Metaverse Compliance Report (VIII) Data Compliance

Since the concept extension and specific functions of the Metaverse world have not yet been clarified, many companies developing the Metaverse concept in China have adopted the practice of building multiple application scenarios and linking them.

The connection of the scenarios inevitably involves the transfer of user traffic, and the transmission of such user data has become a risk for Internet companies to be suspected of administrative violations in recent years . For readers’ reference.

The current state of regulation for data compliance

The strong supervision of user data began many years ago when the amendments to the Criminal Law included the sale and transaction of personal information into the scope of regulation. With the intensified use of user data by Internet companies, around 2019, various administrative agencies have successively issued normative documents on the use of user data by APPs, and the corresponding administrative penalty notices have also been reported one after another in recent years. The increase in the amount of fines and the richness of punishment methods make the necessity of data compliance at the regulatory level constantly increasing.

At present, there are three main administrative agencies that supervise data compliance: the first is the Ministry of Public Security , the second is the Cyberspace Administration of China , and the third is the Ministry of Industry and Information Technology . Although the matters regulated by the three are generally the same, their focus is different, and passing the inspection of one of the regulatory authorities does not mean data compliance .

According to 2021 statistics, the issue with the largest proportion of regulatory notices by the Ministry of Industry and Information Technology is ” violating the collection of personal information “, and the issue with the most regulatory notices from the Cyberspace Administration of China is ” violating the principle of necessity and collecting personal information irrelevant to the services it provides “. The problem with a large proportion of the Ministry of Public Security’s regulatory notices is that ” all the privacy rights applied for are not expressly indicated to users “.

Hundreds of reported cases of punishment in recent years mean that the Metaverse world, which holds a large amount of user data, cannot be independent of the norm, and data compliance of the Metaverse world is the key to continuing operations.

Why the Metaverse World Needs Data Compliance

From the perspective of common reasons, APP is the main area where data compliance problems occur

The Metaverse world is inseparable from the sale of NFTs, and most of the major platforms do not allow “virtual commodity” transactions in order to avoid risks. Therefore, building an APP to conduct business has become the first choice for entering the concept of the Metaverse. With the improvement of personal information protection, APP privacy data compliance has become a key issue for regulatory authorities. If compliance is not done well, it may face administrative penalties such as APP removal and large fines.

For characteristic reasons, the business model of the Metaverse world requires data compliance

First, as mentioned above, companies that develop the concept of the Metaverse in China mostly adopt the practice of building multiple application scenarios and correlating them. The correlation of scenarios often involves the transfer of user traffic , in which there is a large amount of data transmission. normative issues.

Second, the specific content and functions of the Metaverse world are relatively complex, involving different types of APPs and requiring different types of user data: if a specific application scenario involves payment functions, users are required to provide personal identity information, personal financial information and other content, such as For specific application scenarios involving AR functions, users are required to provide camera permissions, location information, and other content. It is necessary for the operator to adjust the scope of data collection in the user agreement according to different functions to avoid over-the-line.

How to do data compliance in the Metaverse world

Hiring lawyers and technology companies to do evaluation tests is the main path for data compliance of Metaverse-related APPs. There are many points of data compliance. Here, Sister Sa’s team will only make the “essential principles” of the evaluation points of various regulatory authorities on privacy agreements. Brief comment:

Whether the type of personal information actually collected is beyond the scope of the privacy agreement

The type of personal information actually collected by each business function should be consistent with the content described in the privacy agreement, and should not exceed the scope described in the privacy agreement . The privacy agreement does not clearly inform the personal information to be collected, and the business entity shall not ask the user to provide it during the user’s use of the APP without authorization.

Collection of non-essential information related to business functions, whether or not the user chooses to agree

When the personal information collected by the app operator exceeds the scope of necessary information, the user should clearly state the purpose of collecting personal information and obtain the user’s consent . Taking the APP featuring the AR function of the Metaverse as an example, information such as camera permissions and geographic location are necessary information, while user identity information is not necessary for the AR function.

3. Whether to collect personal information unrelated to business functions

Apps should not collect personal information that has nothing to do with business functions. It should be pointed out that most of the APPs that build the Metaverse world have independent business functions, but in order to connect various scenarios, it may be necessary to collect personal information that is not related to the business functions of this APP. Description and explanation.

4. Whether to continue to ask for permission and disturb the user after the user explicitly refuses it

For a specific business function that the user explicitly refuses to use, closes or exits, the App should not ask the user again whether to open the business function or related system permissions.

5. Does the App update change the system permission settings?

After the app is updated and upgraded, the original system permission settings should not be changed, but the new permission requirements are not included in this list.

write at the end

Different types of apps involved in the Metaverse world require data compliance specifications in different directions, andthe fragmentation of legal regulations has brought certain thresholds for data compliance . Due to space limitations, the Sajie team has not discussed the contents of bundled authorization, rights and interests protection clauses, standard clauses, and identification of sensitive information in this article. However, in the process of building the Metaverse, these key points of data compliance obviously cannot be absent. Once it is removed from the shelves due to compliance issues, it will bring unpredictable losses to the business. Please do not take it lightly.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/metaverse-compliance-report-viii-data-compliance/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-01-27 09:45
Next 2022-01-27 09:46

Related articles