Leonard Daly has been involved in Virtual and Augmented Reality (now called Extended Reality – XR) for decades as a content developer, specification writer, and tool creator. He is co-chair of the W3C Community Group Declarative WebVR and creator of XSeen – an HTML-like language for the handling of 3D XR content in the web browser. In other aspects of his professional career he has worked extensively in security and privacy for the protection and handling of financial and medical information.
Augmented Reality (or more generally XR) is becoming one the hottest application markets for mobile devices. It uses span everything from consumer entertainment, society information, architecture, industrial design, facility maintenance, and academic research. These systems have the potential of revealing huge quantities of non-public data that include
Web browsers already require explicit user approval for items (2-4); however, the user does not necessarily understand the implications of approval. Once approval is given, the application running inside the browser may choose to send some or all of this information to the originating server for processing or storage. This includes facial recognition, voice recognition, person identification (no face, no voice), and private environment modeling (e.g., personal residences).
I believe that it is insufficient to solely rely on legal rules and society practices. The EU GDPR requires consent in clear and plain language and easily withdrawn. Organizations such as Cambridge Analytics (and by extension Facebook) have shown that not every organization operates within normal society practices. I do not know of a technical solution to this issue, and I believe the solution will involve a number of pieces including technical controls, user education, and legal requirements. Fortunately, the XR market is still very immature, especially at the consumer end; so there is an (perhaps unique) opportunity to develop solutions that will allow the user to knowledgably control the release of information.
The ideal solution would prevent "bad actors" from accessing and uploading non-public data while allowing "good actors" to do so. Unfortunately, in the real world, determining "good" from "bad" is difficult to impossible. Therefore, the goal of this discussion is to get out in front of the issue before society decides that everything associated with XR is bad (or takes steps to legally restrict it) to identify areas that are amenable to technical solutions and those that require legal or other procedural solutions.