Returns are the bane of brands’ e-commerce offerings. An exciting prospect the metaverse offers is the possibility of customers having “digital twins” of themselves – i.e., an avatar that is their same size and shape and that is able to stroll through the virtual world. While the avatar might be a three-headed dragon in some contexts, for some metaverse services – particularly anything related to purchasing wearable items for delivery in the “real world” – a digital twin could prove very useful. The twin, along with perfect digital replicas of the items offered by online retailers in the metaverse, could allow customers to buy with greater confidence that they are going to get an item that fits. This creates a much more immediate experience for the customer and delivers greater brand engagement for the retailer. It also drives financial and environmental savings by reducing returns.
But if you want to set up shop on a plot of virtual land, what is the first thing to consider? There are two metaverse concepts: “top-down” – with the platform operator acting as the arbiter and town planner; or decentralized and “web3” enabled – where users own and build their environment. A top-down approach might make it easier to secure and create a safe space. A top-down has features that can easily facilitate legal compliance, and perhaps connect to other top-down metaverses giving access to a large pool of customers, all in exchange for giving up a large slice of control and data.
Let’s assume your brand opts for the top-down option – what are the legal implications? Your virtual store will receive a vast array of rich datasets from customers and other sources that dwarf those collected via a traditional e-commerce site. Depending on the capabilities of the virtual reality headsets that customers use to peruse your wares, you could be collecting data (such as vital signs and eye tracking) from which certain behaviors can be inferred.
Though this is an exciting opportunity for any brand, the applicable privacy laws will need to be determined and observed. This will depend on a number of factors, such as the location of the platform operator’s servers, your location, and the location of customers. If United Kingdom or European Union laws apply, as a data controller you bear a host of data protection duties. For instance, you should carry out an impact assessment to determine the lawful basis for using the data, the impact on your customers and how this can be mitigated, and how you will inform them of all of this. Some of this is troublesome enough on the old-fashioned internet – cookie banners anyone?
Gareth Stokes is a partner at DLA Piper, where he focuses on AI, information technology, strategic sourcing and intellectual property-driven transactions.
Kurt Davies is an associate at DLA Piper, who advises on domestic and cross-border strategic commercial agreements.
Full story here