The metaverse holds promises for digital IDs, risks for biometric data
A virtual world where billions of people live, work, buy and interact with each other: This is the vision of the metaverse, what some experts believe to be the next iteration of the internet.
To do all this shopping and interacting, the metaverse will require digital ID technologies, according to observers from the World Economic Forum. And it will also need new virtual and augmented reality devices that collect biometric data, potentially exposing users to privacy risks.
The metaverse could be a solution for people without IDs: WEF
The metaverse has the potential to help billions of people in the world access digital identities. But to achieve that goal, the world will have to establish the necessary digital infrastructure and increase access, a new report from the World Economic Forum (WEF) claims.
“The metaverse may offer a new means of providing identities to those who do not currently exist in ID systems and serve as a potential pathway towards inclusive access to educational, financial and other services,” says WEF’s report titled “Social Implications of the Metaverse,” published in July with Accenture.
The metaverse is expected to spark a whole new economy with identity infrastructures, new financial assets and services appearing to serve customers. Accenture projects the value of the metaverse to $1 trillion in the next three years with the generative AI expected to boost its creation and growth. The adoption of the technology will hinge on the ability to combine identity, money and virtual assets seamlessly, the report notes.
And while some applications such as media or entertainment may rely on anonymous or pseudonymous identities, banking, education or work-related experiences may require legal identification. Anonymous IDs may create risks but those can be mitigated by promoting a trust network allowing individuals to request trusted digital IDs and proof exchange protocols to exchange proof of identity in a privacy-preserving way.
“There are trade-offs to data privacy that must be considered, as well as complications related to cybercrime, financial crime and other abuse that may arise from a user being able to create multiple IDs,” the report states.
WEF has released an additional paper titled Metaverse Privacy and Safety.
More metaverse could mean more biometric surveillance
While the metaverse may hold some promising solutions for digital IDs, experts are also warning that it may pose a unique risk of surveillance.
Extended reality (XR) technologies, also known as virtual (VR) and augmented (AR) reality, often use biometric identifiers and measurements alongside real-time location and “always-on” audio and video recording technologies. This raises concerns about user privacy and security, according to Elizabeth Renieris, senior research associate at the Institute for Ethics in AI at Oxford University.
XR devices can capture information such as voice, iris, pupil movements and gaze, gait and other body movements, location information, device information and identifiers and more, Renieris says in her book Beyond Data: Reclaiming Human Rights at the Dawn of the Metaverse, published in February.
When these devices are combined with biometric identification systems, such as facial or voice recognition, they might also expose individuals that happen to be in the surrounding area without their knowledge or consent. Currently, few laws and regulations cover these scenarios which could mean that we end up in a society with constant surveillance in public or semi-public spaces.
“The rendering and datafication of these activities into digital information raises traditional and novel data protection concerns, despite the inadequacies of existing laws that pertain to personal data and frequently require the identifiability of individuals,” says Renieris.
What will happen to KYC in the metaverse?
Web3 and blockchain technologies are expected to help build the metaverse, providing immutable identities, tokenized digital ID and allowing ID holders to have digital property rights and data ownership. But it could also help increase the efficiency and security of Know Your Customer (KYC) data management, writes industry media Finance Magnates.
“KYC data is stored on immutable blockchain networks, reducing the risk of data breaches and unauthorized access. With cryptographic keys granting access to specific data points, individuals have more control over who can access their personal information,” the report says.
Web3 could also eliminate multiple KYC checks by enabling individuals to verify their identity through a trusted service and carry their verified identity attributes across different platforms and services. Businesses are likely to shift towards adopting self-sovereign identity (SSI) for a more efficient and secure KYC process, the report concludes.