Personal Data Protection in the Metaverse: A Privacy Challenge for Digital Citizenship

Authors

DOI:

https://doi.org/10.26422/RIDH.2025.1502.men

Keywords:

metaverse, personal data protection, digital citizenship, privacy, legislation

Abstract

The metaverse, as an immersive digital environment, presents a new challenge for protecting personal data. The amount and nature of information collected in these virtual spaces are much greater than in traditional digital interactions. This is because the metaverse not only records data about our actions but also about our emotions, facial expressions, and body movements, creating a highly accurate digital representation of our persona. This massive collection of sensitive data raises serious privacy concerns. Companies operating in the metaverse have access to a wealth of personal information that could be used for profiling, targeted advertising, or even behavioral manipulation.

In addition, the decentralized nature of the metaverse makes it difficult to enforce existing data protection laws. A clear legal framework is needed to establish companies' responsibilities and guarantee users' rights in this new digital environment. Data protection in the metaverse is crucial to guarantee the privacy and autonomy of digital citizenship. A social debate and adequate regulation are necessary to allow a responsible development of this new virtual world.

Downloads

Download data is not yet available.

Author Biography

  • Odette Mendoza Becerril, Universidad Autónoma Metropolitana (México)

    Licenciada en Derecho (Universidad Autónoma Metropolitana Unidad Azcapotzalco, Ciudad México). Maestra en Educación, maestra en Garantías y Amparo y doctoranda en Ciencias Políticas y Sociales. Actualmente es profesora investigadora en la Universidad Autónoma Metropolitana Unidad Cuajimalpa y coordinadora del Simposio Permanente en temas de Derechos Humanos en la misma Universidad en la Unidad Azcapotzalco y Cuajimalpa, Ciudad de México.

References

Abril, P. S. (2023). Privacy-Preserving Machine Learning in the Metaverse. IEEE Internet Computing, 27(2), 10-17.

Agencia Española de Protección de Datos. (2022). Metaverso y privacidad. https://www.aepd.es/prensa-y-comunicacion/blog/metaverso-y-privacidad

Arribas Sánchez, B. (2022). Régimen jurídico del metaverso: Una aproximación europea. Informática y Derecho: Revista Iberoamericana de Derecho Informático, 12, 151-162.

Cámara de Diputados del H. Congreso de la Unión. (2010). Ley Federal de Protección de Datos Personales en Posesión de los Particulares. Diario Oficial de la Federación.

Cámara de Diputados del H. Congreso de la Unión. (2017). Ley General de Protección de Datos Personales en Posesión de Sujetos Obligados. Diario Oficial de la Federación.

Cameron, F. (2012). Technology and ethics: building a better future. John Wiley & Sons.

Cavoukian, A. (2009). Privacy by design: The 7 foundational principles. Information and Privacy Commissioner of Ontario, Canada.

Comisión Europea. (2022). Declaración Europea de Derechos y Principios Digitales.

Dwork, C. (2006). Differential privacy. En 33rd International Colloquium on Automata, Languages and Programming, part II (ICALP 2006) (pp. 1-12). Springer Berlin Heidelberg

European Commission. (2017). Proposal for a regulation of the European Parliament and of the council on a framework for the free flow of non-personal data in the European Union.

Gentry, C. (2009). Fully homomorphic encryption using ideal lattices. En Proceedings of the forty-first annual ACM symposium on Theory of computing (pp. 169-178). Association for Computing Machinery (ACM)

Goodman, B. y Flaxman, S. (2017). European Union regulations on algorithmic decision-making and a “right to explanation”. AI magazine, 38(3), 50-57.

Ienca, M. y Andorno, R. (2017). Towards new human rights in the age of neuroscience and neurotechnology. Life Sciences, Society and Policy, 13(1), 5.

Kerr, I. (2023). The Metaverse and the Law: Navigating the Legal Challenges of a Virtual World. Oxford University Press.

Lee, M. (2022). Privacy in the Metaverse: Challenges and Opportunities. Journal of Information Privacy and Security, 18(2), 123-135.

Lee, M. (2023). The Metaverse and the Law: Towards a Regulatory Framework. Oxford University Press.

Liu, Y., Liu, J., Zhang, Y. y Xiong, L. (2021). A survey on privacy-preserving technologies in blockchain. IEEE Access, 9, 122787-122805.

Livingstone, S. y Third, A. (2022). Children and young people’s digital rights in the context of the UN Convention on the Rights of the Child. New Media & Society, 24(11), 3211-3230.

Pariser, E. (2011). The filter bubble: What the Internet is hiding from you. Penguin.

Park, S. M. y Kim, Y. G. (2022). A Metaverse: Taxonomy, Components, Applications, and Open Challenges. IEEE Access, 10, 4209–4251. https://doi.org/10.1109/ACCESS.2021.3140175

Parlamento Europeo. (2022). Resolución del Parlamento Europeo, de 15 de diciembre de 2022, sobre la Declaración Europea de Derechos y Principios Digitales en el metaverso (2022/2087(INI)).

Reglamento (UE) 2016/679 del Parlamento Europeo y del Consejo, de 27 de abril de 2016, relativo a la protección de las personas físicas en lo que respecta al tratamiento de datos personales y a la libre circulación de estos datos y por el que se deroga la Directiva 95/46/CE (Reglamento general de protección de datos) (Texto pertinente a efectos del EEE). Diario Oficial de la Unión Europea, L 119/1.

Secretaría de Estado de Digitalización e Inteligencia Artificial. (2021). Carta de Derechos Digitales. Gobierno de España. https://www.lamoncloa.gob.es/presidente

Solove, D. J. (2004). Digital person: Technology and privacy in the information age. NYU Press.

Tene, O. y Polonetsky, J. (2012). Privacy in the age of big data: A time for big decisions. Stanford Law Review Online, 64, 63.

Voigt, P. y Von dem Bussche, A. (2017). The EU General Data Protection Regulation (GDPR): A Practical Guide. Springer.

Wagner, B. (2022). The Metaverse and Data Protection: Challenges and Opportunities. Computer Law & Security Review, 43, 105803.

Wilson, K. J. (2023). The CCPA Deskbook: A Practical Guide to the California Consumer Privacy Act. American Bar Association.

Yao, A. C. (1982). Protocols for secure computations. En 23rd annual symposium on foundations of computer science (sfcs 1982) (pp. 160-164). IEEE.

Zuboff, S. (2019). The age of surveillance capitalism: The fight for a human future at the new frontier of power. PublicAffairs.

Downloads

Published

2025-10-31

Issue

Vol. 15 No. 2 (2025)

Section

Research Articles

License

Copyright (c) 2025 Odette Mendoza Becerril

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

This journal and its articles are published under the Creative Commons  Creative Commons  Atribución-NoComercial-CompartirDerivadasIgual 2.5 (Argentina) (CC BY-NC-SA 2.5 AR) license, which allows the user to download, share, copy and redistribute the material in any format, provided the user can reliably prove his/her condition and provides a link to the license, and allows remixing, transforming and building upon the material, with the contribution being distributed under the same license as the original.  Said license does not authorize the use of the contents for commercial purposes.

How to Cite

Personal Data Protection in the Metaverse: A Privacy Challenge for Digital Citizenship. (2025). Revista Internacional De Derechos Humanos, 15(2), 61-82. https://doi.org/10.26422/RIDH.2025.1502.men