13/3/2024 0 Comments An Analysis of the Legal Implications of the Metaverse and its Relevance to Malaysian LawWritten by Muhammad Aqil Bin Khairul Azhar & Associate Professor Dr Manique Cooray (Faculty of Law, Multimedia University). Edited by Ashley Khor Xin Hui. Reviewed by Pravena Sreetharan. The Metaverse has become a phenomenon to which Meta’s — previously known as Facebook — Chief Executive Officer, Mark Zuckerberg, announced a wealthy capital of over USD 36 Billion to his metaverse which impressed the online community. However, there are number of legal issues that need to be addressed within the Metaverse: the adequacy of the law governing it especially with regard to intellectual property and cybersecurity. This paper discusses specific legal issues concerning copyright, trademark, data protection and identity theft, and the applicability of Malaysian laws. This paper will end with suggestions to assist in solving the issues outlined. I. INTRODUCTION The word ‘Metaverse’ is a combination of two distinct terms: ‘meta’, which originates from the ancient Greek word meaning after or situated behind or beyond;[1] and "verse," which is an abbreviation of the word ‘universe’. Discussions about the Metaverse can be traced back to the late 20th century, when Neal Stephenson introduced a concept for his science fiction novel, Snow Crash. In his book, humans are depicted as programmed avatars who interact with one another in a virtual three-dimensional (‘3D’) space, inspired by the introduction of Web 2 on the contemporary internet.[2] According to Park and Kim, the Metaverse is described as a communication tool where users can interact with one another via the medium of extended reality (‘XR’). The XR conjuncts with augmented reality (‘AR’), virtual reality (‘VR’), 3D models, as well as the Internet of Things (‘IOT’). This brings about a new era on the World Wide Web, ushering in a new age for the internet known as Web 3.[3] In relation to economic benefit, the Metaverse was predicted to have a market capitalisation of USD 56.6 billion in 2023, with a projected market value of nearly USD 508 billion by 2030.[4] This suggests the huge economic impact the Metaverse will create in the future. The Metaverse is equipped with a decentralising monetary and assets facility known as blockchain which offers better control and liberty for its users and creators. To better explain the mechanism, a prominent example would be a Metaverse called Decentraland. This virtual realm offers a public blockchain network known as Ethereum where it monitors users’ ownership of digital assets. Among the available assets include mass virtual land, and digital accessories for avatars such as outfits and automobiles.[5] These items are available for purchase and bargain in the digital marketplace using special virtual tokens known as non-fungible tokens (‘NFTs’). NFTs are unique tokens whereby each token is different from another. These tokens hold a serial signature that identifies each other consecutively. Akin to real world currency like bank notes, NFTs can be considered as a medium of exchange in the virtual realm as that they are able to be traded with one another. NFTs are digital assets and could be in the form of photos, videos, audio files, or another digital format. Examples include artwork, comic books, sports collectibles, trading cards, games, and more. The mechanism behind NFTs is that an artist is able to market their product directly to interested buyers without going through a middleman. The creator of the NFT will be considered as the owner and every time the NFT is transferred, it will create a trail which is stored in the blockchain. An illustration of how a blockchain functions would be similar to how banks are: a blockchain is the ledger which records transactions completed without an authorisation or governance party. Every user of the blockchain would then be able to see the amount and to where the crypto and NFT has been transferred to.[6] As mentioned before, Decentraland uses Ethreum as its core decentralised governance model. Since there is no governance body to evaluate and console the blockchain, it is the owners of digital assets that have the power to run the digital ledger themselves. That said, it is the objective of this paper to then identify and examine potential legal issues relating to the Metaverse. II. THE CONCEPT OF AVATARS In the Metaverse, users will indulge themselves with the use of VR. This means that users will be represent through digital representations of themselves which is known as “avatars”. Avatars do not have the intellectual or conscience capacity to manoeuvre and interact in the virtual realm. Thus, it is up to the users’ creativity, innovation, strategy, and networking skills to keep their avatars active and interesting. When it comes to avatars, there are four key aspects, i.e. appearance, behaviour, personality, and communication.