By Julia Griffith

Virtual reality has taken the world by storm over the last few years, with around 171 million users around the world, and revenues in the hundreds of billions of dollars annually. Virtual reality refers to a three-dimensional, computer-generated environment in which a user may interact through the use of a helmet or headset. Virtual reality devices use sensory perceptions, such as sight, sound, and touch to mimic reality, and users interact with the environment while the system responds to the user’s movements. A few of the most popular virtual reality devices include Oculus Rift and Google Cardboard. Though virtual reality allows an escape from the real world, users must be cautious of how to protect themselves and their personal information.

Perhaps more frightening than any other form of technology that may be aware of basic personal information such as your age, address, and social security number, virtual reality has access to your physical movements and potentially even your brain waves. One can predict that the information these devices will be able to gather in the future will extend further to things such as the user’s heart rate and entire body movements.

All virtual reality apps collect and share their users’ information, and thus are required to post a privacy policy. In general, these apps collect three different categories of data: personally identifiable information, non-personally identifiable information, and aggregate information. The trouble with this area is that these virtual reality headsets actually require certain information in order to track the user’s movements, and users likely assume that the only use of this information is the improve their experience. Not only are movements tracked, but virtual reality headsets often listen to the users, again to improve the experience.

Along with the wide variety of information virtual reality users are giving away, whether or not they are aware of it, they may also be sharing this information across many different platforms. Users often link their computers to their smartwatches, increasing the chances that this information will fall into the wrong hands. Additionally, virtual reality apps often require verification by linking their use to various social media accounts, allowing more information to be shared and giving more opportunity for access to such information.

The use and popularity of virtual reality apps will only grow in the coming years, and users need to be aware of what information they are sharing, and where it is going. Not only is the general use of virtual reality devices growing, but the ways in which people are using them is expanding as well – ranging from higher education to pornography. It follows that the types of information that may be gathered about users will become more invasive as technology continues to improve. The responsibility of informing users of their rights and the risks of sharing personal information must fall on the developers of these virtual reality apps. However, it is also up to the user to carefully read any privacy policies they are asked to agree to before entering into the world of virtual reality. This is particularly important because many virtual reality users are minors, and they may not think about the fact that they are sharing personal information, and the dangers that go along with this. To date, the law is not entirely clear on the rights of virtual reality users and their personal information, but perhaps in the years to come, the courts and lawmakers will set uniform standards for companies that create these devices, and for users as well.

Student Bio: Julia Griffith is a second-year student at Suffolk University Law School and a staff member of the Journal of High Technology Law. She graduated from Le Moyne College in 2015 with a Bachelor of Arts in Political Science and a minor in Spanish.

Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.