Applying a layered approach to data protection in an emerging metaverse

James R. Birt; Eugenia Georgiades; Dan Jerker B Svantesson

Applying a layered approach to data protection in an emerging metaverse

James R. Birt, Eugenia Georgiades^*, Dan Jerker B Svantesson

^*Corresponding author for this work

Research output: Contribution to journal › Article › Research › peer-review

Abstract

Our online environment is changing rapidly. As a result, much attention is being directed at a development referred to as the "Metaverse". This Metaverse may, somewhat crudely, be described as digital platforms that offer immersive environments. Such platforms present a combination of new and well-known data privacy challenges. This article seeks to provide an accessible and useful starting point to form an understanding of those data privacy challenges. To uncover the true nature of personal data regulation for users of such platforms, we ought to recall both the role of law, and the role of contracts. Consequently, this article begins by providing a solid overview of what is meant by the "Metaverse". It then proceeds to examine the extent to which data privacy laws claim to apply to an immersive platform that has the features of a Metaverse. The paper further examines whether a layered approach could address data protection issues arising out of a metaverse. In this context, the paper considers the data privacy laws of Australia, the European Union, and Singapore that may apply to immersive platforms.

Original language	English
Pages (from-to)	577-591
Number of pages	23
Journal	European Intellectual Property Review
Volume	47
Issue number	10
Publication status	Published - 25 Sept 2025

3 Invited talk

Cyberspace, outer space, and transborder data flows
Birt, J. (Speaker)
9 Oct 2023
Activity: Talk or presentation › Invited talk
PWI 23554 - Privacy Policy Requirements in Modelling and Simulation Environments to ISO/IEC JTC 1/SC 24
Birt, J. (Speaker) & Georgiades, E. (Speaker)
20 Feb 2024
Activity: Talk or presentation › Invited talk
Privacy risks in the Metaverse: The use & misuse of people’s avatars and images
Georgiades, E. (Speaker), Svantesson, D. (Speaker) & Birt, J. (Speaker)
14 Jun 2023
Activity: Talk or presentation › Invited talk

1 Commissioned report
1 Article

Unravelling The Metaverse Matrix: Navigating Privacy Protection within Modelling and Simulation Platforms
Georgiades, E. & Birt, J. R., 10 Apr 2025, In: Washington Journal of Law, Technology & Arts. 20, 2, p. 102-138 38 p., 3.
Research output: Contribution to journal › Article › Research › peer-review

Open Access
Privacy Risks and Legal Jurisprudence in the Emerging Metaverse: Evaluating the Use of Digital Avatar Personas for Governance and Data Privacy Law Reform
Georgiades, E., Birt, J. R. & Svantesson, D. J. B., 30 Nov 2023, Bond University. 118 p.
Research output: Book/Report › Commissioned report › Research › peer-review

Cite this

@article{394946aefa374b84886c89e039134dce,

title = "Applying a layered approach to data protection in an emerging metaverse",

abstract = "Our online environment is changing rapidly. As a result, much attention is being directed at a development referred to as the {"}Metaverse{"}. This Metaverse may, somewhat crudely, be described as digital platforms that offer immersive environments. Such platforms present a combination of new and well-known data privacy challenges. This article seeks to provide an accessible and useful starting point to form an understanding of those data privacy challenges. To uncover the true nature of personal data regulation for users of such platforms, we ought to recall both the role of law, and the role of contracts. Consequently, this article begins by providing a solid overview of what is meant by the {"}Metaverse{"}. It then proceeds to examine the extent to which data privacy laws claim to apply to an immersive platform that has the features of a Metaverse. The paper further examines whether a layered approach could address data protection issues arising out of a metaverse. In this context, the paper considers the data privacy laws of Australia, the European Union, and Singapore that may apply to immersive platforms.",

author = "Birt, {James R.} and Eugenia Georgiades and Svantesson, {Dan Jerker B}",

year = "2025",

month = sep,

day = "25",

language = "English",

volume = "47",

pages = "577--591",

journal = "European Intellectual Property Review",

issn = "0142-0461",

publisher = "Sweet and Maxwell",

number = "10",

}

TY - JOUR

T1 - Applying a layered approach to data protection in an emerging metaverse

AU - Birt, James R.

AU - Georgiades, Eugenia

AU - Svantesson, Dan Jerker B

PY - 2025/9/25

Y1 - 2025/9/25

N2 - Our online environment is changing rapidly. As a result, much attention is being directed at a development referred to as the "Metaverse". This Metaverse may, somewhat crudely, be described as digital platforms that offer immersive environments. Such platforms present a combination of new and well-known data privacy challenges. This article seeks to provide an accessible and useful starting point to form an understanding of those data privacy challenges. To uncover the true nature of personal data regulation for users of such platforms, we ought to recall both the role of law, and the role of contracts. Consequently, this article begins by providing a solid overview of what is meant by the "Metaverse". It then proceeds to examine the extent to which data privacy laws claim to apply to an immersive platform that has the features of a Metaverse. The paper further examines whether a layered approach could address data protection issues arising out of a metaverse. In this context, the paper considers the data privacy laws of Australia, the European Union, and Singapore that may apply to immersive platforms.

AB - Our online environment is changing rapidly. As a result, much attention is being directed at a development referred to as the "Metaverse". This Metaverse may, somewhat crudely, be described as digital platforms that offer immersive environments. Such platforms present a combination of new and well-known data privacy challenges. This article seeks to provide an accessible and useful starting point to form an understanding of those data privacy challenges. To uncover the true nature of personal data regulation for users of such platforms, we ought to recall both the role of law, and the role of contracts. Consequently, this article begins by providing a solid overview of what is meant by the "Metaverse". It then proceeds to examine the extent to which data privacy laws claim to apply to an immersive platform that has the features of a Metaverse. The paper further examines whether a layered approach could address data protection issues arising out of a metaverse. In this context, the paper considers the data privacy laws of Australia, the European Union, and Singapore that may apply to immersive platforms.

M3 - Article

SN - 0142-0461

VL - 47

SP - 577

EP - 591

JO - European Intellectual Property Review

JF - European Intellectual Property Review

IS - 10

ER -

Applying a layered approach to data protection in an emerging metaverse

Abstract

Fingerprint

Related Activities

Cyberspace, outer space, and transborder data flows

PWI 23554 - Privacy Policy Requirements in Modelling and Simulation Environments to ISO/IEC JTC 1/SC 24

Privacy risks in the Metaverse: The use & misuse of people’s avatars and images

Related Research Outputs

Unravelling The Metaverse Matrix: Navigating Privacy Protection within Modelling and Simulation Platforms

Privacy Risks and Legal Jurisprudence in the Emerging Metaverse: Evaluating the Use of Digital Avatar Personas for Governance and Data Privacy Law Reform

Cite this