[7] Firstly, the appearance of avatars is solely dependent on the users’ desire on how they would like their avatar to appear before other users in the Metaverse. Users are capable to customise their avatars with accessories like clothes, hats, and jewellery. They are also able to adjust their avatars’ body parts and facial features, as well as change their genders and even species. Secondly, avatars behave according to however users wish their avatars to act. Thirdly, an avatars’ personality is determined by the users’ desires of how they would want to represent as; a user can be anything from a strong body builder with feminine traits to a Japanese school girl battling off evil sorcerers. Lastly, communication between avatars is done through audio or text messages via a chat box. It can be said from all the aspects, avatars can be considered as alter egos for users to be an alternate version of themselves, separate from reality. III. LEGAL ISSUES IN THE METAVERSE There are areas of legislation that need to be analysed in relation to the Metaverse, such as intellectual property — namely copyright and trademark — and cybersecurity concerning data protection and identity theft. A. Intellectual Property Rights (‘IPR’) The Metaverse is a virtual world where people or computer-controlled avatars can interact with virtual objects such as vehicles, weapons, or furniture. These virtual objects can include trademarks or copyrighted works. It is important that the creators of the Metaverse respect the rights of inventors, designers, and owners of these distinctive signs, just as in the real world. As such, rights holders will have the right to protect their intellectual property in the Metaverse, for example, when it comes to virtual items like a purse or jacket created for digital avatars. Thus, this part will focus on two areas of IPR which are copyright and trademark. 1. Copyright A prominent part of intellectual property is copyright. Copyright is defined as an exclusive right given to the owner of a creative work for a period of time. The rights to the owner are inclusive of copying, distributing, adapting, displaying, and performing their work. The work must be creative that varies from aspects of literary, artistic, educational, or musical. The intention is to protect the expression of an original creative work to the owner. However, copyright can be put on limitations, depending on the law of a country; it can also be subjected to consideration of public interests. In a news blog by the European Innovation Council and SMEs Executive Agency (‘the Council’), it was discussed whether copyright can be enforced upon creative works presented in the Metaverse. The Council provided the judgement made at the European Court of Justice (‘ECJ’) that evaluated software programmes run in the Metaverse — whereby the court held that artistic work other than computer software can be regarded as artistic work for which it is the author’s own creation by intellect.[8] From the United States’ (‘US’) legislation view, the protection of copyright extends to tangible means of expression whether it is readily available at present or to be introduced in the future, in which they may be perceived, reproduced or communicated on themselves or with the assistance of a machine or device. Copyright protection under Title 17 US Code Section 102(a) can be said to include virtual works as the provision is flexible to allow the extension of the doctrine of copyright to originality expressed in virtual reality.[9] In referencing Russo and Risch on virtual copyright, users of Metaverse would not be held liable for copyright infringement unless the virtual world or the objects within it is identical to the real world or real objects, as well as if there is a huge similarity towards unique virtual worlds and virtual objects.[10] According to Friedmann, there is an opinion that the reality of the Metaverse and natural world coincide.[11] Humans today can perceive that there is no difference to both realities as the world at present is working to institutionalising the reality comprising VR, AR, and mixed reality (‘MR’). This can be seen during the COVID-19 pandemic, to which the reliance of the entertainment industry and social gatherings on the virtual world was demonstrated. For example, South Korean girlband BLACKPINK performed a virtual concert in the battle royale game PlayerUnknown’s Battlegrounds (‘PUBG’), whereas virtual ceremonial gatherings took place for weddings and graduations.[12] Friedmann suggests the mirror world principle — to which what is done in the real world can be applied within the virtual world.[13] This means that the act of real-world copyrighted object appropriation may results to copyright infringement. A supported case would be in relation to Formula 1 (‘F1’), whereby Animoca Brands — a digital asset company — had to shut down its blockchain game, F1 Delta Time, as they failed to renew their license for IP rights.[14] Copyright in Malaysia Copyright in Malaysia is provided for the Copyright Act 1987 (‘CRA 1987’). Currently, apart from voluntary notification, Malaysia does not have a specialised registration process for copyright. The copyright for an original work is established the moment the work is first produced, and it is given to the original author of the work automatically. Authors, producers, photographers, musicians, composers, painters, sculptors, and other people working in creative industries are all eligible for copyright protection for the creative works they generate. There are four criteria that must be satisfied before a work may be considered copyrightable. First, the works must be categorised as a protectable work under the CRA 1987.