XR Industry is moving fast, so is the urgency to create standards, guidelines, and awareness for XR stakeholders. Recent news about data, privacy, and safety concerns are growing as technological advancements take place. To address this urgent XRSI is releasing a novel Privacy and Safety framework version 1.0.
The framework is a free, globally accessible baseline rulebook built by bringing together a diverse set of experts from various backgrounds and domains, including privacy and cybersecurity, cloud computing, immersive technologies, artificial intelligence, legal, artists, product design, engineering, and many more.
The XRSI Privacy and Safety Framework sets a baseline set of standards, guidelines, and best, regulation-agnostic, practices. It incorporates privacy requirements drawn from the General Data Protection Regulations (GDPR), National Institute of Standards and Technology (NIST) guidance, Family Educational Rights and Privacy Act (FERPA), Children’s Online Privacy Protection Rule (COPPA), and other evolving laws. The framework is designed to adapt and include novel requirements as new regulations come into effect.
A new definition of personal data
XR expands the definition of personal information that must be protected, including biometrically-inferred data, which is especially prevalent in XR data pipelines. You need to consider new rights for data subjects—the people whose information is collected and used—to know what’s being collected, how it is used, and how it is shared.
Given the potential immersion of XR experiences and the breadth of sensitive information available to XR hardware, informed consent is especially important. This concept includes ensuring age-appropriate design and awareness for parents to increase child safety. The framework guides what, why, when, how, and where to INFORM via Context, Choice, Control, Child Safety.
The framework emphasizes PREVENTION, not protection, including content moderation, proactive actions to preserve privacy, differential privacy, decentralization, anonymization, etc.
The release of the XRSI Privacy and Safety Framework version 1.0 is only the beginning of XRSI’s commitment to building a global privacy framework for XR. XRSI has assembled a committee of experts from a variety of disciplines to begin the process of accepting and reviewing additional submissions to expand on the controls introduced by the framework.
Anyone can make a submission as long as they follow the guidelines and use the provided submission portal. Over the next three months, XRSI and the Expert Evaluation Committee will accept and review submissions and award the authors of any submission adopted into the framework with a $100.00 USD prize.
Privacy and Safety are global challenges, and to get this right we need submissions from a broad and diverse set of contributors. XRSI invites you to help build a future that is truly private!!
1.0 Who should Submit
The XRSI Privacy and Safety Framework has over one hundred and twenty individual controls touching on several aspects of privacy. While many of them are technical in nature, some require expertise from multiple disciplines. We seek submissions from across the social sciences, technical disciplines, and legal fields. This includes, but is not limited to disciplines such as communications, computer science, law, economics, engineering, human-computer interaction, human factors, political science, social psychology, and sociology. Applicants from diverse backgrounds and those with expertise in specific countries, cultures, or vulnerable populations, including those that have not previously been examined in relation to privacy, are especially encouraged to submit guidelines for control.
Each submission should provide concrete examples and implementation guidelines so that anyone using the framework can leverage approved submissions to help them in their own role.
Submissions that are accepted and adopted into the XRSI Privacy and Safety Framework will be eligible for a $100.00 USD award.
2.0 Submission Criteria
One Control per Submission: Clearly state a single control for each submission. Use the control’s designator. Any submission that does not clearly identify a control will not be evaluated.
Length: Submissions will be concise. As a rule of thumb submissions should be in the range of 500 – 2500 words.
Format: All submissions must be in an acceptable format. If the submission is not in one of the formats listed on the submission page it will not be accepted.
References: Each submission should include cited references to any external work that did not originate with the author of the submission. If you submit another person’s work give them appropriate credit.
Portal: Submissions will only be accepted via the XRSI submission portal.
Identity: Each submission must include a valid email address for correspondence unless submitted anonymously. Anonymous submissions may be accepted and included in the XRSI Privacy Framework but will not be eligible for any payout and the author will not be attributed in the final document or notified of their acceptance.
Conflict Resolution: Submissions will contain a date and time stamp and if two submissions are similar in content for the same control, the Expert Evaluation Committee will deconflict using the time stamp. Effectively it would be a first-come, first-serve basis. While this form of conflict resolution will apply for the cash payout, we might consider still providing written credit to multiple authors even if we only award the first.
3.0 Acceptable Formats
Submissions should be provided as plain text.
Formats such as images (jpg, png, etc..), videos, audio files, PDFs, HTML, cloud document links, or any other format will be rejected.
4.0 How To Submit
Please make every attempt to submit in English text. Other languages may be translated to English using machine translation.
The XRSI Privacy and Safety Framework Development Guidance
November 13, 2020
XRSI Privacy and Safety Framework Deep Dive with Kent Bye