Oculus is complying with the new EU data protection rules with more detailed policies and a "privacy center" where users can verify the data that Oculus has collected about them. The virtual reality company owned by Facebook announced the news today, but its updates will take a little more time. "My Privacy Center" will be launched on May 20, and the new terms of service will be published on April 20, but will go into effect on May 20. Oculus will also expand its terms of service to cover augmented reality, a field that Facebook has openly explored, but that Oculus has not had until now.
Many companies are adapting to the next release of the General Data Protection Regulation, which requires them to set a higher standard for the collection of personal information. The privacy center is a direct response to GDPR, but most of the Oculus changes are just adjustments to how the rules are explained and organized. "Our practices do not change with respect to how we use data today, we're just including more transparency," says Oculus associate general counsel Jenny Hall. For example, Oculus is adding its existing code of conduct to the official terms of service, "to provide greater visibility to our commitment to create a safe virtual reality environment for all people."
"We try to follow that principle of only collecting data that we believe is necessary for a good virtual reality experience."
In a list of frequently asked questions, Oculus reiterated some of its policy positions, including the assertion that it does not share data with Facebook for third-party ad targeting. Oculus does not explicitly rule out such an exchange in the future, and product leader Max Cohen says that "there is a time in the future when virtual reality ads will make sense." (HTC already has a VR advertising service for its Live headphones.) But "it's not on our short-term roadmap, we're not having discussions about it, we do not know when we would start," says Cohen. "It's really not something we're looking to do."
Oculus has also gone into more detail about how physical movement data is collected and stored. Cohen says the company takes samples of the positions of the hearing aid users once per minute, adds and disidentifies that data, and tells the developers how much space the average user occupies. Oculus also asks about the height of the players, but says that this data is only stored locally on your computer, not on the Oculus servers. As a result, there is no movement data available for download through My Privacy Center.
Oculus says it shares "limited information" with Facebook, including information about accounts that are marked by spam and abuse. According to Hall, that could include something like Oculus identifying a potential hacker through his IP address or other tools, and then telling Facebook what it is.
Facebook has spent several weeks under fire for allowing Cambridge Analytica data mining firm to collect user information, and part of that scrutiny went to Oculus. The company answered some questions from The Verge earlier this month, but is now making its current privacy stance a bit more obvious.
As we have heard before, Oculus does not have a strict policy that declares what it could collect in the future. But Cohen says that Oculus will follow the spirit of current politics, even if specific details change. "We have a responsibility to be very transparent about when we collect the data and what we are doing with them, if we had to violate those principles, it would have a high cost," he says. "We try to follow this principle of only collecting data that we believe is necessary for a good virtual reality experience, and I am committed to ensuring that this principle does not change."