If the Metaverse is to follow Web 2.0, how should it be governed?


The “Metaverse” comes from the novel Snow Crash (Stephenson, 1992) by American science fiction author Neal Stephenson. In March 2021, Roblox, the first Metaverse stock, was listed on the New York Stock Exchange in the United States and closed up 54% on its first day, becoming a “dark horse” in the international stock market. “In March 2021, Roblox, the first metaverse stock, was listed on the New York Stock Exchange in the United States. In October of the same year, Facebook, an American social networking company, changed its name to “Meta”, a move that aroused much interest worldwide. In addition, companies such as Google, Apple, Microsoft and Disney have started research and development on metaverse and related products. Meanwhile, blockchain-based metaverse games such as Axie Infinity, Sandbox and Decentraland have also changed the paradigm of labour collaboration in the digital economy to a certain extent. In the Founders Letter, Zuckerberg, founder and CEO of the US social networking site Facebook, explains: “In a metaverse, you can do almost anything you can imagine – meet with friends and family, work, study, play, shop create – as well as entirely new experiences that don’t fit with how we think of computers or phones today.” The large number of workers who choose to participate in these metaverse projects and use them as a primary means of income reflects the fact that the metaverse is not just a concept but as a highly developed pass-through economic system that is directly linked to the reality of people’s work and lives. All in all, the metaverse is showing strong momentum, fuelled by out critical mass.

图片来自 Pixabay 的 Riki32,已获得 CC BY-SA 2.0 许可

Image by Riki32 from Pixabay  and is licensed under CC BY-SA 2.0

Web2.0 VS Web3.0?

Because the meta-universe has triggered huge changes in the Internet, scholars believe that the meta-universe can be regarded as the transition period of the Internet from Web 2.0 to Web 3.0. The first is to choose the current Web 2.0 as the underlying technical architecture. the main model is for existing digital platforms to build a metaverse based on their own ecosystem, relying on their rich traffic, data and scenarios. this is the model chosen by digital platforms such as Meta, Nvidia, Google, Disney, Amazon, Tencent, Byte Jump, etc. This model of metaverse overemphasises digital immersion, but at the level of productive relationships, the data generated by user behaviour remains monopolised by digital platforms, while users have little or no control over the content they create on the platform. The second is to use distributed Web 3.0 as the underlying technical architecture of the metaverse, building several open source metaverse based on Web 3.0 that truly belong to all users. Users, as game developers, have a greater say in their own content data and revenue distribution. This model enables interconnection between metaversees through cross-chain technology, with users acting as both producers and consumers of metaversees. With the further maturation of interoperability technology in the metaverse, users can put immersion to a relatively secondary position in its realisation path, focusing more on the perpetuity, openness and autonomy of the metaverse and closer to the essence that the metaverse belongs to all users, which is also the way to realise and build the long-term stability of the metaverse.

Image by Julien Tromeur from Pixabay and is licensed under CC BY-SA 2.0

As technology continues to develop and innovate, the metaverse is spreading further in other areas such as education and training, gaming and entertainment, and healthcare. This has profoundly affected and changed people’s daily lives. But there are two sides to everything. The metaverse has brought modern humans a richer virtual experience, a more diverse cultural life and a more convenient life, but it has also had some negative effects and poses certain security risks.

Watch Micaela Mantegna’s TED talk How to Stop the Metaverse from Becoming the Internet’s Bad Sequel :

The Privacy Issue.

American science fiction writer Dave Eggers argues that the development of information and communication technologies will compress people’s privacy and reshape their perception of privacy, and in his novel circle, he builds a world with zero privacy to push this perception to the extreme (Eggers, 2013). the circle is a book that provokes people to think in a polarized imagination. After all, the metaverse, a new generation of Internet forms that blend reality with reality, requires biometric data on users’ fingerprints, voice prints and facial profiles, and behavioural data on scenarios such as work, education, social and entertainment. This provides new scenarios and opportunities for various commercial forces to continuously collect and mine user data, and at the same time, it also poses new challenges for political forces to track and identify users in order to strengthen the management of the new generation Internet.

