The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO’s favourite weekly read ☕️

Data protection and the metaverse

So being a DPO in one reality is hard enough, right? But what about the metaverse?

It turns out there’s a lot of data collection going on inside, with a typical 20-minute VR session generating around 2m unique data elements.

That’s a lot of potential risks, as Rupantar Guha, a principal thematic analyst at GlobalData, explained in a recent podcast:

The use of augmented reality, virtual reality and advertisement will be integral in the metaverse, which in turn will drive data privacy concerns to the fore,” he says. “As a result, regulators worldwide will force metaverse developers to address existing privacy issues associated with the underlining technologies. So that’s where we see issues arise.”

Clearly, we need updated privacy laws that protect users in the metaverse. But, as with new technology, this can take time. We’ve seen how long it’s taken for big tech and social media to become regulated. With some believing that the regulation doesn’t go far enough.

Privacy in the metaverse needs to be carefully considered and protected both by users, regulators, and companies - that should start implementing privacy by design when developing technology that we could potentially be so dependent upon.

Data protection and mental health

Many apps dealing with sensitive topics from depression to anxiety have been found to ‘fail spectacularly’ at user security.

According to Mozilla’s latest Privacy not included guide, despite the deeply personal information these apps manage, they routinely share data, allow weak passwords, have vaguely written privacy policies, and target vulnerable people with personalised ads.

For apps that should be used to deal with sensitive data, it’s very eye-opening to see just how poor their approach to data management and privacy can be.

As Mozilla’s Privacy not included lead stated, “Turns out, researching mental health apps is not so good for your mental health.”

Visualising the biggest data breaches

I’m usually reporting back to you loyal readers the latest data breaches, fines and other compliance-based reprimands.

This week I’ve loved getting stuck into this visualisation of the 50 biggest data breaches over the past few years.

Interesting links

• The Federal Government proposes the American Data Privacy and Protection Act (DPPA).

• Why are data protection professionals always portrayed as the negative, bad guys in the room? This one argues that we still need to talk about data protection.