After VR, AR, and Mixed Reality (MR), Extended Reality (XR) and Spatial computing are gradually becoming the newer frontiers of advancements in the space of information technology and going by the Hyponnen Theory, anything connected to the internet is vulnerable to cyberattacks. Privacy is among the major concerns raised on XR.
XR expands the definition of personal information that must be protected, including biometrically-inferred data, which is especially prevalent in XR data pipelines. You need to consider new rights for data subjects — the people whose information is collected and used—to know what’s being collected, how it is used, and how it is shared. Immersion into XR experiences often calls for a breadth of sensitive information to be available to XR hardware, and here informed consent is of paramount importance.
To address this growing concern, the XR Safety Initiative (XRSI), an organization dedicated to help build safe immersive environments, has released the XRSI Privacy Framework Version 1.0. to help individuals and organizations address a comprehensive set of privacy needs, enabling more innovative and effective solutions to improve privacy in the Extended Reality (XR) and Spatial Computing domain.
“Emerging technologies, such as XR and Spatial computing, are transforming the way humans connect, create, commerce, and heal. This technological shift has the potential to expand our capabilities, enhance wellbeing, and influence every aspect of our lives. We must proactively address the privacy, safety, and deeper societal risks it brings along,” Kavya Pearlman, Founder and CEO of XRSI, told CISO MAG in an exclusive interaction.
“While we have not even fully addressed the cybersecurity challenges with existing technologies, a whole new wave of emerging technologies including virtual augmented and mixed reality (collectively known as XR), Brain-computer Interface (BCI) and rollout of 5G communication infrastructure is bringing a whole new set of novel cybersecurity challenges that we need to address as soon as possible,” she had suggested in an earlier interview with CISO MAG.
The framework is a free, globally accessible baseline rulebook built by bringing together a diverse set of experts from various backgrounds and domains, including privacy and cybersecurity, cloud computing, immersive technologies, artificial intelligence, legal, artists, product design, engineering, and many more.
Setting a Baseline
The privacy framework also incorporates privacy requirements drawn from the General Data Protection Regulations (GDPR), National Institute of Standards and Technology (NIST) guidance, Family Educational Rights and Privacy Act (FERPA), Children’s Online Privacy Protection Rule (COPPA), and other evolving laws. It is designed to adapt and include novel requirements as new regulations come into effect.