Ronald Leenes discusses the issue of privacy regulation in the metaverse, using Second Life, which aggregates games and social services, as an example (Leenes, 2009). Other researchers have classified user data privacy in the social metaverse into personal privacy, behavioural privacy and communication privacy, arguing that the main privacy risks in the social metaverse come from perturbations in games and social networking, social engineering attacks and malicious social bots. Users can manage privacy risk by creating multiple avatars, creating copies of public spaces for exclusive use, and being invisible to other users; second, the privacy risk analysis of front-end devices of metaverse such as augmented reality/mixed reality (AR/MR) in user data collection and use, etc. The privacy risk of front-end devices such as AR can be divided into user privacy risk (Lebeck et al, 2018) and bystander privacy risks (Lebeck et al., 2018). The former mainly involves privacy risks arising from the AR/MR system capturing and storing user’s motion data, biometric data, and spatial environment data, while the latter involves bystanders in the environment being unknowingly captured and stored by the AR/MR device with relevant information. Therefore, some researchers have suggested that the key to protecting user privacy in AR/MR systems is to ensure confidentiality, anonymity, hidden nuisance and unrelatedness of the data” (De Guzman et al., 2019)

The solution:

Data ownership has historically been contentious because of the many levels of interest involved, including users, businesses and society. However, it is indisputable that the user is the subject of the data and is the origin of its value. This is because private data is possessive and only data that faithfully reflects the subject being recorded has value. The collection, storage, distribution and display of fragmented user privacy data by commercial organisations also brings secondary value because the collated and processed privacy data sets still ultimately point to the data subjects, i.e. the users themselves.

In other words, in jurisprudence, commercial organisations cannot claim ownership of data because of their investment in technical and human factors such as the collection and use of user privacy data. This creates greater uncertainty for the development of the digital economy, where data is a key element. The introduction of the principle of informed consent converts the data ownership challenge faced by internet companies into a problem of selective and autonomous disclosure of users’ private data on specific platforms or application scenarios. While confirming the ownership and disposal rights of user data, the legitimacy of commercial organisations to collect and dispose of user privacy data is recognised at a legal level.

In order to reduce the data privacy risks of users in the metaverse, legislators and network authorities should change their regulatory philosophy. At present and for some time to come, user privacy agreements are still the main way for most metaverse technology companies to seek permission and authorisation from users. Therefore, network authorities can explore procedural regulation by starting with the regulation of user data privacy agreements. Companies in the metaverse that have centralised control over user privacy data could have their user data privacy agreement format, content and updates filed with the network authorities via a specific interface and made public to the community. This operation would not add a substantial burden to companies in terms of user data privacy compliance, but would go some way to increasing the visibility of the well-being of companies’ user privacy agreements. The use of various media and extensive public scrutiny will increase the incentive for corporate privacy compliance.


The metaverse is a field that is constantly evolving, refining and changing. It is now 30 years since Stephenson coined the term ‘metaverse’, and the current metaverse has already gone beyond its initial definition. 2021 has seen a profound transformation in all sectors and fields, shaking up the world’s development landscape. At present, the digitalisation and virtualisation of various industries is still in its infancy, and there are still certain technical problems. The future of the metaverse is not only determined by the degree of technological development, but is also influenced by multiple factors such as laws and ethics.


Reference list:
De Guzman, J. A., Thilakarathna, K., & Seneviratne, A. (2019). Security and privacy approaches in mixed reality: A literature survey. ACM Computing Surveys, 52(6), 1–37. https://doi.org/10.1145/3359626
Eggers, D. (2013). The Circle. Knopf.
Falchuk, B., Loeb, S., & Neff, R. (2018). The social metaverse: Battle for privacy. IEEE Technology and Society Magazine, 37(2), 52–61. https://doi.org/10.1109/mts.2018.2826060
Lebeck, K., Ruth, K., Kohno, T., & Roesner, F. (2018, May). Towards security and privacy for multi-user augmented reality: Foundations with end users. 2018 IEEE Symposium on Security and Privacy (SP). http://dx.doi.org/10.1109/sp.2018.00051
Leenes, R. (2009). Privacy regulation in the metaverse. In Handbook of research on socio-technical design and social networking systems (pp. 123–135). IGI Global. http://dx.doi.org/10.4018/978-1-61350-323-2.ch307
Rika123. (2022). Welcome to the metaverse. https://pixabay.com/zh/photos/metaverse-meta-technology-virtual-7146503/
Rospigliosi, P. ‘asher.’ (2022). Metaverse or Simulacra? Roblox, Minecraft, Meta and the turn to virtual reality for education, socialisation and work. Interactive Learning Environments, 30(1), 1–3. https://doi.org/10.1080/10494820.2022.2022899
Stephenson, N. (1992). Snow crash. Bantam Books.
TED. (2022). How to stop the metaverse from becoming the internet’s bad sequel [Video]. In YouTube. https://www.youtube.com/watch?v=OYv1dIle47U
Tromeur, J. (2021). Exploring Value Creation in the Metaverse. https://pixabay.com/illustrations/video-game-technology-metaverse-6818392/