[15] Second, there must be an element of originality in the work.[16] Third, it needs to be reduced into a material form.[17] Fourth, in accordance with section 10 of the CRA 1987, the author of the work must be qualified.[18] These conditions need to be satisfied before any work may be protected by copyright. It is imperative to evaluate the possibility of applying the copyright requirements to activity in Metaverse by examining the aforementioned four prerequisites onto the character or building designing that involved styling and movements. To begin, the question is whether the Section 7 of the CRA 1987 applies to copyright works in Metaverse.[19] Although the provision does not specifically mention the category of works made in the Metaverse, it is posited that it includes such works. Thus, it can be deduced that works created in Metaverse might be protected under that Section. The components of the Metaverse are produced by designing virtual worlds using computer tools and applications. Examples include structures like buildings and markets as well as characters represented by avatars. These works are graphical user interfaces. In accordance with a ruling by the European Court of Justice, as long as the interface represents the author's original conception, it may be protected by copyright even if it is not technically a computer programme.[20] Thus, it can be said that work created by users in the Metaverse qualifies as artistic work under Section 7. Next, whether the work is an original piece of work. According to Section 7(3)(a) of the CRA 1987, a work is not eligible for copyright protection unless sufficient effort has been invested to make the work original in character.[21] According to Ladbroke v William Hill, the original work involves the investment of skill, labour, and judgement on the part of the author.[22] Thus, if the users have put in numbers of hours and dedication to create his character or accessories in the Metaverse, then it can be considered to be an original artistic work. The third consideration is whether or not it has been reduced to a material form as required under Section 7(3)(b) of the CRA 1987.[23] The work must be permanently fixed in some form, regardless of whether it is literary, musical, or artistic in nature. Fixation is not an express condition for works that fall under the categories of films, sound recordings, or published editions. The term "material form" has been defined in Section 3 of the CRA 1987 as ‘… includes any form (whether visible or not) of storage from which the work or derivative work, or a substantial part of the work or derivative work can be reproduced’.[24] It denotes a very broad meaning, which allows it to embrace the ever-expanding scope of technological advancement. The avatar designs and/or accessories that includes movements made by users through their own means are kept in "material form" in a blockchain technology, which stores their information. The fourth consideration is whether or not the author is qualified. Since the legislation of intellectual property, in particular, copyright law in Malaysia is of a territorial in nature, the works are only protected in Malaysia. In order for users’ work in the Metaverse to be protected in Malaysia, the CRA 1987 stipulates that it must fit into one of the following categories: (1) the creator has the necessary qualifications, whereby they are a citizen or permanent residence of Malaysia or a body corporate in Malaysia.[25] Pursuant to the extension of the application of CRA 1987 to the Berne Union Countries, a qualified person also includes a citizen or a resident of or a body corporate incorporated in a country which is a member of the Berne Convention for the Protection of Literary and Artistic Works; (2) the work was initially published in Malaysia, and (3) the work was created in Malaysia. When each of these four prerequisites stated above has been satisfied, the works in Metaverse will be eligible for protection under CRA. The owner of the copyright can then take advantage of the five exclusive rights provided by Section 13 of the CRA, which are: (1) the right to reproduce the work in any material form; (2) the right to communicate with the public; (3) the right to perform, show, or play the work in front of the public; (4) the right to distribute copies of the work to the public by sale or transfer of ownership; and (5) the right to rent the work commercially to the public.[26] The owner of the copyright has the ability to take legal action against anyone who have violated their rights, such as the host of the Metaverse claiming the work of users without their consent, as stipulated in Section 36(1).[27] The owners of the copyright may also be eligible for reliefs under Section 37 in the event that their claim is upheld.[28] As the excitement around creations in the Metaverse continues, more copyright issues will become apparent. There have been no documented instances in Malaysia concerning any kind of copyright issue regarding the Metaverse. 2. Trademark The problem of trademark within the Metaverse has been discussed in a study done by Michael D. Murray. In his work, he applied the mechanism of NFTs within the US legislation.