There are huge privacy implications that are coming with the technological roadmap of VR, and Facebook is sort of using Oculus as a technological shield to be able to develop this technology independent of the deeper advertising implications of the data that is going to be made available. When I asked Mitchell if the business models need to evolve beyond this type of privatized surveillance, he said that these types of new models are not something that Oculus is thinking extensively about right now. They’re mostly focusing on getting as many people in VR as possible. Oculus is working on the low-level implementation of VR while Facebook can think about what they’ll be able to do with all of this data.

Facebook Teases "breakthrough technologies" Coming to New Oculus Products, Tours R&D Lab

In wrapping up his thoughts on privacy, Mitchell said, “So in summary: Very committed to user privacy. It’s something we take very seriously. It’s something we’re really focused on. We’re committed to taking care of user’s privacy. And you’re asking the right questions, keep asking them. I think right now, everything is in a good place across the industry. But that could change, and that’s something for folks like you to keep chatting about.”

Indeed this is something that the entire VR community needs to keep talking about, and it will change towards a direction that’s not a good place unless some of the deeper open questions listed down below are addressed. I’d also recommend listening to these interviews below about privacy in VR for more in-depth discussions.

Overall, in my assessment, Oculus has delegated privacy considerations Facebook and it is clearly not a priority for them, despite Mitchell’s claims. If you have any questions regarding Oculus’ privacy policy, then I’d encourage you to follow up with Oculus via the email I haven’t personally received a response yet, but it’s a way to provide some direct feedback to Oculus. Hopefully they can start to implement more processes for transparency and accountability, as well as engage in deeper and more involved questions about the future of what will and will not be recorded when you’re within VR.

Other recommended interviews about Privacy in VR:

Here are some of the open questions that should be asked of virtual reality hardware and software developers:

  • What information is being tracked, recorded, and permanently stored from VR technologies?
  • How will Privacy Policies be updated to account for Biometric Data?
  • Do we need to evolve the business models in order to sustain VR content creation in the long-term?
  • If not then what are the tradeoffs of privacy in using the existing ad-based revenue streams that are based upon a system of privatized surveillance that we’ve consented to over time?
  • Should biometric data should be classified as medical information and protected under HIPAA protections?
  • What is a conceptual framework for what data should be private and what should be public?
  • What type of transparency and controls should users expect from companies?
  • Should companies be getting explicit consent for the type of biometric data that they to capture, store, and tie back to our personal identities?
  • If companies are able to diagnose medical conditions from these new biometric indicators, then what is their ethical responsibility of reporting this users?
  • What is the potential for some of anonymized physical data to end up being personally identifiable using machine learning?
  • What controls will be made available for users to opt-out of being tracked?
  • What will be the safeguards in place to prevent the use of eye tracking cameras to personally identify people with biometric retina or iris scans?
  • Are any of our voice conversations are being recorded for social VR interactions?
  • Can VR companies ensure that there any private contexts in virtual reality where we are not being tracked and recorded? Or is recording everything the default?
  • What kind of safeguards can be imposed to limit the tying our virtual actions to our actual identity in order to preserve our Fourth Amendment rights?
  • How are VR application developers going to be educated and held accountable for their responsibilities of the types of sensitive personally identifiable information that could be recorded and stored within their experiences?

Support Voices of VR

Music: Fatality & Summer Trip


This article may contain affiliate links. If you click an affiliate link and buy a product we may receive a small commission which helps support the publication. See here for more information.

  • Ombra Alberto

    Excellent article. Important questions.

  • Get Schwifty!

    “On January 11, I sent an email to to “access data associated” with my account, but I never heard anything back from them after two and a half months. If it really was a top priority for Oculus, then I would have expected to have received a response, and that there would be more systems in place for the type of transparency and accountability that is promised within the “Data Access and Deletion” section of their privacy policy.”

    Since we are putting privacy in VR on trial here again in an OP-ED piece (and again focusing only on FB/Oculus) can we please do the same for HTC and other companies? Again, there is little to no evidence that companies outside the US with the exception of those in Europe with having significant value on privacy and collection of data compared to the US and even FB does a better job likely than those since it’s held to a higher standard. However, you can’t make hay with a Chinese or Taiwanese company the way you can with FB because they are just going to blow you off. Let’s keep this point in mind and hold ALL companies to a common standard for VR… and investigate them equally.

    • benz145

      Kent is not singling out FB alone, that’s just whom this article happens to be about. Nowhere in it does he say that FB is the only company that needs to consider the long term implications of privacy and VR.

      Here he is speaking with HTC on the topic back in January:

      I’d also recommend checking out the list of episodes he links to at the end of the article for a lot more great discussion on the topic.

      This goes way beyond just Facebook; Kent has been doing great work in this area by making sure this conversation is happening and not just letting the industry leave it as an afterthought.

    • PK

      I agree a company based in Taiwan need to be looked at closely as well, but to me it’s very clear that Facebook deserves extra attention since they’re still at the forefront of social media. Nate for his part is very knowledgeable and probably would come off better if how he delivered his talking points as well as his freeform human dialogue didn’t always feel like a marketing team making a sales pitch.

  • NooYawker


  • wowgivemeabreak

    So HTC/Valve push advertising on the Vive and basically nothing written about here other than mentioning it and how it will work. Meanwhile something negative towards Oculus gets a 3 page article on it.

    • Hivemind9000

      Advertising and protection of privacy are two different topics – this article is about one of them. If HTC/Vive start advertising intrusively or inappropriately, the users will move away from their platform (advertising is generally done as part of some quid-pro-quo with the user, generally the user gets content for free in return). Collection and commercial use of private information is much more insidious as it can often be done without the conscious knowledge of the participant.

      I don’t think Kent is picking on Oculus in favor of HTC/Vive. Facebook is in the business of connecting private information with advertising, as that is where their revenue comes from. They are also behind one of the biggest VR platforms. If their privacy policy is corrupt or insufficient, then it doesn’t really matter what the rest of the VR platform providers do. Industry leaders generally set the norm for those that follow, so it’s a good place to focus the efforts for getting better privacy standards in VR.

    • NooYawker

      1. Pushing ads and siphoning your private data are two different things, even though they often go hand in hand.
      2. It’s HTC Viveport not steamVR.

  • Foreign Devil

    Trump just passed legislation allowing ISP’s to sell your browsing history and activity to anyone. I’d think that is a bigger invasion of privacy than info about your head movements in VR.

    • Hivemind9000

      Yes, but this is a VR site. You can read articles about the rest of reality somewhere else.

      • Foreign Devil

        Right. Virtual Reality, Virtual Problems.

    • PK

      I don’t understand how you have this attitude with Trump’s approach to privacy. If he’s in office for a second term he’ll be able to demand an incredible amount of data from Facebook if we don’t take action now.

  • Farnborough

    Thanks for this article! Oculus/FB’s passive approach to privacy is far from enough!

  • Raphael

    Really defensive octopus users here: ‘don’t pick on my octopus. Go look at Vive as well. It’s just not fair!’

  • rabs

    It may be interesting to see how it goes with the recent recommendations published for the AI field, especially IEEE P7002 “Data Privacy Process”.

  • Flashwork

    Suckerberg should be thrown in jail for letting fackbook be complicit in letting Drumph hijack the election as should Drumph.