Current and potential applications of the metaverse are endless, but the new digital realm has raised novel issues that have confronted legal professionals in various roles. Putro Harnowo recaptures the views of tech experts attending a recent industry event


he metaverse has taken the spotlight as a limitless world that may be navigated and explored as virtual reality. This augmented world occurs through vision in the form of a head-mounted display, operating alongside audio or haptic sensory feedback that is elicited from devices that are worn by the user. Singapore’s TechLaw.Fest 2022 sought to answer questions arising in the new space by bringing together well-known experts to offer possible solutions to the challenges posed.

“We have to look at the balance between enabling the metaverse and its components to develop with proper incentivisation measures in place, and also safeguarding through regulation,” says Stanley Lai, partner and head of IP practice at Singapore law firm Allen & Gledhill. “Success and harm arise from abuse and exploitation. A balance can only be achieved by the convergence of non-legal rights, technologies, as well as the possibility of new evolving rights and obligations.”

In IP matters, issues of copyright, trademarks and personality rights have become enigmas that are convoluted with decentralised technologies. Unregulated content has also posed harm to its users, in addition to the difficulties with enforcement beyond the platform space. For those seeking and currently involved in the metaverse project, the contractual interface, liability risk mitigation and data privacy laws are among the first to ponder.

“Being an IP and commercial litigation lawyer for more than 25 years, I’ve seen our professional roles incrementally evolving,” says Lai. “Lawyers who practise in this field now have to be the embodiment of expertise and IP content regulation, data protection and the law of obligations.”

IP rights analysis

Earlier this year, Hermes sued digital artist Mason Rothschild for selling collections of NFTs called MetaBirkins, which were intended to be a playful abstraction of an existing fashion culture landmark, the famous Hermes Birkin, in the metaverse. The limited edition NFTs were sold for USD450 each late last year, collecting USD46,000 in just two weeks.

The French luxury brand stated that MetaBirkins infringed on Hermes’ trademark rights and were an example of fake products in the metaverse, while demanding Rothschild and the companies that made available the MetaBirkins for sale remove the NFTs. Although Rothschild is currently contesting the cease-and-desist order, the largest NFT marketplace, Opensea, has complied and removed MetaBirkins from its platform.

In AM General v Activision Blizzard, where Activision Blizzard reproduced military vehicle Humvees in their gaming platform, Call of Duty, the reproduction of Humvees is so realistic that the game company was sued by the vehicle manufacturer, AM General. However, the courts gave Activision a credit for their work, as the game maker had no choice but to make an accurate reproduction of the vehicles to make the war zone environment realistic.

“We can start this analysis by walking ourselves through the various scenarios in trademark law to see how this will actually play out before the courts,” says Daniel Seng, associate professor at the National University of Singapore’s Faculty of Law. “The fundamental rule in trademark law is that a mark is to be used in relation to goods and services, so if a mark is not associated with or used in relation to goods and services, it falls outside of the trademark regime, and trademark law will not govern the issues in that particular instance.”

Copyright law is also exemplified by the fact that it centres around the rights of reproduction, Seng adds, including the conversion from two or three dimensions and vice-versa. A good example of this is United Feature Syndicate v Koons (1993), where American artist Jeff Koons created a sculpture named Wild Boy and Puppy.

Koons argued that the puppy was an accidental reproduction of Odie, the dog from the Garfield comics, and contended that this was fair use. However, the courts were not convinced, as Koons had made multiple copies of his sculpture for sale, which was therefore detrimental to his fair use defence.

“The fair use defence is likely to feature very prominently in many metaverse cases, particularly if the assessment by the courts is done on a case-by-case basis by evaluating the alleged infringers’ use of copyrighted works,” says Seng. “Even though the fact that a work could have commercial use is not a factor that would preclude the application of the fair use test, the fact that the use of a work can have potential commercial ramifications in relation to the market of the original work will negatively affect the user’s reliance on the fair use test.”

In some cases, copyright analysis in the metaverse will also overlap with personality rights, as there is limited recognition in the IP space for an individual’s right to his or her persona. For example, in Robyn Rihanna Fenty v Arcadia Group Brands, which involved the image of Rihanna on a T-shirt sold in London, an action was successfully taken against the T-shirt maker for passing off.

“The interesting thing about this particular right is that, at least in common law jurisdictions outside of the US, it overlaps with the right to privacy and the right to be left alone and data protection rights,” says Seng. “One needs a holistic analysis of IP rights when analysing personality rights because one must also consider the data protection issues associated with subjects like these.”

From a wider perspective, Seng expects legislators to evaluate the need to further harmonise copyright rules in the metaverse. For example, the internet era has sparked the World Intellectual Property Organisation (WIPO) to ratify and update its internet treaties that lay down an international framework for protecting unauthorised access to and use of creative works on the internet and other digital networks.

Colliding realms

As the metaverse developed, Tan Cheng-Han, dean and chair professor of commercial law at the City University of Hong Kong, says the digital realm has brought with it the dark side of the internet, and the greater convergence of the real and virtual world will exacerbate this tendency.

A BBC News investigation in February 2022 reported that a researcher posing as a 13-year-old girl witnessed online grooming, racist insults and an assault threat in the metaverse. Although the term “grooming” is used, Tan argues that this does not fall within the current definition of grooming in criminal law, as action in the physical world is necessary to fit into such a category.

Another example in a different context is groups of user avatars with inappropriate language on their digital clothes, such as language that is offensive to a particular religion.

