographs – considered as particularly sensitive biometric data – from numerous websites, including social networks, without the knowledge of the individuals concerned, in order to enrich its software that is used in particular by law enforcement agencies to identify a person on the basis of his/her photograph.
Following complaints received from individuals, alerts issued by the association Privacy International and a formal notice, the CNIL sentenced CLEARVIEW AI on 17 October 2022 to the highest possible fine for non-compliance with the GDPR, i.e. 20 million euros, for the unlawful processing of personal data, the failure to respect the rights of individuals and the lack of cooperation with the CNIL, and ordered the company to cease collecting and processing, without a legal basis, the data of individuals located in France and to delete the data already collected.
|
|
|
|
Friday 2 December 2022 from 12:00 to 12:45 |
|
|
|
Webinar “Privacy-preserving AI techniques: overview and perspectives” organised by the CNIL
|
|
|
|
This Webinar will focus on new privacy-preserving techniques applied to artificial intelligence, which are the subject of major research efforts, both in academia and in industry. Among these new techniques, the most convincing ones and the obstacles they overcome will be detailed.
The Webinar will take place from 12:00 to 12:45 and is aimed in particular at professionals in charge of data protection (DPOs) and of information systems (CISOs).
For more information, click here
|
|
|
|
The Intellectual Property and Digital Law Team at klein • wenner
Fortified by in-depth experience, klein • wenner's attorneys in the Intellectual Property and Digital Law Team, who are experts in the digital sector and in GDPR, have developed a transversal practice unique in the area of data law. We work with other experts (in cybersecurity, SI/data governance and other areas), and our team offers a global, cooperative approach to all issues relating to data (privacy, intellectual property, cybersecurity and open data - *with klein • wenner's Public Law team).
|
|
|
|
La Lettre du DPO is a publication of klein • wenner which processes your data in accordance with the regulation regarding personal data. To learn more, click here
|
|
|
|
|
|
|
|
