The metaverse has been described as the future of the internet. Although its development remains at an early stage, established and emerging companies are spending millions developing metaverse technologies. While a virtual-reality parallel universe is likely several years away, as we have seen with the conventional internet, entirely new areas of law have developed to address the online world. Cyberattack or data breach class actions have become common. No matter what form the metaverse ultimately takes, the law will develop in response.
This bulletin is the first in a two-part series that considers the unique legal issues that the metaverse might raise. Here, we focus on the litigation challenges posed by the metaverse, with a focus on potential privacy and product liability litigation. In our next bulletin, we will look at key regulatory privacy considerations for organizations considering launching in the metaverse.
WHAT IS THE METAVERSE?
The term “metaverse” is used in different ways. Here, we use it to mean a 3D version of the internet – an immersive digital world that exists in parallel to the physical world, with which you would interact using a virtual reality headset. Imagine having a parallel digital life, where your avatar exists in a digital world and can meet with other people’s avatars within a single digital space. You might own virtual real estate in the metaverse. You could visit a store and buy virtual goods – or a virtual office where you attend a virtual meeting with the avatars of real-life colleagues.
In the most idealistic visions of the future, the metaverse will be fully interoperable. You and your virtual possessions could move seamlessly from the digital space maintained by one platform to that maintained by another. Perhaps a more likely future is where the metaverse exists as a series of “walled gardens”, where each platform’s virtual space is a closed system that is not compatible with others.
PRIVACY LITIGATION IN THE METAVERSE
If the metaverse develops as anticipated, it will involve the collection of an unprecedented amount of data about users. Platforms could (as they do now) collect data about what users buy in the metaverse, what they look at, and their conversations with other users. However, because a user’s access to the metaverse would be through a headset, much more data could be collected – for example, relating to user movements, physiological responses and perhaps even brainwaves – that will give platforms a deeper understanding of their users’ thought patterns and behaviours.
The bulk of privacy litigation related to the conventional internet in common law provinces has focused on the tort of intrusion upon seclusion, which addresses the snooping scenario – where a defendant intentionally intrudes into the plaintiff’s private affairs in a manner that would be highly offensive to a reasonable person. In addition to a data breach scenario, it is possible to envision other metaverse cases of intrusion upon seclusion. If it is possible to buy virtual real estate in the metaverse, for example, a defendant could be liable for snooping in a plaintiff’s virtual home. Or imagine a scenario where a defendant compromised the plaintiff’s headset and so could follow their movements, conversations and perhaps even thoughts. Given the sensitivity of data that the metaverse could collect, the stakes would be high.
While existing privacy causes of action could be applied in the metaverse, courts or legislatures may seek to create new causes of action. Could a metaverse operator be liable for negligently failing to prevent a cyberattack that resulted in the compromise of user data? If a metaverse user breaches the privacy of another user, could the platform be liable for failing to prevent the breach? Time will tell how the law develops in response to these challenges.
The metaverse is projected to result in a vast market for virtual and physical products available for purchase and use by customers. Software, virtual non-tangible items, and hardware like headsets and glasses are just a few examples. Accordingly, developers, manufacturers, licensors, vendors and others in the industry may be at risk of metaverse-related product liability claims brought by metaverse participants and users of these products.
Several kinds of potential product liability claims in connection with the metaverse may arise in the future. By way of example, product liability claims could result from scenarios where individuals sustain personal injuries while immersed in the virtual or augmented reality of the metaverse world. Further, property damage or economic loss claims could arise where participation in the metaverse or use of related hardware gives rise to an incident that destroys property. Metaverse users may also be sued by other users for their conduct in the metaverse as it relates to another person or avatar.
The metaverse, no matter how it develops, will undoubtedly give rise to novel legal questions and issues. Above, we have summarized the litigation challenges posed by the metaverse, with a focus on privacy and product liability litigation. In our next article on this topic, we will look at key regulatory privacy considerations for organizations considering launching on the metaverse.