Within minutes of logging into Facebook’s metaverse, Nina Jane Patel from London was verbally and sexually harassed by a group of male avatars. “It was surreal. It was a nightmare,” she wrote in a blog post on Medium, describing her experience as virtual gang-rape. But was a crime committed?
“That’s a very interesting question,” says Mark Cole, a professor at the University of Luxembourg specialising in media and telecommunications law. “And it’s not the first time it’s come up.” Virtual world Second Life launched in 2003 and raised many of the same issues that are being debated in the context of the emerging metaverse. Harassment and bullying are among them, but also contracts made between users, theft or fraud. “Legal scholarship started thinking about exactly these questions--can there be an application of laws which were designed for the real world also in the online world if it uses virtual representations of persons?”
It won’t take long until people bring these cases to court
In principle, says Cole, any law can apply to any context, but the devil--as ever--is in the detail. Who committed a crime against whom? How do you identify and locate the individual behind the online persona? The laws of which country apply in a virtual space? And then there are the laws themselves. If the definition of rape involves a body conducting sexual intercourse or activity with someone against their will, it could take a new definition of online rape to address Patel’s experience.
“It won’t take long until people bring these cases to court,” the professor says. Again, Second Life, its Linden dollar virtual currency and in-world vendor scams offer some insight into what’s to come. “There was a huge amount of losses, some people got very rich,” says Cole. “The same thing will happen here. And that’s why, when money gets involved, I’m quite sure Facebook will try and keep the space as clean as possible.”
As the metaverse develops, regulators will need to keep up, but this isn’t a new phenomenon, as technology has a history of first-mover advantage. “When the first cars were invented, there were no rules on traffic,” says Cole. “The frustration is the speed of the development.” One solution is to develop laws that apply to the largest context possible and provide flexibility in their application. This, for example, is the case for the EU’s general data protection regulation (GDPR).
Even if the metaverse makes available new types of personal data for processing, the GDPR’s framework should encompass this, even if specific add-ons might be needed as particular issues arise. And in case of perceived abuses, all it takes is one person to push back against flaws in the system, such as Austrian data activist Max Schrems, who brought down the EU-US data transfer mechanism Safe Harbour with his lawsuits against Facebook’s thirst for data.
The metaverse is also a promise, right? Who knows what comes next?
European Commission executive vice president and digital chief Margrethe Vestager in February said she is planning an analysis of the metaverse ahead of possible regulatory action. “We need to understand it before we can decide what actions would be appropriate,” she said during an online event. As with GDPR and the upcoming Digital Services Act, the EU’s joint heft could help set standards well beyond its borders.
“I do think we need to be very attentive of whether the existing data protection rules--but also rules on, for example, transparency of information, criminal law, private law, commercial law--are fit for any development that might happen,” says Cole. “Because the metaverse is also a promise, right? Who knows what comes next?”