Lacking US Privacy Law, Industry Advised to Seek Solutions
With no comprehensive recent national privacy law, stakeholders must continue discussions about ways to rebuild consumers' trust in technology -- perhaps via standards or other agreed-upon measures, an Information Technology and Innovation Foundation and XR Association conference was told Thursday. Speakers on one panel agreed the U.S. is behind on legislative efforts (see 2110200060). They said Europe is ahead, such as with the EU general data protection regulation. Boosting people's confidence that their information will be appropriately used when it's collected by devices, apps and by content providers is possible but not guaranteed, ITIF and XRA were told.
Augmented and virtual reality, the event topic, "sounds very dystopian" and that’s why "we are having these conversations now" and have been for a while, said XRA Vice President-Public Policy Joan O’Hara. Having trust with users and protecting their privacy "is just the right thing to do," added O'Hara, moderating a panel. Legislative efforts have "been underway for a while, more than one [session of] Congress," said O'Hara. "It seems other things kind of get to the front of the line, in terms of urgency." The U.S. "is admittedly not ahead of the game here," she said.
"Europe is very much ahead of the game when it comes to privacy regulation" like GDPR, said Future of Privacy Forum Policy Counsel Jeremy Greenberg. "There’s a lot to draw from internationally" in devising a U.S. privacy regime, he said. Greenberg sought a "comprehensive privacy law" that's "technology agnostic." He advised keeping in mind current industry progress and that "biometrics" may have added "concerns there."
The EU "has not been shy about its desire to have GDPR" as an international benchmark, said Rep. Suzan DelBene, D-Wash., via prerecorded video remarks. She hopes privacy legislation will pass this Congress, and has introduced a bill (see 2103100062). "A patchwork of state laws won’t work in our digital world," the lawmaker said. "We need to make sure that people understand their rights and how their personal information will be used." With some more advanced alternative-reality types of tech, "there is no real limit on what companies can do with this sensitive information," DelBene said.
There was general accord that consumers have privacy concerns. "Folks seem more concerned about their privacy" and "they expect that their privacy is potentially being compromised," said Greenberg. There's "stress and distress and distrust that people have" about tech privacy, said Jessica Outlaw, research director of The Extended Mind. She said her Facebook-funded survey found some 37% of respondents report having changed privacy settings in the past three months: "That signals to me that people are paying attention, and they are not happy with the default settings." Many say they paid for a privacy service, Outlaw said.
"Users care about their privacy, based on [Outlaw’s] research. However, we may not have the [mental] bandwidth" to be experts on such matters, said CyberXR President Noble Ackerson. Device makers could provide common guidelines, working together perhaps via third parties, "to build these sort of foundational objectives," he suggested. "Reward or punish the market with our wallets," he said about privacy clarity and choices that manufacturers and content developers provide to users.
VR and other alternative realities should "progressively disclose what my data is being used for," akin to directions and tips that mobile games provide as players advance in a game, Noble said: This would be better than lengthy terms of service that "no one reads." Companies should "make sure that we’re clearly communicating how the data’s going to be used," consumers should be informed on choices such as what to do with their data, and people should have easy ways to control their data, he said. That entails "avoiding some of these dark patterns like navigating through seven or 12 trees of information to unsubscribe from a thing."
The in-person audience chuckled when Outlaw was asked whether she's optimistic user trust can be restored in industry safeguarding their privacy. She said time will tell and "there are so many benefits" from using tech. "I think we can get there," O'Hara said. "The important thing is that we are asking the right questions now and bringing a lot of people under the tent" to participate in discussions about privacy.
O'Hara, like the panelists, participated virtually. During the event, at least some were in ITIF's headquarters building, even while not in the same room as other speakers. The session was watched by in-person attendees on a big screen at ITIF's headquarters. The event also was livestreamed.
ITIF/XR Notebook
VR-types of technology have proved themselves in training situations, said Stanford University's Jeremy Bailenson, Storke professor of communication and director of the doctoral program in communication. He said companies have successfully used this tech to teach their employees, citing Walmart. Part of that training was on dealing with active-shooter situations in retail stores, Bailenson said. While that's a grisly example, it appeared to have paid off when a Walmart in El Paso was attacked, he said. The company didn't comment.
Walmart uses extended reality for other types of training, as well, the conference was told. Using XR greatly reduced the amount of time necessary to train employees on using equipment, said Erika Peace, Unity Technologies senior industry product manager-government. The company also used the technology to show how its workers should interact with customers, she said. “By training in extended reality, people are able to practice in those critical thinking skills.” This helps them improve their communications with customers and also to gain empathy for them, she added. “You really get to be kinetically involved and build that [muscle] memory.”
Separately Thursday, a technology training organization released strategies for building in privacy by design and default. This includes processing the minimum amount of data used to perform a task, hiding such information from public view, and disclosing how data is being used. See here for more information from ISACA.