Common Sense Media has released a new report that rates the privacy policies of the most popular virtual reality headsets on the market. The report, “Privacy of Virtual Reality: Our Future in the Metaverse and Beyond,” examines the privacy trends and practices of seven leading VR devices and found that none of them meet minimum privacy requirements and safety precautions recommended to ensure the safety of children.
The report analyzed the privacy policies and practices of HP Reverb G2, Meta Quest 2, HTC Vive Cosmos Elite, Pimax Vision 5K Super, PlayStation VR, Microsoft HoloLens 2, and Valve Index, and found that:
- Users are tracked from the moment they install one of these VR devices.
- Sensitive data collected in virtual reality is shared with third parties for profit.
- Privacy policies were unclear or stated that sensitive data was used for targeted advertising, third-party marketing and tracking purposes.
- None of these devices use privacy by design.
- They all displayed third-party advertisements to users.
In addition, helmets lack specific protections for children under 13 who use these devices. Of the privacy practices assessed in the report, more than half (57%) of devices have no parental controls and less than a third have no security settings.
“VR companies, like any other tech company that targets teens, should use a privacy-by-design approach to create age-appropriate content and experiences that are safe and compliant with the strongest privacy protections possible. Anything less than that is unacceptable because the stakes are too high,” says James P. Steyer, Founder and CEO of Common Sense Media. “We need to ensure that safe spaces exist in virtual reality for children and teens can connect, play, and learn without the threat of encountering various forms of harassment and privacy risks that currently plague the Metaverse and beyond.”
According to the report, VR devices collect significantly more data than mobile apps and websites, including body posture, gaze, pupil dilation, gestures, facial expressions, and even minute variations in color. skin. A user’s body movements in VR are tracked over 100 times per second, which means spending 30 minutes or more in a VR simulation can collect over 2 million unique data points.
“The bottom line is that every VR device we tested leverages users’ sensitive data for profit, so we cannot recommend any of these devices to parents as safe for children,” says Girard Kelly, director of the privacy program at Common Sense. “However, some of the devices we reviewed have options to turn off some of the more problematic data collection and security settings. find and complexes. in order to protect children.”
Meta Quest 2, arguably the most popular VR headset on the market (Meta has around 90% of the VR headset market share), received the third lowest privacy rating (55% warning), se ranking only ahead of Valve Index (50%) and Primax Vision 5K (30%). Meta’s privacy policy states that it does not sell consumer data, but engages in everything else, including third-party marketing, targeted advertising, third-party tracking, tracking users on the Internet and the generation of advertising profiles based on the user data it collects. . Microsoft’s HoloLens 2 received the highest privacy rating (75%), but like the other six headsets reviewed, not all of them met the recommended minimum privacy and security requirements to keep kids safe.
The data was collected and analyzed by the Common Sense Privacy Program, a team of attorneys and experts in privacy, law, IT, education, academia, and public policy. The research team rated the products on a 100-point scale through 155 unique review questions.
