Metaverse As Workplace: Employment Issues

Varun Garg

23 Oct 2022 4:30 AM GMT

  • Metaverse As Workplace: Employment Issues

    The way we work has undoubtedly changed, initiated first by technological developments and later by the COVID-19 pandemic. Hybrid offices have increased the use of virtual modes of working.[1] Enterprises have taken note of these developments and begun looking towards the next destination – the Metaverse. Metaverse refers to alternate digital reality, comprising a network of...

    The way we work has undoubtedly changed, initiated first by technological developments and later by the COVID-19 pandemic. Hybrid offices have increased the use of virtual modes of working.[1] Enterprises have taken note of these developments and begun looking towards the next destination – the Metaverse. Metaverse refers to alternate digital reality, comprising a network of connected virtual spaces focusing on social interaction, often through avatars with their E-currency.[2]

    It is quite likely that many employers will use the Metaverse as a working environment where employees may collaborate virtually. Infact, this is no longer an abstract idea. Real-life people are being hired as hosts by a virtual casino on Decentraland, a Metaverse platform.[3] These employees perform four-hour shifts daily, welcoming clients as they enter the virtual casino and wander the casino floor, conversing with other avatars, making these employees the digital counterpart of a casino host.[4] The persons behind the avatars get compensated in cryptocurrencies.[5]

    With employment laws having been developed largely in the context of the physical office, such developments in Metaverse will stress-test existing labour laws and raise novel legal issues.[6] The legal and regulatory concerns are multiple-fold, ranging from antitrust, intellectual property, real estate, financial regulatory compliance, etc. This paper focuses on data protection and safety at workplace concerns.

    Data Protection And Privacy Concerns

    If Metaverse offices were to increase, employers with virtual offices which resemble physical ones and access to remote employees would expand the possibility of outsourcing work.[7] While this may appear advantageous, this setting would aggravate remote employees' stress due to more intrusive and persistent kinds of algorithmic surveillance.[8] Digital security and privacy have been major concerns in recent years. Given that technologies will become increasingly integrated into multiple aspects of employees' lives, participation in the Metaverse is likely to involve the large-scale provision and collection of personal data, including new forms of biometric data.[9]

    India's existing data protection system is primarily governed by the IT Act, 2000,[10] and IT Rules, 2011, issued under Section 43A of the Act.[11] Per the rules, a corporation must demonstrate code compliance by having written security plans and information security policies encompassing operational, physical and technological security measures.[12] Metaverse is expected to amass vast volumes of biometric data, which would fall within the definition of Sensitive Personal Data or Information ('SPDI'). Section 3 of IT Rules defines SPDI to include passwords, bank account details, health records, credit/debit card details, sexual orientation and biometric data.[13] The rules mandate that body-corporates handling SPDI should maintain reasonable procedures and undertake security practices.[14] The body-corporate must obtain the employees' consent, give an option not to provide SPDI and collect SPDI only for lawful purposes connected to body-corporates' functions.[15] Further, Section 43A and Section 72A of the Act gives a right to compensation for improper disclosure of SPDI.

    However, body-corporates that collect, store or handle SPDI under a contractual relationship (such as outsourcing organisations) are exempted from the IT Rules.[16] The Rules apply only to a corporate body or person in India and offences committed outside India, provided the computer system/network is located in India. Further, Section 69 of the IT Act empowers the government to issue orders authorising the interception/decryption of information to "ensure the security, sovereignty, or integrity of the state".[17] Thus, Governments and body-corporates outside India can monitor data in the Metaverse environment.[18]

    Futurists predict that metaverse operators (employers in this case) would be able to collect personal and physical information about employees to monitor their actions and work.[19] They may gather everything from facial expressions, gestures, eye twitches, pulse rate to financial information and browsing history of the employees.[20] In fact, Meta's patent filings indicate that the business has active intentions to mine biometric data to improve user interface and optimise targeted advertising. [21]

    Meta-employers tracking the productivity of their employees through heart rate or eye movement risk violating IT Rules if they fail to obtain employees' consent, give proper notice or store data not required by law.[22] The Indian rules also fall short of new forms of biometric data, sex life, offences and related security-matters, which would be collected in Metaverse.[23] Further, there is no restriction regarding transborder flow of data which is not SPDI.[24] Due to the vulnerabilities involved when data is moved from one jurisdiction to another, employees' information will be particularly vulnerable to exploitation.[25] The whole purpose of SPDI in data privacy laws is that data in such categories require additional protections for personal data. The draft data protection law that the parliamentary committee is presently debating should envisage these legal hurdles and incorporate adequate safeguards for the same. The General Data Protection Regulation already governs to what extent European employers can collect and store information about their workers, including medical and personal records.[26]

    Alongside comes the issue that not all employees will develop an avatar that resembles them. Employees can give their avatars characteristics that they do not have. Employers should be aware that the Constitution prohibits discrimination based on protected characteristics of colour, sex, disability, race and nationality.[27] Thus, whether or not a person possesses the protected characteristic is irrelevant when it comes to discrimination.[28] This further complicates and confuses data protection and privacy concerns.