[29] In Murray’s study, he first explained why protection of trademarks exists to begin with. The reason is to avoid confusion among consumers on the authenticity of the goods and services they are using in the market, especially on the basis of quality. Murray furthers demarcates that unlike copyright and patent law, trademark protection is not specifically bound to the protection of creative work, but instead in manoeuvring consumers away from similar familiarisation of a different brand of goods and services. A trademark can take two forms. Firstly, a mark that is inclusive of logos, words, or images. Secondly, style, shape, or appearance of a product that includes its packaging. It is a recognisable element that has its significance to which consumers are able to recognise goods and services in the market. The mark presented in the market has absolute everything to do with its making, advertising, selling, or providing of the goods and services. In deciding whether the use of trademark in commerce results in infringement, the upmost consideration is whether the trademark owns a commercial value. In theory, the use of trademark in a non-commercial manner does not provide risk of confusion in comparison to mark that is used in commerce, and thus, would not be subject to legal consequences. However, when mentioning “use in commerce”, it is vital to understand that the term does not suggests a normal laymen perspective especially when relating to legal context. The use of marks in the Metaverse — whether it is by meme and joke creators, visual commentators, or NFT artists — may be taken legal action against even if it was merely used for a joke. This is because any mark can be considered to be used commercially if it even acknowledges artistic or creative ability, regardless of the purpose of its display. It does not require a significant or evident profit motivation.[30] This may suggest that trademark infringement is an unfair competition. There has been a number of documented cases regarding trademark infringement in the Metaverse. For examples, in Minsky v Linden Research, an art gallery that goes by the name of “SLART” was created in the Second Life virtual world to which the claimant had registered the phrase “SLART” as trademark.[31] Then, another user in the virtual realm had made their art gallery with the name “SLART GARDEN”. This case was not decided in court entirely as its settlement was reached outside of court.[32] Trademark in Malaysia In Malaysia, the available laws regarding trademarks are Trademarks Act 2019 (‘TMA 2019’) and Trademarks Regulation 2019 which provides for the common law of passing off and legislative protection. The TMA 2019 ensures the protection of any goods or services bearing a trademark that is identical to one that has been legally registered. The common law doctrine of passing off serves to safeguard the reputation of a company that makes use of a trademark. Referring to Section 3(1) of the TMA 2019, a trademark is considered to be eligible for registration on an initial basis if it is: (1) a sign; (2) capable of being represented graphically; and (3) capable of distinguishing the goods or services of one undertaking from those of other undertakings.[33] This begs the question of whether trademarks that only exist in the virtual world may be registered under the TMA 2019. To begin, does the concept of a sign include a trademark that is solely digital? In accordance with Section 2 of the TMA, the term "sign" refers to any letter, word, name, signature, numeral, device, brand, heading, label, ticket, shape of goods or their packaging, colour, sound, scent, hologram positioning, sequence of motion, or any combination of the aforementioned.[34] In reference to Koninklijke Philips Electronics NV v Remington Consumer Products Ltd, the definition of sign is quite broad since it encompasses anything which might communicate information.[35] Hence, virtual trademarks are examples of signs. The second question is: can a graphic representation of a virtual trademark be created? The sole difference between traditional trademarks and virtual trademarks is that traditional trademarks are shown in physical form while virtual trademarks are presented in digital format. Traditional trademarks adopt the external perspective and have physically detectable characteristics. Thus, these traditional trademarks should also be protected if shared digitally. There is no reason a virtual trademark not to be allowed for protection. Thirdly, is it possible for a virtual trademark to differentiate the products or services offered by one company from those offered by other companies? Yes, a trademark in the virtual world has its own unique symbol, just as a trademark in the physical world. Therefore, under the TMA 2019, virtual trademarks can be registered like trademarks in the real world, and common law will protect unregistered trademarks under the law of passing off. As mentioned above, the next legal challenge as far as noticed in Metaverses concerned on cyber security issues. B. Cybersecurity in the Metaverse One of the recurring legal dilemmas of technology is the beginning of data processing, which is the creation of avatars: to what degree can anonymity be permitted; whether users' activities can be regulated; how freedom of speech and human decency can be ensured; and whether a supervisory body, based on legislation or self-regulation, is required to monitor users and arbitrate disputes. According to Cisco Talos' Nick Biasini, the anonymity given to Metaverse users in creating a new persona poses a significant problem to law enforcement. ‘(The) same anonymity makes it difficult to connect a persona in the Metaverse to an actual person. Once you layer on top any potential jurisdictional issues with people from other countries it is ripe for abuse,’ he warned.