jim-PrestonWhen I was at the GDC VR Mixer, Jim Preston struck up a conversation about his concerns about privacy in VR. He works at FOVE which is making a VR headset with eye-tracking, but wanted to speak to me on his own behalf about some of the deeper philosophical questions and conceptual frameworks around the types of intimate data that will become available to VR headsets. As more and more biometric data streams are integrated into VR there a lot of complicated and complex ethical questions that he thinks will take the entire VR community needs to figure out.


Preston says that VR is challenging the long-standing enlightenment model of mind-body dualism, and that VR is able to do a sort of “redirected thinking” in being able completely control all aspects of someone’s else’s reality. This is a lot of power to put into the hands of performance-based marketing companies who have an extraordinary amount of data about our private lives; he has concerns that this data could start to be used to drive consumer behaviors in unconscious ways.

The technological roadmap for VR includes integrations with new biometric data streams including eye tracking, facial tracking, galvanic skin response, sensing of emotional states, our voices interactions, and perhaps even EEG brainwave data. This data has typically had tight privacy controls either within the context of medical applications or market research that requires explicit consent, but it’s being captured within the context of an attention-driven consumer market where there many other vectors of private data that have been collected and connected to your personal identity.

'Silent Slayer' Preview – Dr. Van Helsing's Deadly Game of Operation

Here are some of open questions around the future of privacy in VR:

  • Do we need to evolve the business models in order to sustain VR content creation in the long-term?
  • If not then what are the tradeoffs of privacy in using the existing ad-based revenue streams that are based upon a system of privatized surveillance that we’ve consented to over time?
  • Should biometric data be classified as medical information and protected under HIPPA protections?
  • What is a conceptual framework for what data should be private and what should be public?
  • What type of transparency and controls should users expect from companies?
  • Should companies be getting explicit consent for the type of biometric data that they to capture, store, and tie back to our personal identities?
  • If companies are able to diagnose medical conditions from these new biometric indicators, then what is their ethical responsibility of reporting this to users?

Preston has a nuanced view of what VR is going to enable in that he thinks that it’s not going to be either a total dystopian or utopian future, but that our future is going to be complicated and complex. Much like chess teams of humans & AI are able to beat any other AI program, this type of cooperation between humans and machines are going to enable all sorts of new amazing capabilities while also introducing new challenging problems.

The future integration of biometric data into immersive technologies will being an array of complicated and complex questions that go beyond what any single company or individual can figure out, but Preston says that this is something that the VR community as a collective should talk about and attempt to answer some of these open questions.

Why 'Embodiment' is More Important Than 'Immersion' – Inside XR Design

I’d like to keep this conversation going too; I’ll soon be featuring some more information from biometric experts from the Experiential Technology Conference on the Voices of VR Podcast as well as an interview with Oculus’ Nate Mitchell.

For my previous coverage on privacy in VR, be sure to not miss Sarah Downey’s take on privacy in VR and the relationship between the 1st and 4th Amendment, as well as Tobii Eye tracking’s recommendation for explicit consent for recording eye tracking data, HTC’s Dan O’Brien, and the following two interviews with Google with some open questions about Google Earth VR & Tilt Brush, as well as my interview with Linden Lab’s Ebbe Altberg.

Support Voices of VR

Music: Fatality & Summer Trip

Newsletter graphic

This article may contain affiliate links. If you click an affiliate link and buy a product we may receive a small commission which helps support the publication. More information.

  • Graham J ⭐️

    There was also some good discussion under your article about Waltz of the Wizard and the Reddit thread I started about it.

    Even those arguing that WotW level tracking was ok agreed eye tracking was another level. I think any biometric data should be protected more than usual types of tracking data.

  • Nima Zebrami

    It’s HIPAA actually, not HIPPA. I do often think it’s facetious for us as a community to think that the “VR community gets to decide” on new best practices just because we claim that VR is just “too different” or “too immersive” so prior regulations must not apply. The courts will definitely be the ones deciding whether or not companies are violating healthcare protocol.

  • jimmey dean hiya

    complicated why?
    ask the user if they would like to submit to biometric data delivery to a different location or not.if not it stays with the user.period.

    • Xilence

      Because historically, regardless they send it off anyway.

  • Jeff

    Nothing should be tracked. We as consumers are paying for a product. There is no need to try and produce further revenue. As far as feedback to developers- they should use testers and beta programs as has been done for generations. The video game industry creates more profit then movies, and there is no good excuse for such garbage practices. I turned on my gearVR recently and found that every single app wanted multiple permissions like my contacts and photos for no legitimately connected reason, then crashed on the first load(these were all ‘featured’ apps). It was a hilariously garbage experience. Unless we as consumers take an extremely strong stance we will get grifted by these companies, and badly. In all honesty the purchase of oculus by no other then Facebook is cause for serious concern, and a zero tolerance policy from we the consumers. In a future where users spend a large fraction of their lives in VR/AR these type of practices could go way beyond annoying and into the realm of real danger to society.

