25 September 2019
VR apps collect a lot of information about their users. In fact, according to a well-known VR industry website, VR Heads, every VR app collects the following information from their users:
Privacy laws require that you disclose every type of personally identifiable information that you collect from your users. They also require you to disclose the methods you use to collect that data and state the reason for collecting it.
Most VR apps require their users to provide registration information in order to use them.
The information your VR app collects from users generally includes the user's name, date of birth, and email address. It may also collect information like the user's photo or social media profile information.
User profiles significantly improve the app experience and VR apps, more or less, work the same way. Users become much more invested in the app when they are given the choice to personalize their online profiles.
Most VR apps let users add their personal information (like a bio or interests) or upload a profile picture/avatar. They sometimes even give users the option to add personal information that might not be necessary for app registration.
Any information that your VR app collects from user profile fields is confidential.
Privacy laws require you to inform the user about the information you collect from user profile form fields the same way you inform them about the information you collect from them at the time of registration.
You are also required to inform the user about the reason for collecting that information, how you will use that information, and whether or not you will share it with any third-party vendors.
VR technology has the ability to collect user's private information while they're immersed in a game. VR apps can track the information about the physical profile of the user, including the height, weight, girth, gait, and movement patterns of the user. Its purpose is to personalize the user's experience and make the game more immersive.
The information collected may include the user's hair color, eye color, and skin color. All of this information makes the user's VR app experience better but the privacy concerns it raises are serious.
If an app can create a picture of a user based on their usage of the app or the data the app collects - the users, especially children, can be exposed to potential risks.
The information most VR apps collect includes location-based information like the user's country of residence and its time zone. This information provides the user with personalized content like making their native language the default and sending software upgrades to them.
VR apps also collect personally identifiable information such as a usernames, email addresses and dates of birth.
In its Terms agreement, OrbusVR has a clause titled What Personal Data Do You Collect and Why?, which clearly describes the information their VR app collects:
OrbusVR collects personally identifiable information such as a user's name, email address, IP address and password.
This information is considered to be personally identifiable information.
All VR apps collect user information to guide their marketing strategies. Your VR app may collect information to give personalized product recommendations to users or it may send notifications of contests and promotions.
It may also use the information to help put relevant ads in front of their users or offer products by third parties.
Oculus uses this information to market its services to users and to promote safety and security on and off its services.
All VR apps collect data of users when they are actively playing a game to compile statistics like number of users in a region.
This data is not considered personally identifiable information.
Users can allow Google to share this data with "companies, organizations, or individuals outside of Google." Otherwise, it is only shared with affiliates or for legal reasons.
Oculus has a clause titled Third Parties that Provide Content, Marketing, or Functionality on Our Services that clearly mentions that Oculus shares information with third parties to market their services to the users. The information is shared with companies to better understand how people use our services:
In the context of VR apps, cookies are small files used for storing user information like login information and previously seen advertisements.
Beacons are used to establish communication between a user's device and a server - usually to check if the user has accessed some content.
Oculus has a clause titled Cookies and Other Local Storage that mentions cookies being used to help users log in to its services, to provide the users with shopping baskets for making purchases, and to help understand how people use its services.
When developing your VR app, it is highly recommended that you deploy a strategy for Privacy by Design. This strategy will help you implement privacy laws, evaluate risks, and ensure protection of user rights at every stages of your VR app design.