[36] In the Metaverse, there is a considerable chance of being a victim of cyber assaults. Furthermore, the use of many technologies simultaneously, collection of massive quantities of data — both personal and non-personal — and the usage of Blockchain, makes the use of systems to monitor and prevent cyberattacks more difficult. For instance, in the decentralised world, there are thousands of incidents of the sale of counterfeit works or products: a counterfeit product remains on the Blockchain for eternity and there are no means to erase it from the Blockchain. Therefore, it is critical to analyse the nature of the Metaverse's technological breakthrough. Users in the Metaverse engage with their virtual environment more profoundly than ever before, and as a result, far more personal data is generated from their activities. There are two main concerning cyber security issues here which are data protection and identity theft. 1. Data Protection In the Metaverse, the primary cybersecurity concern must be focused on personal data (as it is in the real world), as it is the primary target of assault by perpetrators. Users’ data protection rights should be ensured, according to technological capabilities and limitations: data access, requests for a copy of data, deletion of data, the opportunity to unsubscribe from specific (mainly marketing) processes, and data portability (which also poses many technical challenges outside the Metaverse). Furthermore, certain gadgets that allow users to move from VR to AR require the users’ biometric data to grant them access to the Metaverse. Another distinguishing feature is the nature of the information created and used in the Metaverse. For example, the capability to monitor users' movements, body reactions, and even brainwave patterns to provide the most realistic user experience. Analysing eye and facial movements not only assists in identifying the user, but also in drawing further inferences about their behaviour and consuming patterns. According to Kröger, Lutz, and Müller, pupil dilation alone may be used to infer personality characteristics and cultural connections, while eye-tracking technology can anticipate a person's actions within three seconds.[37] All of this information should be communicated to users in a clear and open manner, particularly addressing the consequences of data-driven automated decision-making. Given the complicated chain of data controller and processor organisations participating in the Metaverse's functioning, it is also critical to identify each actor's data security status and duties. In the European Union, the right to rectification and the ‘right to be forgotten’ — which are key elements of the General Data Protection Regulations (‘GDPR’) — are not always completely observed in the operation of the Metaverse, particularly for NFTs.[38] Users should be given the right to seek the correction of personal data about them under the GDPR. A user should also be given the right to have their personal data deleted if the collection or other processing of personal data is no longer required, or if the data subject has withdrawn their permission to the data's processing. Since blockchain technology is irreversible as it maintains a permanent record of ownership and transactions, it does not allow for the full exercise of the right to be forgotten or the rectification of mistakes in users' personal data. Data Protection in Malaysia An ever-increasing number of people are joining the Metaverse for a variety of reasons, including gaming, education, investment, and commerce. The growing population of users in Metaverse translates to an increase in the amount of personal information acquired from those users. Legislations and rules are required in the Metaverse in order to ensure the security of users' personally identifiable information. If this data is not protected, it is possible that a third party will use the personal information for commercial reasons without permission. The Personal Data Protection Act of 2010 (‘PDPA 2010’), which entered into force on November 15, 2013, is the overarching legal framework that governs the existing data protection system. The goal of the Act is to oversee the collection, use, and disclosure of personal data as well as to regulate the processing of personal data. It is opined that the PDPA 2010 is not adequate to protect an individual's data in light of the proliferation of social networking sites. The legislation is intended to safeguard the acquisition and use of personally identifiable data in connection with a ‘commercial transaction’, as stated in Section 2 of the PDPA 2010.