“It is not difficult to envisage other types of highly anti-social behaviour that could take place in the metaverse, which are not offences to date and will cause a lot of people to wonder if they should be,” says Tan. “Since the metaverse is a junction of the real and the online world, and arguably an imperfect mirror of the real world, to what extent should activities be regulated more similarly to those in the physical world?”

Tan also points out that general thinking on the internet has changed considerably in the past few years; where it was once extremely libertarian, states are currently moving in the direction of regulating online speech. The EU’s Digital Services Act, the UK’s Online Safety Bill and Singapore’s Protection from Online Falsehoods and Manipulation Act are examples.

Recently, Singapore’s Ministry of Communications and Information launched a public consultation on a proposed code of practice that will require platforms with significant reach to have appropriate measures and safeguards to mitigate exposure to harmful content for Singapore-based users. These include having community standards, content moderation processes, and tools to manage users’ exposure.

“It will likely also be the case in the early phase of the metaverse to regulate online harm through the imposition of standards and obligations on significant platforms,” says Tan.

Besides removing or blocking existing content, Tan argues that it may be equally important to prevent harmful activities from taking place in the metaverse. For example, is it feasible to require users’ avatars to be verified by authentic digital identities before accessing important services in the metaverse? As a result, such wrongdoing will leave a digital signature that can be traced to the identity of the user.

Another area where the real world might intersect with the metaverse is digital assets. As such assets become more precious and might have sentimental value, in July 2021, Tencent was reported to have developed a patent on digital legacy that will allow people to pass on digital assets to the next generation.

“If someone has an avatar that behaves in a certain way over a period of time in the metaverse, coupled with algorithms and artificial intelligence, eventually it’s likely to be that when the person has gone from the physical world, the avatar could probably be a fairly accurate representation of what the person would have done in the living world,” says Tan. “And I can just imagine and hope that the children and family members would like the digital footprint to continue to exist in the online space for them to remember the person.”

Nitty gritty liability

The multitude of organisations in the metaverse brings a big challenge from a contractual and liability standpoint, according to Ahmed Baladi, a partner at Gibson Dunn in Paris. Developing the metaverse, or operating a virtual space in the metaverse, will require dealing with various stakeholders including hardware providers, platforms, data hosting providers, blockchain companies, marketplaces, smart contracts, etc.

“These entities are necessary for the development and operation of your metaverse as they have different profiles with different financial capacities,” says Baladi. “They may have more or less extensive experience in the metaverse, in the NFT or even in hosting digital environments, and they could be based in different jurisdictions and have their own terms of services that they’re trying to impose.”

Selecting a provider or a partner that is able to maintain its activity during the term of a project is one of the key questions to raise, Baladi notes. The second question is whether there are any technological constraints imposed by specific providers, as the metaverse is based on various technologies that may not be compatible with each other.

“Another question is the level of compliance, and what is their appetite to make sure that they comply with the different legal and regulatory requirements in the different jurisdictions where you want to operate your metaverse projects?” says Baladi. “Are they covered by any specific insurance adapted to your metaverse project?”

Before making any move into a metaverse project, Baladi says it is critical to start raising the above-mentioned questions with different members of the organisation involved in the project, including business people, the audit team, finance department, security and IT, and the legal department.

Once an initial step has been taken, the legal aspects come with the question of governing law, where different stakeholders are governed by different rules.

There would be potential discrepancies between the governing law of big players that have been successfully imposed in their agreements, and the end users that are protected by their local law. Identifying the gaps between the protection from different providers, and what is due to the end users, will be critical to matching the risk and the cost of entering a metaverse project.

“With these different contracts with the main stakeholders, the majority of these agreements contain the exclusion of liability,” says Baladi. “This means that you will have to take full responsibility in the event that your end users are suffering any damage.”

For this reason, many organisations or companies would prefer to select an integrator that will take the responsibility to ensure the co-ordination of different stakeholders. Although it will not guarantee to solve all the problems, it would be easier to co-ordinate and avoid having to deal with a multitude of companies when entering the metaverse space.

With regard to personal data, Baladi says that the key to doing a metaverse project is to perform a data mapping exercise and identify what type of data will be involved. The business operator should take responsibility to collect the consent of the end users’ data with a transparency obligation.

For example, a user moving from a virtual shopping centre to a museum would face the risk of being overwhelmed with privacy policies and consent collection forms whenever moving from one environment to another.

“We have to read hundreds of pages of privacy policies when navigating through different environments in the metaverse, in addition to the risk of who should take responsibility to post the privacy policy and collect the consent,” says Baladi. “One solution will be to work through the dashboard or to delegate this obligation to collect consent and a post privacy notice to a third party, but that doesn’t mean that the responsibility will be transferred to the third party.”

The final thought on privacy and data protection is international data transfer. One key element to ensure data transfer will be made with appropriate safeguards is the standard contractual clause, a model data transfer mechanism primarily designed to help controllers and processors legally facilitate data transfers to third countries.

On cybersecurity issues, conducting a security audit is critical and selecting providers with robust security policies and measures is highly recommended.

“The requirements imposed by the EU Commission and data protection authorities in Europe are heading the harmonisation of enforcement mechanism for privacy rights,” says Baladi. “We can see this by the fact that many countries are adopting privacy legislation, which is pretty similar to the GDPR, and I think it’s more co-ordination now at the international level that will be needed.”

This article was collated from a virtual meeting session in 22 July at Singapore’s TechLaw.Fest 2022, [Law of Tech] titled Reviewing the Laws of the Metaverse: Issues of Property Ownership, IP Rights, Content Regulation, Data Sharing and Transparency