Posted by 
In last week’s post, I broke down the basics of End User License Agreements (EULAs). As previously explained, EULAs lay out an agreement between consumer and provider. They are not written to protect the user, but they can act as a first line of defense for consumers by outlining what they agree to when they use a product. The effectiveness of which is highly dependent on the laws and enforcement in different localities. In this week’s post, we will look at ongoing privacy disputes in mixed reality technology in the global north, specifically in Germany/EU where I am currently living.
I chose to focus this post on a company for which the public already held a long list of privacy concerns well before they ventured into VR technology: Facebook/Oculus/Meta (FOM). I will refer to FOM as a single entity, as Facebook recently rebranded to Meta, and purchased key asset Oculus in 2014. Together, FOM are credited with bringing mixed reality to the masses by making virtual reality (VR) hardware and software cheaper and increasingly portable. In recent years, FOM flooded the virtual reality market with a new standalone device (the Oculus 2), bundled with its own ecosystem for a relatively affordable cost. With the resulting surge in VR use returned many questions that have plagued the company in the past, questions about privacy and ethics, now applied to a new technology with increased concerns.
FOM is currently attempting to bring all assets under one umbrella, but in preparing this post I had to investigate all three entities, as each has their own terms of service/privacy policies. This makes the user experience confusing – depending on what product you are looking at, some privacy policies loop back to a primary “Meta” policy. Therefore, you may end up with one of many different accounts falling under a few different terms of use. If that is not confusing enough, depending on the part of the world you are in, EULAs may guarantee you more (or fewer) rights, and these may be more (or less) enforceable. If you are in Europe, then your Meta product would fall under Meta Platforms Ireland and be subject to General Data Protection Regulation of the EU. In addition, as I am in Germany, Meta policies also have to adhere to German laws or policies for consumers and companies in this country, such as the Network Enforcement Act & Impressum (NetzDG).
This may all seem like a lot of mumbo jumbo, but why is it so important? In my last blog post I considered the End User License Agreements (aka Terms of Service) a “first line of defense” for consumers – but this is highly dependent on the locality where these terms are applied. In the global north, a consumer often has enforceable rights when it comes to data protection and privacy. Here in Europe, FOM has been in an ongoing battle over a number of privacy concerns brought to light both by watchdog groups and governments. In 2019, Germany’s Bundeskartellamt or Federal Cartel Office issued a ruling that strictly prohibited FOM from collecting and bundling data from its multiple platforms to build extremely detailed data profiles on consumers without their explicit consent. Just this past September, after a long-drawn-out hearing hampered by the COVID-19 pandemic, the European Union’s Court of Justice upheld the ruling. This court case exposed another problem with FOM’s data collection, its transfer. In 2020, the European Court of Justice took issue with the methods and security, or lack thereof, of data that is moved from servers in Europe to servers in the US. As there is currently no formal legislation on the matter, EU regulators are moving to initiate such legislation to end the practice. Earlier this year, in response to the EU’s stance on the issue, FOM said it may completely shut down its services in Europe if it cannot continue to send data over the Atlantic.
As we can see, in the Global North, consumers are afforded rights, privacy and protections according to the laws, enforcement agencies and watchdog groups in these regions. There are still significant privacy issues, but consumers have some amount of protection, and failing that, recourse. Despite this, technology companies are still mishandling data and violating citizens’ rights to privacy, and they are willing to utilize resources, financial or otherwise, to fight in court so that they can continue to do so. In my next blog post, we will examine what happens when such laws, agencies and watchdog groups do not exist – when there are other major issues on a government’s agenda and data governance is on the back burner – when large organizations are pushing advanced technologies, in this case VR for the purpose of development. Who owns or is collecting that data and what are they using it for?
-F. Ortiz