[39] In accordance with Section 4, the term "commercial transaction" refers to: ‘(A)ny transaction of a commercial nature, whether contractual or not, which includes any matters relating to the supply or exchange of goods or services, agency, investments, financing, banking and insurance; but does not include a credit reporting business carried out by a credit reporting agency under the Credit Reporting Agencies Act 2010.’[40] As a result, for something to be under the purview of the PDPA 2010, there needs to be some aspect of a commercial transaction involved. Any person who, in the course of operating his business, processes any personal data by a data user is required to comply with the following principles: (1) General Principle; (2) Notice and Choice Principle; (3) Disclosure Principle; (4) Security Principle; (5) Retention Principle; (6) Data Integrity Principle; and (7) Access Principle. These principles are provided under Section 5 to Section 12 of the PDPA 2010.[41] According to these seven principles, personal data can only be acquired and used with the agreement of the person whose data is being collected, and the acquisition of personal data must not be excessive and only be relevant to the reason for which it is being gathered. When personal information is no longer needed, it must be thoroughly and irretrievably erased. In the event that any of the aforementioned seven principles are violated, the offending data user will be guilty of an offence under Section 5(2) and may be subject to a fine of up to RM300,000.00, or imprisonment for a term of up to two years, or both.[42] According to Section 129 of the PDPA 2010, personal data cannot be transferred outside of Malaysia unless inter alia, the data subject consents to the transfer or it is necessary to perform a contract between the data subject and the data user, or the government specifies the place where the transfer must take place.[43] Users share a significant amount of personally identifiable information inside the confines of the Metaverse. It is imperative that the government keep a close eye on the information contained inside the Metaverse in order to foil any plots hatched by third parties to undermine public order or threaten national security. In the not-too-distant future, one of the primary concerns of legislators will be figuring out how to ensure the privacy of individuals' Metaverse data. 2. Identity Theft The excessive sharing, contributing, and saving of personal information and sensitive data on the internet is an issue. Due to rising digitalisation, identity theft cases in the US more than doubled from 2019 to 2020.[44] Events such as the LinkedIn data breach, which exposed 700 million user details, have jolted the electronic world to its core. The most serious security risk for corporate activity today is the one we see on social media. It can never be certain that people are interacting with the exact person they want to connect with, or even with a real person at all.[45] As mentioned before, users’ may customise the appearance of their avatars as they please. This opens to disguising themselves of their identity. According to Lake, identity theft can conveniently happen in the VR as cybercriminals can generate avatars of legitimate users and deceive others.[46] There is no guarantee that the users’ avatars claim of who they are to be. The creation of avatars and their personalisation has no limitations, thus if a criminal avatar was banned by the company of the Metaverse for violating guidelines, they simply can create another avatar. For instance, identity verification is still inadequate therefore the authenticity of avatars’ identity remains unsecured. When a user's identity is stolen, their digital assets, avatars, social ties, and digital existence can be exposed in a more damaging way than conventional identity theft. Virtual criminals can obtain personal information via phishing emails, hijacked devices, and consumer data in order to conduct fraud within the Metaverse itself using the user's own avatar. This method is used when a virtual criminal pretends to be a legitimate user in order to obtain access to the Metaverse's services. In order to implant rogue devices into Bluetooth pairings, attackers may impersonate endpoints. Virtual criminals can also utilise helmets and other wearable gadgets as access points to mimic the user and their credentials. Identity Theft Laws in Malaysia In Malaysia, there is no specific law addressing identity theft within the cyber frame. The closest legislation that could be applied would be Section 416 of the Penal Code, which criminalizes ‘cheating by personation’.[47] However, this law is not adequate to address cybercrimes like identity theft and may result in a legal void and insufficient protection in the Metaverse. Furthermore, the Computer Crimes Act of 1997, specifically Section 3 and Section 4, may be used to address unauthorised access to computer’s material and with the intent to commit a subsequent crime.[48] These laws may be applicable in cases of identity theft through malware for monetary gain, as well as the use of other users’ avatars to conceal illegal activities. When a user's identity is stolen, not only are their digital assets and personal information at risk, but also their digital life within the Metaverse. Moreover, Section 232 and Section 236 of the Communications and Multimedia Act of 1998 (‘CMA 1998’) may be used to address identity theft concerns.