Have you had a chance to play the game your company developed? If you haven't, now is the time. The best way to understand all of the legal risks it might present is to try out that VR headset or take your mobile AR game to the streets to get the full picture of how it all works.
Augmented reality (AR) allows digital media to be overlaid on the real world. The technology can be deployed through a smart phone, tablet, or special glasses. A cousin of augmented reality is mixed reality (MR), which involves the merging of real and virtual worlds. Both AR and MR raise new legal challenges, in particular for intellectual property, privacy, and security practitioners. This article looks at certain of these issues and provides some suggestions about the ways in which practitioners can practically address these concerns.
Consider Whose Intellectual Property You Are Using
AR represents a significant leap in how intellectual property is used in a video game. No longer is the user experience dictated solely by a game designer. There is a choose-your-own-adventure aspect to AR gameplay, which also means that gamers are interacting with the intellectual property of others, who often did not agree to be part of the game experience. For example, some brands may not want to be associated with certain kinds of AR technology. To the extent that an AR game is directing users to certain brands, it is prudent to have approval for the use of that brand. More generally, though, it is also a best practice to consider whether you want to allow any brand (or indeed, any third party) to opt out of the experience.
Another interesting area to watch will be how AR companies address copyright issues, because AR allows digital media to be overlaid on top of the real world. With regard to the Internet, litigation about overlays (such as pop-ups) typically involves a robust discussion of whether the overlay is a transformative use of the original copyright. So far, the use of AR technology has generally been rather transformative. But as AR becomes more commercial and ubiquitous, the application of the transformative doctrine to AR technology could be very interesting.
Many uses of AR technology involve a wide array of partnerships and licenses. Practitioners working through these licenses should understand – and document – what is being licensed and how the licensed property may be used in technology. Purveyors of AR should pay close attention to what their competitors do to address and manage risk.
Don't Forget About Game-Specific Privacy and Security Concerns
AR technology also presents interesting and novel questions around privacy and security. AR companies engage in data practices that are, in some respects, similar to those employed by other companies: they collect, store, and use various user data to enhance the user experience and sometimes share data with network affiliates and business partners. A difference is that AR companies are often collecting different kinds of data, such as data related to a device's movements and the dimensions of the room in which the user is using equipment. In addition, AR technology may give a company the ability to constantly record data in relation to everything a user is doing. For example, AR applications might track where a user is looking and how long the user looks at an object or person.
AR companies take the view that this information is useful for, among other purposes, improving user experience and minimizing health and safety risks. AR companies also explain that the collection of this data is critical for the continued development of AR software. Additionally, AR companies and other brands may find this data valuable, as the data may represent an opportunity to monetize an AR game. Among other privacy challenges raised by AR, this potential for large-scale data collection and collection of new kinds of data (e.g., user movements) makes it important for AR companies to have thoughtful internal privacy policies that articulate the nature of data collected and the ways in which it will be used and shared. Such policies will need to be reviewed and updated as AR technology continues to evolve to reflect how companies capture and store new data.
It is also important for AR companies to implement appropriate technical and organizational security measures designed to protect the significant amount of user information that may be stored and transmitted. Part of minimizing this security risk includes designing and implementing a robust internal security program and ensuring that the program is routinely tested, maintained, and updated. In addition, AR companies need to conduct appropriate pre-engagement diligence in advance of contracting with vendors to ensure that a potential vendor offers industry standard security controls. Finally, AR companies should ensure that service provider agreements include reps and warranties with respect to the service provider's privacy and security practices, including but not limited to an obligation to notify the AR company in the event of a data breach.
Where Are Things Heading?
In May 2017, House members formed a "reality caucus" to consider issues related to virtual, augmented, and mixed realities. Right now, the objective of this caucus is to learn about these technologies and educate other members of Congress about them. However, we might also caution that the creation of this caucus signals an opportunity and reason for the AR industry to consider and develop best practices while the industry remains nascent.