    Safety At Workspace

    Workplace harassment continues to be a pressing issue of concern, especially for the women labour force. Employers are responsible for avoiding harassment and misconduct by implementing clear policies.[29] Experience has shown that due to the removal of social boundaries and garb of anonymity, perpetrators are more likely to misbehave online than the real world.[30] There have already been numerous instances where avatars on Metaverse have been virtually groped.[31] The question thus arises of how do we deal with such circumstances.

    In India, the Prevention Against Sexual Harassment at Workplace Act, 2013, provides a mechanism to deal with sexual harassment complaints.[32] Sexual harassment has traditionally been defined as unwanted physical conduct of a sexual nature that the receiving party finds degrading or offensive.[33] However, post the Vishakha case,[34] demand or request for sexual favours, verbal or non-verbal conduct of sexual nature and making sexually coloured remarks have been added to the definition of sexual harassment.[35] Further, after the Nirbhaya case,[36] the IPC was amended to proscribe sexual innuendoes, stalking and voyeurism.[37] Similarly, Section 67A of IT Act forbids the transmission or publication of sexually explicit act or conduct over electronic media.[38]

    All these provisions have no reference to physical touch, and it can be said that the definition of sexual harassment is no longer restricted to physical contact. Infact, given the rise of online harassment, countries like Singapore have extended the scope of regulation over harassment to include online offences.[39] Therefore, employers can take comfort in the fact that the existing legislations against harassment can, for the most part, be applied to the Metaverse.[40] However, the problem is more fundamental in nature.

    People in the Metaverse can be anywhere in the real world. It is unclear which country's employment laws will apply within the Metaverse and which court would have jurisdiction for offences committed. Since the Metaverse has no single physical location, as per Indian law, the options of filing complaints at the jurisdiction where the cause of action arises or the subject property lies are lost.[41] Although, the victim can file a complaint at their own location by virtue of Section 179 of the CrPC.[42] However, this is based on the assumption that the person on the other side is based in India or using a computer located in India. This further depends upon the assumption that the actions of the avatar are actionable to the person controlling the avatar. Furthermore, outsourcing may be done to nations with poorer labour protection and considerably lower wages. This would make it harder to hold employers liable and add to workplace safety concerns.[43]

    Way Forward

    More and more platforms like Microsoft Teams[44] and Facebook[45] are developing platforms which will allow users to use virtual avatars and environments during meetings. The concerns raised above are of particular concern for employers, who will have to address the protection of their employees' data while facilitating safe work participation in the Metaverse.

    While a legal gap looms ahead of us, the Metaverse should not become another 'wild west' for labour protection. It is critical to integrate new models with existing regulations, which will be accomplished via the combination of technology protections, operational practices, and personalised rules.[46] The Metaverse is a parallel digital reality that demands the use of highly SPDI, as well as other sensors and software, for its smooth functioning. Service agreements with Metaverse platform partners will need to be reviewed to ensure employee data is used and protected in accordance with SPDI laws and used solely for specified and agreed purposes in the Metaverse.[47] For example, before joining the virtual worlds of Fortnite and Roblox, both require players to accept terms of service. These typically address a wide range of conduct, from the prohibition of various behaviours to platform security measures to dispute resolution procedures.[48]

    Given the significance of consent, it is proposed that employees' consent should be one of the primary grounds for collecting and using personal data. Employers must have management systems to enforce privacy rules, outdated policies, and make suggestions that are appropriate for the amount of information requested.[49] Meanwhile, employers should note that all existing data privacy principles are to be taken as applicable in the Metaverse as they are in the physical world. In that spirit, all Metaverse-related standard operating procedure documents, risk management checklists and compliance manuals should be drafted accordingly.

    Views are personal

    [1] Joe McKendrick, Remote Work Evolves Into Hybrid Work And Productivity Rises, The Data Shows, May 30, 2021, available at (Last visited on October 6, 2022).

    [2] Eric Ravenscraft, What Is the Metaverse, Exactly? April 25, 2022, available at (Last visited on October 6, 2022).

    [3] Danny Nelson, This Casino in Decentraland Is Hiring (for Real), March 19, 2021, available at (Last visited on October 6, 2022).

    [4] Laura Lawless, Employment Law in the Metaverse (US), August 10, 2022, available at (Last visited on October 6, 2022).

