Abstract
This report explores the regulatory frameworks for facilitating regulated data access (RDA) within the metaverse, a rapidly evolving digital ecosystem of immersive virtual and augmented environments. Focusing on the European Union’s Digital Services Act (DSA)—particularly Article 40, the only comprehensive RDA framework so far enacted—the analysis evaluates its applicability to metaverse platforms as Very Large Online Platforms (VLOPs) or Very Large Online Search Engines (VLOSEs). The analysis extends to comparative discussions of data access provisions under the United Kingdom’s Online Safety Act and the proposed United States Platform Accountability and Transparency Act, offering insights into diverse regulatory approaches.
Addressing the unique data governance challenges posed by the metaverse, the report categorizes data generated within the ecosystem into personal and non-personal types, highlighting the complexities of metaverse-native data such as eye-tracking, spatial mapping, and behavioural analytics. It identifies significant gaps in existing legal frameworks when applied to the metaverse, arguing that tailored adaptations are necessary to address the metaverse’s unique challenges. The report also evaluates the data access regimes of selected metaverse platforms, identifying disparities in approaches and the need for standardized practices that align with global best practices.
By identifying key challenges in implementing RDA, this report underscores RDA’s dual role in advancing transparency and accountability—both as a tool for systemic risk research and as a mechanism for regulatory oversight and platform accountability. The analysis demonstrates how structured and standardized data access strengthens fundamental rights protection, supports evidence-based policymaking, and enables civil society organizations, independent watchdogs, and the general public to scrutinize digital services, ultimately serving a broader public-interest function. The analysis extends beyond mere applications to metaverse platforms, providing insights that can be applied to the online platform ecosystem in its entirety. These insights offer actionable guidance for policymakers, particularly in jurisdictions such as the UK, where current legislation lacks explicit data access provisions. Implementing the report’s recommendations—ranging from privacy-preserving technologies to interoperable standards—will enable regulators to balance innovation with accountability, foster trust in metaverse ecosystems, and ensure robust protections for users’ fundamental rights in an era of rapid digital transformation.
Addressing the unique data governance challenges posed by the metaverse, the report categorizes data generated within the ecosystem into personal and non-personal types, highlighting the complexities of metaverse-native data such as eye-tracking, spatial mapping, and behavioural analytics. It identifies significant gaps in existing legal frameworks when applied to the metaverse, arguing that tailored adaptations are necessary to address the metaverse’s unique challenges. The report also evaluates the data access regimes of selected metaverse platforms, identifying disparities in approaches and the need for standardized practices that align with global best practices.
By identifying key challenges in implementing RDA, this report underscores RDA’s dual role in advancing transparency and accountability—both as a tool for systemic risk research and as a mechanism for regulatory oversight and platform accountability. The analysis demonstrates how structured and standardized data access strengthens fundamental rights protection, supports evidence-based policymaking, and enables civil society organizations, independent watchdogs, and the general public to scrutinize digital services, ultimately serving a broader public-interest function. The analysis extends beyond mere applications to metaverse platforms, providing insights that can be applied to the online platform ecosystem in its entirety. These insights offer actionable guidance for policymakers, particularly in jurisdictions such as the UK, where current legislation lacks explicit data access provisions. Implementing the report’s recommendations—ranging from privacy-preserving technologies to interoperable standards—will enable regulators to balance innovation with accountability, foster trust in metaverse ecosystems, and ensure robust protections for users’ fundamental rights in an era of rapid digital transformation.
| Original language | English |
|---|---|
| Commissioning body | Department for Digital, Culture, Media and Sport (DCMS) |
| Number of pages | 89 |
| Publication status | Published - 10 Apr 2025 |
Keywords
- metaverse
- regulation
- data
- access
- reccommendations