METAVERSE- Creation of A ‘New’ World



Metaverse can be referred to as a virtual universe where users (computers or humans) control virtual objects which already possess a trademark or copyright. Simply speaking, it is a virtual reality space where users interact, socialize, trade, play games and can technically build up on anything.

The internet has made lives easier at the cost of threat to privacy of people who are frequent users of metaverse. Firstly, because the personal data shared by users in the “virtual platform”, cannot be accessed or regulated by the users themselves. In metaverse, companies have uncontrolled access to personal data with the possibility to exploit information. This is a threat to users, entering personal details in ‘good faith’.

[Image Sources : Shutterstock]

Secondly, in metaverse, the avatars controlled by humans or computers are often seen to be associated with trademark or copyright, as metaverse is embedded with a lot of literary, artistic, visual, sound as well as shapes and symbols. This is where the linkage between IPR and metaverse is seen clearly.

There is a rising concern for the inventors of IPR, because the creators of metaverse who do not respect the rights of the designer or the inventor who created the “original” or “distinctive” works through the creation of mind, causing an infringement of copyright or trademark of the original inventor.

A lot of challenges can be seen with the protection of IPR in metaverse. It might so happen that things which are used in metaverse are a replica of the things which already exists in the real world and are protected through IPR. Hence, causing infringement. Under such circumstances, the defending party can raise this issue as a “transformative use” (a substantial part that is copied) with the “fair dealing” clause.

Questions that arise through this would be- Who is liable for the infringement occurring in metaverse? Will it be the company creating the metaverse or the architect of metaverse? The answer to this is that the liability would vary depending on the functionality, interaction of metaverse with the users and mode of operation of metaverse. Under similar circumstances, the IP owner can take an action of infringement against the websites operating on the internet.

The risks of data privacy are susceptible with the rise in dependance on metaverse as there will be higher degree of storage of personal details of the user to facilitate a virtual interface for smooth interaction between the user and computer-based system.

In the absence of proper regulations, personal data might be stolen to create targeted advertisement. Metaverse users would ultimately make their personal details both vulnerable and exploitable as users wouldn’t be able to keep a check over the use, storage, and disposition of their personal data.

In District of Columbia vs. Facebook, Inc. (2019) , Facebook failed to protect consumer’s private data and access the information from 70 million Facebook users.

In Columbia vs. Google LLC (2022) , Google was sued for unlawfully collecting the information and its failure to protect the location data of the consumers. Google made it appear that the consumers had given the consent to provide access to their location, when in reality consumers did not. While the matter has not been heard by the courts, yet it appears from prior decisions in similar cases that Google has caused an act of infringement.

In Brown vs. Google, LLC (2021) , a suit was filed against Google for deceitfully tracking all the information from Chrome users who made search in the “Incognito” mode.

In ACLU vs. Clearview AI , suit was filed against Clearview, a facial recognition company that violated the Illinois Biometric Information Privacy Act (BIPA). Under BIPA, the Company must inform the consumers about the information stored, the length of storage and the purpose of collecting the data along with the consent from the consumer. The matter ended with a decision that Clearview’s practice of facial recognition that was being used across business entities would be banned not just in Illinois but across whole of USA.

In Rosenbach vs. Six Flags (2019) , it was held that, users needed to prove a basic criterion to show that the data privacy norms have been violated.

In Re Google Inc. (2019) , it was held that the consent before collecting data could be either expressed or implied but should clearly notify the users of its practices. It has also been implied that privacy laws should be updated from time to time to ensure that the meta collects data with full transparency.

DATA PROTECTION UNDER THE NEW IT REGIME- Preventive Step to end Privacy Infringement in Metaverse.

Today’s world is digitalized and technology driven. Every transaction imaginable of might be seeking personal details in some way or the other. By giving out information ourselves, we consent to the usage of personal information for specific purpose forgetting the fact that this might in some way breach our Right to Privacy.

Hence, a new reform, General Data Protection Regime (GDPR), which is not yet passed was initiated to provide people, Right to Privacy. Based on given recommendations, Data Protection Bill was initiated and the concept of data fiduciary emerged. Data fiduciary refers to any company, firm, juristic entity that determines the means and purpose of processing personal data. Fiduciaries are required to keep check on data collected on regular basis such as appointment of data protection officer, to take up data protection impact assessment, maintaining accurate and up-to-date information about customers.

Personal information of customers are processed by data processor on behalf of data fiduciaries. Hence, it is the duty of organizations which collects the information to maintain it’s confidentiality. The bill applies to information that is collected, stored, processed, or distributed within the territory of India. The bill of 2021 provides protection to personal, non-personal as well as anonymous data.

The proposed bill of 2021, yet to be passed states that there can be processing of personal information only if it is done under fair and reasonable circumstances without jeopardizing the right to information of the principal. Such processing should be done only for reasons consented to by the data principal.

This bill states that data of the principal should only be collected to the extent that is necessary for the purpose of processing the data. Data fiduciary should have an undertaking in multiple languages stating the purpose of collecting data, method, and the basis of processing it. Data fiduciary are accountable for leakage of any of the data of the principal as accorded under the bill of 2021.

In the present age the protection of private and sensitive information of the principal is the need of the hour to safeguard the Right to Privacy that has been enshrined under Article 21 of the Constitution of India. The dependence of people on the metaverse will rise in the future and checks should be kept over it by regulating authorities through dynamic policies and regulations.

Author: Adrika Baishya, a Student of College- Amity Law School, Noida, in case of any query, contact us at Global Patent Filing or write back us via email at

Get In Touch