If the Metaverse is a concept that has existed for a long time, it was propelled to the forefront of
the technological scene in October 2021 when the social network Facebook took the name of Meta,
illustrating the choice of Mark Zuckerberg (historical founder of Facebook) to focus its activity around
virtual reality.

The idea is to transfer “real” life to a virtual space, all “embodied” by an ultra-personalized avatar. In
this space, users will be able to do everything (or almost everything) that they have always wanted to
do but that reality prevented them from doing. Having lunch with a friend on the other side of the
globe, going sightseeing without having to take a plane, or even walking for a person with reduced
mobility, everything becomes accessible.

Having set the scene, it is appropriate to ask the question of personal data shared on the metaverse.
In practice, to access the metaverse, you need to wear a helmet and sensors. These sensors can be of
any kind: eye movement sensors, facial muscle contractions, eyelash movements, etc. These data are
derived from the behavior of an individual, even from his physical and physiological characteristics.
Moreover, if they are crossed, they allow identifying an individual. It is therefore specific personal data
since it is also biometric data.

The Financial Times study highlighted the variety of patents filed by Meta in terms of sensors. These
sensors and cameras installed in the helmets will be able to detect a lot of information and in particular
the emotions of the user, but also his height, his weight, his lifestyle (how he sits, how long), his facial
expressions, etc. Some patents also mention sensors placed on the torso. The objective is to create the
most faithful avatar to the individual. We can see a desire to create virtual clones.

But then, what is the point? Any personal data can have value, especially if it is biometric data. Meta’s
business model seems to be the same as Facebook’s: selling personal data and advertising. The sensors
will be able to detect the interests of the individual without him even expressing them (expression of
disgust for a product he sees on the screen, heart beating faster when he passes in front of a virtual
store) and resell this data to interested companies.

The metaverse remains a lawless zone because it is poorly regulated. Moreover, the average user may
not understand the value of the data they are giving to these companies. This is why more protection
is expected from legislators.

Références :
Biométrie | CNIL
Métavers : ce jeu dont qui sera le héros ? | CNIL
Meta veut utiliser nos données biométriques pour monétiser le métavers
Metavers : des brevets inquiétants ?
Facebook patents reveal how it intends to cash in on metaverse

A propos de Sarah HATAM