    • Trowsers

      I completely agree, Jeff. I also don’t want VR turning into the F2P crap-ware we now see on the app stores where companies are using big data to find out out weaknesses just to exploit an extra dollar from us like MZ does. It’s disgusting IMO. I’ve been in this business over 30 years and in some instances I’m extremely proud of where we are, and in some I’m extremely disgusted.

      We need to be better than this.

    • NooYawker

      Without explicit laws making it illegal they’re going to do it.

      • Xilence

        No kidding, but here let me one-up you. What about when the ‘authorities’ are illegally tracking you? That’s also another concern that we have even less answers to because the same laws that we force them to make, they also do not follow, because naturally it’s us vs. them and we fund them… so now they’re in control.

    • Andrew Jakobs

      Ofcourse I agree this kind of data should not leave your computer and should be destroyed immediatly after it’s used by the application as inputdata.
      But I do not agree on the ‘we as consumers are paying for a product’ in some cases. Yes you put up an ammount of money to use the device, but a lot of times you can get the device ‘cheap’ because the company sells the hardware for a lower price than it costs to develop/manufacture it, as they tend to make their money with the data it gets from these devices. It’s just how their business works, and all you can do it buy a product that costs more from a company that doesn’t use data gathering as their main business..

  • Nairobi

    Piracy has already been solved! Just port Denuvo to VR where it disables offline plays, locks games indefinitely to walled platforms, punishes the good consumers, and destroys any ownership of a library if there is a payment error!

    Har har.

    • Xilence

      I can’t fathom how piracy was even a problem because I always buy games when I love them, even if I played someone else’s or through some other way, I always buy to support either this release, or future releases, or both. Because I pay for what I enjoy, and I need them to feel that in the form of monetary relief and also in the knowledge that this is the kind of thing I appreciate.

  • Like the point where you say that will not be utopian or distopian: I agree, it will be complicated and we’ll have less privacy, but I don’t believe in a distopian future

    • jlschmugge

      It could be argued we are already in that dystopian future. Marketing, advertising, and propaganda, be it political or commercial is nothing new, but it has gotten really sophisticated over the past couple decades with the internet and quantity of information. They make us believe we need all these toys and apps to stay entertained and socially connected, and we buy into their suggestions that it makes us happy, and maybe for a moment it does, but it disconnects us, priming us for another dose of that artificial happiness, further entrenching the void in our souls that they educated can only be filled by their goods and services. So we give away information because they made it easier to click yes than question why, providing a path of least resistance to our artificial happines, for the benefit of companies to know even more on how to push our buttons to make us want even more, while further distancing us from what truly makes us happy, guaranteeing a sustained demand for their goods or services. This has become the culture of our modern neoliberal world that has reduced everyone to a source of profit, in which our unhappiness is farmed and exploited for the priority of perpetual growth. Think about this with every advertisement you see; every remark a politician makes. Do they really want you to be happy? You are more useful to them if you aren’t.

      • Xilence

        This, we are always being monitored. Does this mean they watch us 24/7? No. All of us, and everything about us is stored. And if for some reason in the future that we become ‘important’ to an agenda or situation, our files will be pulled up. That’s why it’s so dangerous.

        That’s why the ‘I’ve got nothing to hide’ mentality gets masses of people in trouble or worse: killed. Because just because you’re not a target or ‘problem’ now, doesn’t mean you won’t be later. And letting them do this to you, also is letting them do this to someone else.

        Sadly in a democracy, we don’t have true freedom. Which means if the majority ‘have nothing to hide’ then we’re all screwed.

        • jlschmugge

          I always wondered if it is conceited to think anyone’s self is important enough to monitored, where as maybe everyone has at least something little to hide, but nothing important enough to waste time on while there are big fish to fry. I think most demographic information is innocuous, as it’s intended to figure out trends in product preference, and oh no, if they have your information on that it just shows that you have a preference between the red or the blue one, and now you will never stop seeing ads for the blue one on every website you visit. However you might be right, that even if we have nothing to hide, we also no longer can hide if we need to. This new Trump world we live in has shown many innocent people get caught up in conspiracy stories or misidentification, and their social media accounts get slammed with death threats or prejudiced remarks.

          So I’m not sure how far this VR biometric tech will go. I do enjoy taking a break in VR. I know it would be a fascinating interaction to input biometric feedback into an experience. As far as gaming goes however, biometric technology has already existed in spurts in games before, but never ever has become mainstream. Most of its uses were only fitted for medical therapy like using an EKG to control a game to increase brain activity for example. I do not see that type of technology becoming relevant in consumer VR. It’s too much of a stretch to bring that marriage of developer experimentation and end user adoption together, and in most cases is just not worth the effort to include into an experience. Eye tracking however I completely see being fully adopted because it is useful for how it optimizes performance and increases interactivity, while requiring nothing of the end user to adopt. It seems this is getting the most attention about privacy, but I really don’t see how it can be abused. So maybe there might be a game with built in ads and they can track how much attention is spent on them. If you are watching explicit content, was there ever a question on what your eyes are following? If anyone has some input on cons it would be welcome.

          I’m not trying to downplay this however. I agree it is a long and slow slippery slope, has been for a while, and we shouldn’t just let it keep happening.