The XRSI Privacy and Safety Framework

FRAMEWORK RESEARCH

XR Industry is moving fast, so is the urgency to create standards, guidelines, and awareness for XR stakeholders. Recent news about data, privacy, and safety concerns are growing as technological advancements take place. To address this urgent XRSI is releasing a novel Privacy and Safety framework version 1.0.

The framework is a free, globally accessible baseline rulebook built by bringing together a diverse set of experts from various backgrounds and domains, including privacy and cybersecurity, cloud computing, immersive technologies, artificial intelligence, legal, artists, product design, engineering, and many more. 

The XRSI Privacy and Safety Framework sets a baseline set of standards, guidelines, and best, regulation-agnostic, practices. It incorporates privacy requirements drawn from the General Data Protection Regulations (GDPR), National Institute of Standards and Technology (NIST) guidance, Family Educational Rights and Privacy Act (FERPA), Children’s Online Privacy Protection Rule (COPPA), and other evolving laws. The framework is designed to adapt and include novel requirements as new regulations come into effect.

A new definition of personal data

XR expands the definition of personal information that must be protected, including biometrically-inferred data, which is especially prevalent in XR data pipelines. You need to consider new rights for data subjects—​the people whose information is collected and used—​to know what’s being collected, how it is used, and how it is shared.

Given the potential immersion of XR experiences and the breadth of sensitive information available to XR hardware, informed consent is especially important.  This concept includes ensuring age-appropriate design and awareness for parents to increase child safety.  The framework guides what, why, when, how, and where to INFORM via Context, Choice, Control, Child Safety.

The framework emphasizes PREVENTION, not protection, including content moderation, proactive actions to preserve privacy, differential privacy, decentralization, anonymization, etc.