A 20-minute virtual reality game can capture 20 million data points about the player – and yet the collection and use of this information is, as yet, unregulated. Last year, a group of privacy experts met to review the risks and propose solutions. Here’s what they came up with
It seemed like a game when Riley first started the virtual reality (VR) maze. He used a room-scale setup, so by physically walking around his living room, he could solve puzzles and visit different parts of the virtual maze. His friends were networked into the game, so even though they were in their own living rooms, when Riley turned his head he could make eye-contact with them. He could even give them virtual high-fives – slapping avatar hands gave him the sensation of haptic feedback from his controller.
What Riley didn’t know was that the startup that created this game had decided to sell its users’ tracking data. Riley also didn’t know that a20-minute VR game session recorded 2 million points of dataabout his body movement, and that an insurance company was one of the customers buying the game data. A month after playing the game, Riley was turned down for a new life-insurance policy. Given his excellent health, he couldn’t understand why. Several appeals later, the insurance company disclosed that Riley’s tracking data from the VR maze game revealed behavioral movement patterns often seen among people in the very early stages of dementia. Later, Riley’s sister, who had not played the VR maze game, was also rejected for life and long-term care insurance policies, as dementia tends to run in families.