Inherent in the novelty and excitement of the metaverse is some uncertainty and risk. Chief among the risks for franchisors is the possibility of IP infringement and damage to the brand. Even with well-established rules and procedures, protecting and policing IP is challenging in the real world, and doing so in the metaverse adds a new and unique layer of complexity.
While franchisors will benefit from the extensive and accessible reach of the metaverse to increase business digitally, it is paramount that they first ensure that their trademarks, logos, and other valuable IP are registered for use specifically as digital goods and services. While existing registrations in classes like restaurant services (class 43) are helpful in the real world, they likely won’t do much to protect the sale of pizza or taco NFTs. For the latter, applications should also be filed to extend protection to classes important for the digital world, including computer and software products (class 9), retail services (class 35), and computer and software services (class 42).
Businesses will also need to actively monitor — and potentially solicit franchisee assistance to monitor — the wide expanse of the metaverse for any unauthorized uses. Cybercriminals operating behind fake identities to usurp and declare content ownership are a threat to businesses and can lead to customer dissatisfaction and distrust. A failure or delay in catching and stopping unauthorized uses of IP could mean that the brand is associated with low quality or inappropriate content, which could damage its reputation.
Implementing technologies such as private blockchain for asset ownership tracking is one way brands can oversee content ownership activities. Franchisors should also consider subscribing to trademark monitoring services to build a system within their virtual place of business to monitor market trends and catch trademark violations before they impact the brand.
Another issue franchisors should keep in mind is the developing concept of ownership and control of IP used in the metaverse. The definition of “data controller” varies by jurisdiction, but it generally refers to the person, company, or other body that determines the purpose and means for data process and storage. How the metaverse delegates data control responsibilities remains to be seen, but there will be risks present no matter how they are divided.
For example, if metaverse creators take the position that they, rather than the franchisors, own the IP used on their platform, this could have problematic consequences for the franchisors. On the other hand, when a user consumes a franchise’s services in the metaverse, the business may be considered a data controller who is responsible for implementing security measures appropriate to the risks present.
Data Privacy and Cyber Attacks
As a shared virtual space reliant on interoperability and portability of data, the metaverse collects massive amounts of highly personal information. This means that users’ personal data may be vulnerable to exploitation, particularly when that data is transported from one metaverse to another.
With the emergence of GDPR in Europe, the CCPA in California, and several more recent US state laws, the privacy and protection of customer data is very much in the spotlight, and franchisors considering operating in the metaverse should be keenly aware.
While franchisors will benefit from greater access to customer information and the ability to track and record a user’s behaviors, actions, and communications, this level of access comes with the important responsibility to protect users from data misuse. From the outset, franchisors should design their services to address applicable data privacy, security, and government access laws. A proactive approach will also put franchisors in a position to dictate which metaverse platforms they select based on compatibility with their own privacy principles.
Most franchisors operating in the real world will likely already have some type of privacy policy that governs the types of data they collect from customers and what they can do with that data. An easy first step would be to review that policy and supplement it for use in the metaverse.
Franchisors should also review the privacy policies and practices of the platform owners hosting their metaverse properties. It will be important for franchisors to understand and ideally reconcile any discrepancies between their own privacy policies and those of their hosts. In the unfortunate event of a privacy incident, even one caused by the platform owner, it may be more likely that customers blame the franchisor.
Finally, because some metaverse users will be minors, there is an imperative need to prevent abuse in user-to-user communications on brand property. The onus is on business owners to ensure that the unauthorized collection and sharing of data is not permitted on their virtual property and that noncompliance is penalized.
Regulatory Uncertainty
It is still unclear if, when, and how the metaverse will be regulated. There is already a lack of adequate resources when it comes to enforcing data privacy laws, and the challenge becomes even greater in the metaverse, where multi-sensory experiences significantly expand the scope of data privacy. In the data-laden future of the metaverse, owners, users, and creators must remain alert to regulatory developments.
Only time will tell how the metaverse and its regulators will decide between efficiency, pragmatism, and protection of privacy rights for individuals, although the emergence of ghost kitchens and virtual brands a few years ago may provide some indication of what we can expect. As franchisors began implementing those business models, some regulators and legislatures revisited their stances on registration and disclosure rules. It is possible we’ll see similar developments in the metaverse context.
One challenge for regulators worldwide will be deciding how user information is subject to existing privacy and data location laws. There may also be complex conflicts between the requirements and regulations in different jurisdictions, making it crucial for companies to understand what privacy rules apply to which parties and data. As jurisdictional differences in data privacy and protection schemes continue to develop in the metaverse, franchisors should consider including a privacy law selection clause in the terms of service for any given metaverse.
The metaverse is a digital land full of promise, but businesses need to remain alert to potential peril. Franchisors that are able to capitalize on brand expansion opportunities, drive engagement with customers and franchisees, and unlock new revenue streams could reap benefits. However, they’ll need to successfully navigate risks around IP infringement, cyber mischief, and regulatory uncertainty to maximize those benefits.