The Metaverse Will Blur the Lines Between Physical and Online Privacy

October 26, 2022


The metaverse is still a bit of a mystery. Though it will soon begin to integrate physical and virtual worlds, no one has the answers as to exactly what that merge will look like.

On this episode of Privacy Abbreviated, hosts Dona and Catherine are joined by Tracy Shapiro, a privacy expert, and partner at Wilson, Sonsini, Goodrich, & Rosati. Together, they discuss the many questions related to how virtual reality will force privacy standards to evolve in the coming years. Though no one has concrete answers yet, Tracy offers her predictions on the most likely outcomes.

Listen now to learn what to expect in the metaverse. Will you have more privacy or less?



Related Resources

The Good, the Bad, and the Grey of Targeted Advertising

CARU Issues Compliance Warning for Child-Directed Advertising in the Metaverse

Advertising And Privacy: The Rules Of The Road For The Metaverse



Show Notes

0:00-0:40 In episode three of Privacy Abbreviated, hosts Dona Fraser, Senior Vice President of Privacy Initiatives at BBB National Programs, and Catherine Dawson, General Counsel and Chief Privacy Officer of Osano, sit down to discuss the privacy concerns of the metaverse.

0:41-1:57 This episode features Tracy Shapiro, a partner at Wilson, Sonsini, Goodrich, and Rosati. Tracy has been with the firm in their privacy group for nearly a decade. Her role is to advise companies on how they can process consumer data. She also works with clients to spot red flags in project launches and help them with compliance issues and privacy laws.

1:58-4:39 To start the episode, Dona asks Tracy to describe the metaverse and what she believes it entails. She shares that the metaverse is a term used to describe the virtual world that exists online. It’s a place where you can interact with other people in various ways, including through social media, gaming, and even shopping. While the metaverse offers many benefits, it also raises some significant privacy concerns. For example, when you share information in the metaverse, you may not be aware of who else can access it. Additionally, your interactions in the metaverse can be tracked and used to create a profile of you without your consent. As the metaverse continues to grow and become more popular, it’s important to be mindful of these privacy issues and take steps to protect yourself.

4:40-5:12 Dona then asks Tracy what she foresees to be some of the biggest privacy challenges for companies whose primary business operations are intended to be in the metaverse. Tracy says she thinks the challenges exist in two categories: logistical compliance challenges and philosophical privacy challenges.

5:13-7:02 Tracy explains that she feels the world will be able to adjust existing laws as everyone did when mobile apps or IoT devices became a thing. She notes that lawyers have always had a “moment of panic” around how they will apply existing privacy laws to our clients’ new technologies. Tracy provides two examples of situations involving privacy notices and how to obtain consent from users properly. She ends her first point by stating that she feels one challenging question and one unknown is whether there will be interoperability in the metaverse moving forward.

7:03-7:55 Regarding the high-level privacy challenges, Tracy says one of the more complex issues is that the metaverse seems to straddle this space between an online experience and an experience that’s like the physical world. She feels that figuring out which rules of the road apply—the online or offline rules—will be one of the big challenges. Tracy uses the example of location tracking, for instance. There are privacy laws and industry standards that apply to the collection of an individual’s precise geolocation information. She says there’ll be a looming question of whether or not people’s precise location will be revealed or if it will be similar to visiting a website where your location information is coded.

7:56-8:54 She exacerbates her concerns by providing an example of virtually bank visits, doctor visits, yoga, or visiting a rally. With our current state of technology, it could be ascertained that these are four unique visits in four separate and distinct locations. She is concerned about whether movements in the metaverse will be akin to tracking real-world physical movement patterns. Tracy then brings up a valuable point about consumer expectations and the user experience. She asks  whether the consumer expectations of how privacy is managed in the metaverse are more aligned with the real world or more akin to your traditional online experience.

8:55-29:41 Catherine shares that she agrees with the multiple concerns brought about by Tracy’s questions in conjunction with the logistical uncertainty of how the metaverse will tackle these issues in the coming future.

29:42-30:11 To close the interview, Dona asks if there are any areas or issues that Tracy thinks we should be paying extra attention to and what changes does she expect to see in the next year? 

30:12-31:12 Tracy answers by saying that she believes government surveillance in the metaverse will be an essential issue to consider. She circles back to her original points regarding whether or not a person has the reasonable expectation of privacy in the metaverse. Tracy drives her point home by bringing up the topic of terrorism. “If the government suspects I’m hosting a meeting with suspected terrorists in my (virtual) living room, would coming into my home constitute a search? Does the fourth amendment apply? Maybe courts will conclude there’s no reasonable expectation of privacy at all.”

31:13-32:27 With virtual properties being an intangible yet accessible form of property, Tracy states that there is a very real issue regarding the expectation of privacy that a person has in their home—extending to a virtual or digital home. She leaves listeners with an important question, “Will I have that same right to privacy when I exist in this online world, or is that only going to exist when I am in my actual physical body?” 

Subscribe to Privacy Abbreviated to receive and email notification when new episodes air.

Latest Podcasts


Breaking Down AdTech: Cookies and Pixels and SDKs, Oh My!

This episode of Priv breaks down the most talked about issues in the adtech space, including the impact of the death of the cookie, the focus of regulators on the newest kid on the block - the pixel, lessons learned from recent SDK legal cases, what all of this looks like for children and teens, and what the legislative and regulatory road ahead looks like.

Listen to the Podcast

Ad Watchers: The best subject in advertising law: Is it puffery?

For this episode of Ad Watchers, join us for Eric’s favorite ad law topic: puffery, an exaggerated, blustering, or boastful statement or general claim that could only be understood to be an expression of opinion, not a statement of fact. But where is the line between puffery and a claim that needs a reasonable basis?

Listen to the Podcast

Cross Border Privacy Rules Goes Global: A Deep Dive on CBPRs

Privacy professionals are faced with what seems like a never-ending, sometimes overwhelming stream of new privacy laws and regulations, both here in the U.S. and abroad. In this episode of Priv, host Dona Fraser is joined by Victoria Akosile, Deputy Director of BBB National Programs Privacy Initiatives to take you from APEC to global CBPRs, explaining all of the acronyms in...

Listen to the Podcast

The Evolution of Advertising in the Children’s Space

In 1974 the Children’s Advertising Review Unit (CARU) was established to protect children under age 13 from deceptive or inappropriate advertising. Over the years, CARU expanded to address new media platforms, new advertising techniques, and to ensure that children’s data is collected and handled responsibly online. Join us to discuss how advertising has changed, identify CARU’s...

Listen to the Podcast