Spatial computing technology is evolving at hyper speed. Rapid advancements in generative artificial intelligence (Gen AI) are driving development, and with the increasing availability of sleek wearables and powerful spatial apps, it should come as no surprise that organizations are quickly integrating virtual reality tools into their business workflows.
Forward-thinking attorneys find ourselves wondering how these tools will affect our clients and their interests. What do we need to be on the lookout for, and how will problems manifest? When it comes to privacy, security, information governance and e-discovery frameworks, what updates should we be making now?
By exploring spatial computing technology with an eye toward spotting and mitigating risks, attorneys can help their clients implement processes that support early adoption, while also balancing the need for protection from unforeseen risks.
What Is Spatial Computing?
Spatial computing technologies enable users to interact with virtual elements through their physical space. They accomplish this by leveraging sensors, cameras, optics and advanced algorithms to perceive and understand a user’s environment. This understanding allows digital objects to coexist with a user’s physical space. Integrating physical space into computing environments creates massive opportunities for innovation, opening the door for technologies previously confined to pages of science fiction.
In virtual communities, the terms “VR” and “spatial computing” are used somewhat interchangeably right now––with spatial computing serving as the fancy new tech term. To introduce even more lexical fuzziness, there are several other flavors and terms of which to be aware.
- Extended reality (XR) is an umbrella term used to refer to virtual, augmented and mixed reality technologies.
- Virtual reality (VR) applications tend to immerse users completely in digital environments.
- Augmented reality (AR) systems overlay digital information onto a twin of the physical world.
- Mixed reality (MR) tools merge real and virtual worlds to produce new environments where physical and digital objects can interact in real time.
How Does It Work?
Spatial computing tools capture data about the physical environment, such as dimensions, distances and interactions between objects. Devices like VR headsets process this data and render 3D imagery that appears to interact seamlessly with the real world. Beyond mere visualization, these tools make it possible for users to manipulate virtual objects and control applications with their eyes, hand gestures and body movements, making computing both interactive and immersive. Movements are interpreted as input commands, turning physical space into a digital interface.
The implications are astounding, with the potential to affect nearly every industry. Today, these tools are being used in ways both effective and inspiring. In health care, there are therapeutic uses for patients with impaired mobility, and even surgical professionals are getting in on the action; using headsets to access critical information, hands-free, from within a sterile field.
From drastic leaps forward in gaming and entertainment to 3D modeling capabilities in architectural design, this technology will meet a bevy of complex needs. And, with a significant volume of the workforce working either remotely or in a hybrid role, there is a need for remote meeting tools that feel more like real world interactions. Enterprise-oriented productivity and meeting tools are entering the VR market to meet this need, and we should anticipate rapid corporate adoption. As tools and applications continue evolving, we may be challenged to predict how business practices will shift.
Protecting Data Privacy
Spatial computing devices are specifically designed to capture a user’s actions, behaviors, appearance and biometric markers. They access, manipulate and may store this sensitive personal data to use for other purposes. In addition to capturing a user’s data, the tools create unique user footprints that can contain complex profiles and more personal information. This makes data privacy considerations exceedingly important.
Headsets use facial recognition and iris scanning technology for identification and vision-based navigation. Using biometric data in this fashion highlights the need for careful planning and protection. A thorough review and assessment of privacy policies and data handling practices should be undertaken before spatial computing devices and software applications are considered for business use. If you find that clients have already adopted VR tools without taking this into consideration, it’s critical to undertake privacy and security assessments as quickly as possible.
Different tools will have different ways of handling, processing and storing data, which means that data privacy vulnerabilities must be assessed individually for hardware tools and software applications. It’s time to ask important data privacy questions including whether any of our data is being collected and stored, which data is being targeted, where it is being stored and for how long. Additionally we must understand and document who has access and how the data is being used.
These questions may become even more important when assessing compliance with privacy regulations, such as the General Data Protection Regulation (GDPR) in Europe or the California Consumer Privacy Act (CCPA), which require robust data protection measures and grant individuals substantial control over their personal information.
After careful vetting to determine which tools are suitable, organizations must design and implement updated security, information governance and device management policies to accompany them. Data maps and information technology (IT) infrastructure documentation will need to be updated, and new language added to information governance policies should specifically contemplate and address spatial concerns. Privacy by design principles should be followed, incorporating strong encryption methods, access controls and anonymization techniques.
Employee awareness and training surrounding how these new technologies will be integrated into existing security policies is important for responsible adoption and ongoing security.
Biometrics Regulations
The integration of facial recognition, iris scans, gait analysis and other biometrics into spatial systems presents a critical point of focus for privacy regulations. A growing number of U.S. states have adopted regulatory frameworks for biometric privacy, including Texas, Illinois, Washington and California. Interestingly, only the Illinois Biometric Information Privacy Act (BIPA) provides consumers with a private right of action. BIPA imposes stringent consent and data handling requirements on businesses that collect biometric data.