    [5] Ravenscraft, Supra note 2.

    [6] Pritika Satyawali, Our Legal System is Still Not Ready to Regulate Users' Behaviour on the Metaverse, July 17, 2022, available at (Last visited on October 6, 2022).

    [7] Nicola Countouris & Valerio De Stefano, The 'Long Covid' Of Work Relations And The Future Of Remote Work, April 14, 2021, available at (Last visited on October 6, 2022).

    [8] Antonio Aloisi & Valerio De Stefano, Essential Jobs, Remote Work and Digital Surveillance: Addressing the COVID-19 Pandemic Panopticon, 12 International Labour Review 7 (2022).

    [9] Shelly Kramer, Metaverse Privacy Concerns: Are We Thinking About Our Data? June 1, 2022, available at (Last visited on October 6, 2022).

    [10] The Information Technology Act, 2000.

    [11] IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

    [12] Id., §5(7).

    [13] Id., §3.

    [14] Id., §8.

    [15] Id., §§4,5.

    [16] Ministry of Communications & Information Technology, Clarification on Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 under section 43A of the Information Technology Act, 2000 (August 24, 2011).

    [17] The Information Technology Act, 2000, §69.

    [18] Lawless, Supra note 4.

    [19] Lawless, Supra note 4.

    [20] Osborne Clarke, Work in the Metaverse will Pose Novel Employment Law Questions, April 19, 2022, available at (Last visited on October 6, 2022).

    [21] Kate Beioley, Metaverse Vs Employment Law: The Reality Of The Virtual Workplace, February 21, 2022, available at (Last visited on October 6, 2022).

    [22] Squire Patton Boggs, Family Office Insights: Employment Law in the Metaverse, August 2022, available at (Last visited on October 6, 2022).

    [23] Graham Greenleaf, GDPR-Lite and Requiring Strengthening – Submission on the Draft Personal Data Protection Bill to the Ministry of Electronics and Information Technology (India), UNSWLRS 83 (2018).

    [24] Linklaters, Data Protected – India, September 2022, available at (Last visited on October 9, 2022).

    [25] Tarun Tawakley, UK: Expect Metaverse Employment Disputes, March 11, 2022, available at (Last visited on October 6, 2022).

    [26] Graham Greenleaf, India's Data Privacy Bill: Progressive Principles, Uncertain Enforceability, 163 Privacy Laws & Business International Report 9 (2020).

    [27] The Constitution of India, 1950, Art. 15.

    [28] Clarke Willmott, The Metaverse: Real Employment Issues in a Virtual World of Work, February 28, 2022, available at (Last visited on October 6, 2022).

    [29] The Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013.

    [30] Tanya Basuarchive, The Metaverse has a Grouping Problem Already, December 16, 2021, available at (Last visited on October 6, 2022).

    [31] Id.

    [32] The Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013.

    [33] Science Direct, Sexual Harassment, available at harassment is defined as unwelcome sexual advances, requests for,working environment based on sex. (Last visited on October 6, 2022).

    [34] Vishaka and Ors. v State of Rajasthan, AIR 1997 SC 3011.

    [35] The Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013, §2(n).

    [36] Mukesh v. State (NCT of Delhi), (2017) 6 SCC 1.

    [37] The Indian Penal Code, 1860, §354A.

    [38] The Information Technology Act, 2000, §67A.

    [39] Clarks Legal, The Metaverse: Employment Law Implications, September 27, 2022, available at (Last visited on October 6, 2022).

    [40] Willmott, Supra note 28.

    [41] The Code of Criminal Procedure, 1973, §§16-20.

    [42] Satyawali, Supra note 6.

    [43] Social Europe, The Metaverse is a Labour Issue, February 2, 2022, available at (Last visited on October 6, 2022).

    [44] John Roach, Mesh for Microsoft Teams Aims to Make Collaboration in the 'Metaverse' Personal and Fun, November 2, 2021, available at (Last visited on October 6, 2022).

    [45] Meta, Metaverse for Business: Immersive Experiences for Customers, available at (Last visited on October 6, 2022).

    [46] Primavera De Filippi, Morshed Mannan & Wessel Reijers, Blockchain as a Confidence Machine: The Problem of Trust & Challenges of Governance, 62 Technology in Society 101 (2020).

    [47] Prashant Kataria & Dhaval Bothra, Metaverse: Legality & Regulatory Concerns in India, May 23, 2022, available at (Last visited on October 6, 2022).

    [48] Laurie Ollivent & Sinead Casey, Working in the Metaverse – Emerging Employment Issues, July 18, 2022, available at (Last visited on October 6, 2022).

    [49] Bothra, Supra note 47.

    Next Story