Augmented and Virtual Reality: what are the privacy risks?

Last month, Nintendo released a new video game in the popular Super Mario Kart saga. The game is part of a new category of Toys-to-life, a video game genre that uses augmented reality to build a kart circuit directly at home.

This, however, could be the start of a new privacy problem.

In practice, the video camera of the game captures the reality that surrounds the player, so as to create a parallel world within the console with which it is connected.

For more related articles, check our blog.


But how does it work?

The miracle is allowed thanks to Augmented Reality (AR), a technology that allows us to add information and virtual objects to what surrounds us, creating a bridge between ours and the digital world.

It consists of taking advantage of a direct or indirect vision of a real physical environment, the elements of which are augmented by the sensory input generated by the computer such as sounds, graphics and videos.

In a nutshell, AR links objects present in reality with virtual elements.


It’s important to understand if there are concrete risks to privacy

In addition to gaming, AR – and its twin sister VR (Virtual Reality) – has applications in the commercial, educational, military and even healthcare fields. However, the technology linked to AR and VR acquire a series of sensitive data related to biometric tracking, for example.

The most worrying aspect of this technology is the inexistence of privacy regulations – both at government and corporate level – that regulate the use of the amount of data users produce.

In particular, the VR and AR tracking data cannot be made anonymous because each user presents unique movement patterns, such as data relating to the gaze, the direction of the head during movements, the gestures of the limbs and other characteristics such as one’s height.

It is estimated that whoever has these parameters can identify a person with an accuracy of around 90%.

In addition to biometric data, it should be considered that AR and VR use the postal code, the IP address, and the tracking data of the users’ location, all of which can contribute to identification and personal tracking.

In combination with other indicators concerning publicly available users, VR and AR could compromise their anonymity, especially on the web.

But in the case of AR, the threat is even greater.

In fact, the danger to privacy also extends to other people: those that the user “sees”.


Possible solutions.

Are there any solutions?

Possible solutions could concern the regulatory limitation of data collection. Legislation which, as we have mentioned, is still absent and on which we should work.

But there are some practical tips that all users can practice right away:

  1. Avoid sharing strictly personal, unnecessary or unsolicited information (eg payment information).
  2. Read the privacy policy of the service provider you use.
  3. Browse the Internet safely (use a VPN connection).



 AR and VR are technological realities that have a number of useful applications.

However, the privacy risks are real: the level of security of the information released by users who use it is unclear.

Users should, therefore, be extremely cautious in their use and be aware of the potential jeopardy to their privacy.