GD-VR – What does virtual reality mean for data protection?

As (G)D(PR)-Day approaches, almost every sector will have people squirrelled away looking at what it means for them. The media and entertainment world is no different and may be more exposed to GDPR risks as ad-funded models expand and their core business is getting content into people’s homes, screens and memories.  

Virtual reality is a current hot topic in this space and 2018 will be a big year for VR technology. Many lower-cost devices that need no supporting hardware are coming to market, and household names like Disney, Sky, ITV and the BBC are pumping serious money into virtual content. The new Google Daydream, Lenovo Mirage Solo, Samsung Gear VR and Oculus Go headsets will all duke it out at competitive prices, and with a stronger content offering 2018 will see some compelling consumer propositions and big sales figures. 

So, with potentially millions more people buying into this tech, what does it mean for data protection? 

In ‘reality’ the VR business works like any other tech or media ecosystem in its reliance on interconnected software developers, content creators, manufacturers, distribution platforms and so on to work. Some firms are vertically integrated (see PlayStation VR) and other platforms (such as Samsung, Apple and Google) rely on tried-and-tested networks of third parties to deliver content in a way that fits their business models. 

In a liability sense this means VR shouldn’t be treated differently from other entertainment mediums. The same considerations such as data processing, IP and licensing, consumer rights, product safety and GDPR still apply, with each supply chain actor holding some form of responsibility for compliance.   

However, where VR does pose a challenge is that devices and apps need to talk to each other to crunch a tonne of new data types that didn’t exist before. Knowing where you look, how you move around, what direction you’re facing etc are vital data sets for VR to work and are all Bits and Bytes that need to be processed to deliver an effective user experience. Whilst alot of this information will be anonymised and stored locally on the device, it is not a stretch to say this is some of the most personal of personal data and consumers may have a different attitude to how this data is used. 

Down the line, it is inevitable ad-tech land will develop innovative ways to commercialise this data, and it’s reasonable to assume that because VR content is inherently more immersive than say a TV programme, an advert or intrusive content disrupting what an individual is doing in the virtual world will probably annoy or affront them more as it literally in their face.  

For those entering the VR market there’s a real need to recognise that even if the liability regime is like other entertainment forms, the interaction with VR content is more intimate, immersive and intensive. This means companies wanting to build trust in this new tech should tread carefully and understand that consumers may have even higher expectations around how data generated in immersive experiences is handled. 

For more from techUK Data Protection Week, visit our landing page. 

  • Craig Melson

    Craig Melson

    Programme Manager | Digital Devices, Consumer Electronics, Export Controls and Environment and Compliance
    T 020 7331 2172

Share this


"This project showcases British technology at its best," says @fjoshi. Find out more about techUK member @Mvine's w…
ICYMI: Last week, #techUK launched its latest podcast looking at how we can spark #reskilling & #retraining revolut…
Event reminder: join our roundtable this Wednesday to hear insight from industry, local and central government on h…
Join us online for the #techUKSmarterState conference on 16 & 17 September. The event will bring together leaders…
Become a Member

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...