At the federal level, the newly proposed American Privacy Rights Act (APRA) seeks to establish a more unified regulatory framework across the United States. This Act builds on previous legislative efforts, like the National Biometric Privacy Act of 2020, and introduces guidelines for the handling of sensitive biometric data. APRA mandates that entities managing biometric information must not only secure affirmative express consent for collecting, retaining or sharing this data but also adhere to strict data minimization and transparency guidelines to protect individuals’ privacy.
To comply with these evolving standards, spatial computing tools and services must be equipped with clear and comprehensive data privacy policies that address the nuances of managing biometric data within spatial computing environments. We must consider a variety of factors.
Consent and transparency. Clearly informing organizations and individual users about what biometric data will be collected, how it will be used and with whom it will be shared is fundamental. Explicit consent should be obtained in a manner that complies with local and international laws.
Data minimization. Data collection should be limited to only the biometric data that is necessary for the intended purpose, keeping it no longer than necessary.
Security measures. Stable and effective security protocols must be implemented to protect biometric data from unauthorized access and data breaches. This includes encryption, secure storage solutions and regular audits of security practices and retention schedules.
Information Governance
Attorneys should encourage clients to proactively update data maps and IT infrastructure documentation. This involves detailing where an organization’s spatial data resides, how it is stored and for how long.
Depending on an organization’s compliance obligations, device management policies may be needed for headsets and other devices. Understanding and documenting the flow of data from these devices into company systems is critical, and IT infrastructure should be thoroughly assessed to assess the costs and capability to secure and store spatial data.
Extended retention of large spatial datasets may prove impractical and potentially risky, making retention schedules a must. Legal teams will need to work with clients to establish retention periods that balance operational needs with compliance and risk management, ensuring that data is kept only as long as it serves a legal or business purpose. As always, defensible deletion practices must be transparent, consistently applied and well-documented, to withstand legal scrutiny.
By acting as counselors in this area, legal teams can help ensure that policies for data capture, storage, use and deletion support business use of spatial technologies while safeguarding individual privacy and organizational integrity.
e-discovery Challenges
Spatial computing presents complex implications for litigation readiness and e-discovery. These applications generate vast amounts of diverse data, including 3D models, user interactions and biometric identifiers, all of which could potentially be relevant in litigation or regulatory investigations. This proliferation of new data types results in unique challenges for e-discovery, from scoping and collection to review and production.
Identification
The first challenge lies in recognizing and understanding new data types and sources. This includes data from AR headsets, VR equipment, mobile devices integrated with spatial computing applications and cloud storage solutions that synchronize with these devices. Legal teams must increase their awareness of these sources and update custodian surveys to appropriately identify and define the scope of data needed for potential litigation purposes.
Preservation
Preservation strategies must expand to meet the demands of spatial computing, with expectations shifting to include devices such as headsets, mobile and cloud environments used by custodians. Legal teams should be prepared to discuss and advocate for necessary preservation measures related to spatial computing data at 26(f) pretrial conferences.
Given the dynamic and often ephemeral nature of spatial data, preservation may need to be accomplished through immediate collection rather than preserving in place. And IT interview specifications and custodian questionnaires should be updated to capture information about the use and management of spatial computing technologies.
Collection
When spatial computing data is involved in a matter, legal teams should prepare for a broadened scope of collection. It is imperative to engage experts who can clearly define parameters for the export, processing and transfer of spatial data, including how to handle large datasets. Spatial metadata is critical for understanding the context and authenticity of spatial interactions, and special care must be taken that it is included in the scope of collection.
If forensic collection of such data is necessary, this will present a significant challenge. Currently, there are no established forensic standards for collecting spatial data, and this lack has the potential to affect data’s integrity, authenticity, admissibility and even its weight in legal proceedings. Developing a standard methodology for forensic collection of spatial data may prove to be a pressing need for litigators with tight time limitations. Legal and technical experts will be developing these methodologies in real time, as they are needed in live matters. And until reliable forensic standards have settled into place, legal teams must be particularly cautious in their collection methodologies.
Review and Analysis
Interpreting spatial data in a legal context can be challenging because it includes dimensions of depth, interaction dynamics and a temporal sequence. Spatial metadata can reference the location of virtual objects, the timing of interactions and physical environment settings, all of which play a part in reconstructing events or actions within the virtual space.
Understanding and analyzing these elements requires technical expertise and an understanding of the virtual environment from which the data was generated. To add to these challenges, traditional e-discovery platforms may need significant updates to render such data in a way that is reviewable for attorneys.
To cope with these challenges, legal teams can focus on advanced e-discovery strategies such as Early Data Assessment and advanced metadata review to manage and make sense of vast amounts of spatial data efficiently. Given the potentially immense scope, it's crucial to balance the need for comprehensive production with the necessity to limit discovery to what is reasonably manageable and relevant to the case. If there is a need to review certain spatial data natively for full context, preparing this review plan is sure to uncover a variety of new and exciting issues regarding planning, staffing and review workflow design.