As outlined in the previous blog posts, the use cases for virtual reality (VR) go way beyond video games and movies. Use cases such as virtual training, audits or business processes in medicine, real estate or urban planning are the future for technology driven companies. Great opportunities often come with great challenges. One such challenge is that legal and regulatory frameworks often lag advancements in technology. As it is early days, there is yet little guidance from courts and governments on how laws will be applied to VR scenarios. In today’s blog we want to look into addressing some legal questions that may arise and should be considered before making a choice.

Basic civil law principles

Whilst we see that most IT-contracts have similar liability provisions and exclude liability for acts of slight negligence and limiting liability for gross negligence, the Austrian Civil Code as well as other comparable laws within the EU mandate that negligence for personal injury or death shall be unlimited. This poses challenges particularly for VR training. Personal injuries may occur during training due to motion sickness that affects up to 10% of the population. People affected must not be disadvantaged, which means that often non-VR alternatives must be provided. Tests also showed that virtual scenarios for emergency services or law enforcement and military, realistic VR solutions may also trigger psychological stress which can result in personal injury. For service providers, this leads to the situation that they have to strike a balance between realistic scenarios and graphics required to meet the training purposes and potential injuries and liability risks.

Privacy and Security

This area of law influences all future technologies and becomes increasingly important to businesses and users alike. As most VR solutions will process data relating to individuals, GDPR applies. Depending on the use case, also sensitive personal data such as health data will be processed, which further limits data usage. The GDPR defines clear obligations on businesses employing VR and as such predominantly acting as controllers of the data and includes high fines for violations. For Austria, the Austrian Data Protection Act compliments the legal privacy framework.

Businesses must have a legal basis for processing personal data, which may be legitimate interest to provide their services, performance of a contract or the user’s consent. They must also rely on strong contractual obligations for their service providers, which include data processing agreements, technical and organisational security measures, and strict data transfer provisions. Particularly, as most providers are not located within the EEA, strict data transfer rules must be in place should processing within the EEA not be an option.

User safety

For Austria, the Austrian Hate on the Net Prevention Act tightened the legal framework and introduced new ways for those affected to defend themselves against such violations of personal rights. In addition, under the new Austrian Communications Platform Act, operators of communications platforms are subject to special regulations for reviewing reported content. The EU’s Digital Service Act, which is currently in the legislative process, could also introduce similar regulations EU-wide.

If the use case is related to an employment relationship, every employer has a duty of care for its employees and candidates. Depending on the use case, harassment can be a major challenge. Irrespective of the virtual surrounding, the employer must ensure that its employees are protected from harassment, insults, or the like.

IP Rights

Patents, copyrights, trademarks, and trade secrets are rigorously defended by rights holders as they protect their investment and ingenuity. These guarantee the same legal rights in a virtual environment as they do in real life. Questions such as software ownership, the inclusion of brands, branded products or protected designs must be considered when programming or employing a virtual solution. Especially when using open-source software, respective copyrights must be observed. When implementing branded products or protected designs, respective licences must be purchased to prevent IP infringements.

Also, patent issues are likely to become increasingly contentious as the major players and start-ups seek to build their portfolios of patents to protect their own areas of innovation from their competitors.

 

 Authors: Gersa Tome
Arne Greiner