Issues related to Data and use of technology

Dhruv Somayajula, Melissa Amorós Lark (ULEI) 

Summary

XR technologies present significant ethical challenges related to the collection, processing, and use of data—particularly biometric and behavioural data. As outlined in D5.1, these issues span multiple sectors and impact both direct users and bystanders in immersive environments. The rapid expansion of XR has outpaced the legal and ethical safeguards typically applied to digital technologies, exposing individuals to novel data-related risks.

Key Challenges Identified:

  • Biometric Data Collection:
    XR systems often rely on capturing biometric data such as head, hand, and eye movements, facial expressions, voice patterns, and body posture. These “kinematic fingerprints” can uniquely identify users even without traditional identifiers, raising significant privacy and security concerns.
  • Non-Consensual Data Capture:
    Mixed Reality (MR) and Augmented Reality (AR) technologies frequently collect environmental data that may include bystanders, leading to potential breaches of data protection regulations due to non-consensual data processing. Bystanders may be unaware of or unable to exercise data subject rights under laws like the GDPR.
  • Informed Consent & Data Obfuscation:
    As highlighted in D2.1, users often face obfuscated privacy policies and unclear consent mechanisms. The immersive nature of XR complicates the ability to give or withdraw informed consent in real-time. Furthermore, power imbalances in workplaces or educational contexts challenge the voluntariness of consent.
  • Profiling & Emotional Manipulation:
    The combination of real-time behavioural tracking and AI-enhanced analytics enables advanced profiling of users. This poses ethical concerns about cognitive privacy and the risk of emotional manipulation, particularly in marketing, education, or workplace environments.
  • Surveillance & Datafication:
    XR technologies risk intensifying the trend toward datafication, where everyday activities are turned into quantifiable data for commercial or managerial purposes. This is particularly concerning in workplace applications, where XR can enable intrusive monitoring of employee performance and behaviours.

Sector-Specific Data Risks (as mapped in D3.1):

  • Education & Employment:
    Use of XR for learning and training involves data collection on student or employee engagement, behaviours, and responses, raising concerns about surveillance, agency, and fairness in evaluation.
  • Healthcare:
    XR used in medical training or therapy involves sensitive health data. Ensuring confidentiality, secure storage, and ethical usage is critical, especially when combined with biometric inputs.
  • Marketing & Trade:
    XR applications allow advertisers to track gaze, attention, and emotional responses, enabling unprecedented levels of behavioural profiling and targeted persuasion.
  • Security & Policing:
    Integration of XR into surveillance infrastructures (e.g. smart policing) raises concerns about warrantless monitoring, bias in data interpretation, and chilling effects on public life.

Gaps and Unresolved Issues:

  • Existing data protection laws like the GDPR provide a baseline but are not fully equipped to address the real-time, multisensory, and ambient data collection inherent in XR.
  • There is insufficient regulatory clarity on the responsibilities of various actors in the XR data ecosystem—particularly in shared or publicly accessible environments.
  • Cross-border XR platforms pose jurisdictional challenges in terms of enforcement of data rights and legal recourse.

Code of Conduct

The XR4Human Code of Conduct sets forth the ethical obligations for developers involved in technological innovation and governance of immersive technologies, including Virtual Reality (VR), Augmented Reality (AR), Mixed Reality (MR), as well as all current and other emerging immersive environments. The Code is designed to ensure that these technologies respect human rights, protect user privacy, promote inclusivity, and safeguard the mental, physical, and social well-being of all users.

1. Learn

Read and become familiar with the XR4Human CoC. Learn by exploring the Educational Toolbox and the publications in the Rating Repository

2. Assess

Conduct a self-assessment of your own XR technology concept via the Ethical Impact Assessment (EIA) and the CoC Compliance Checklist

3. Test and Explore

Test your idea and get new ideas by exploring the Experience Library

4. Share

Reflect on the rating information received after completing your self-assessment to revise and improve your XR concept

This guide provides step-by-step instructions and tools to help you implement the Code of Conduct during your development and deployment processes. The tools provided include:

Compliance Checklist:
To assess adherence with the principles and articles of the Code of Conduct.
Ethical Impact Assessment:
To assess, anticipate, and mitigate the effects of your innovation on users, society, and the environment.
Integration Information:
Instructions on how to compile these tools with associated XR4Human deliverables/documentation and combine them with your own documents in a large language model (LLM) of your choice.
Back to the Ethics Category