The XRSI Privacy Framework version 1.0

FRAMEWORK RESEARCH

XR Industry is moving fast, so is the urgency to create standards, guidelines, and awareness for XR stakeholders. Recent news about data, privacy, and safety concerns are growing as the technological advancements take place. To address this urgent XRSI is releasing a novel Privacy framework version 1.0.

The framework is a free, globally accessible baseline rulebook built by bringing together a diverse set of experts from various backgrounds and domains, including privacy and cybersecurity, cloud computing, immersive technologies, artificial intelligence, legal, artists, product design, engineering, and many more. 

The XRSI Privacy Framework sets a baseline set of standards, guidelines, and best, regulation-agnostic, practices. It incorporates privacy requirements drawn from the General Data Protection Regulations (GDPR), National Institute of Standards and Technology (NIST) guidance, Family Educational Rights and Privacy Act (FERPA), Children’s Online Privacy Protection Rule (COPPA), and other evolving laws. The framework is designed to adapt and include novel requirements as new regulations come into effect.

A new definition of personal data

XR expands the definition of personal information that must be protected, including biometrically-inferred data, which is especially prevalent in XR data pipelines. You need to consider new rights for data subjects—​the people whose information is collected and used—​to know what’s being collected, how it is used, and how it is shared.

Given the potential immersion of XR experiences and breadth of sensitive information available to XR hardware, informed consent is especially important.  This concept includes ensuring age-appropriate design and awareness for parents to increase child safety.  The framework guides what, why, when, how, and where to INFORM via Context, Choice, Control, Child Safety.

The framework emphasizes PREVENTION, not protection, including content moderation, proactive actions to preserve privacy, differential privacy, decentralization, anonymization, etc.


What’s Next For The XRSI Privacy Framework:

This announcement is only the beginning of XRSI’s commitment to building a global privacy framework for XR. Together with its liaison organizations Open AR Cloud, University of Michigan, and Georgia Institute of Technology. There are many other challenges to tackle, including:

  • Geolocation and geo privacy;
  • Standardized semiotic labels for XR;
  • Adoption and enforcement of the framework;
  • Data protection impact assessment for Spatial Computing and XR;
  • Analysis of dark patterns and their impact on trust in Spatial Computing and XR;
  • XR Data Classification Framework (continue XR-DCF effort XRSI started in 2019);