[49] These sections regulate fraudulent use of network facilities and services, as well as fraud and related activity in connection with access devices such as account numbers, electronic serial numbers, mobile identification numbers, or personal identity numbers. In the Metaverse, hackers who steal personal information by users may use them to perpetrate fraud, such as unauthorised crypto or NFTs transactions on the blockchain. If hackers do not conduct fraud, they may also be charged under Section 233 of the CMA 1998, which regulates inappropriate use of network facilities or services.[50] In addition, Section 234 of the CMA 1998 may also apply to identity theft cases.[51] This section prohibits the interception and disclosure of communications. For example, if fraudsters use spyware to commit identity theft. Additionally, Section 240 of the CMA 1998 governs the offense of distributing or promoting equipment or devices for eavesdropping of communication. In the Metaverse, the devices used by users’ such as a VR headset may be used for intruding on users as the devices used are vulnerable of spyware, recording every user’s physical attribute such as height, arm span, capability to see colours, and gender. A cybercriminal in the Metaverse may be prosecuted under these provisions if they send a message through the chat box to users with the primary intention of covert interception of the users’ communications and acquiring their login credentials to their accounts or NFT minting services. The PDPA 2010 should also be considered when addressing identity theft cases in the Metaverse. Section 9 of the Act requires organisations that handle personal data of users to ensure the security of such data, in addition to compliance with the Personal Data Protection Standards 2015's minimum security criteria.[52] A violation of this can result in a maximum fine of RM300,000 or a maximum jail sentence of two years, or both, if convicted.[53] Unfortunately, the abovementioned laws cannot adequately tackle the Metaverse at its full potential. Firstly, the nature of the Metaverse is intangible and borderless which means every user is not bound to a territorial jurisdiction. In cases where the perpetrator is not a Malaysian and is not residing in Malaysia, they will not be able to be prosecuted under Malaysian law nor can any Malaysian be bound to the laws outside of Malaysia. Secondly, the Metaverse jurisdictional landscape is bound to its community guidelines. The most uproar Metaverse companies can do is ban users from entering their virtual realm. It is simple per say that a virtual criminal could make up another account to continue their illegal activities. IV. SUGGESTIONS TO ADDRESS LEGAL ISSUES IN THE METAVERSE Having identified and discussed the relevant legal issues pertaining to Metaverse, it is submitted that there are three considerations in dealing with users in the Metaverse. The said considerations that are going to be delved into here are territorial jurisdiction, law governing simulation, and establishment of a Special Court. A. Territorial Jurisdiction As the term implies, this solution encompasses activities performed inside a country's territorial region. States would have the authority to deal with any issues that arose within their borders. For example, if a legal problem emerges in the Metaverse but the perpetrators are physically situated in Malaysia, Malaysian courts will have the authority to handle the situation. The nationality concept is another territorial jurisdiction premise. This includes any legal violations committed by citizens of that country, even if they are not physically present in that country. The passive personality principle, on the other hand, works in the other direction. Any legal difficulties that emerge against any citizen of a certain country may be handled by the legal authorities of that country. The government may then enact laws that apply to the actions of any foreign national. B. Law Governing Simulation When entering the Metaverse, the existence of terms of use is to assists Metaverse companies to tackle any criminal behaviour within the cyberspace. On a usual basis, the ‘terms of use’ would be included towards the end of the registration process where it includes the agreements by which users of Metaverses must comply with. It is known as end-user licence agreements (‘EULAs’). If users fail to abide with the EULAs set by the companies of the Metaverses, then it is up to these companies to either restrict access of users from reaching their platform or resort to other penalties. Take examples from Roblox and Second Life:
C. Establishment of Special Court With the issues in the Metaverse becoming more prominent, there is the need of a special court to assess disputes — whether it is related to civil or criminal matter — that arises in the virtual world. The special court would be assessed by a judge who is familiar and aware of the mechanism of the Metaverse and with the relevant know-how to deal with parties when the virtual problem occurs. When there is a need of an investigation, it would be conducted by law enforcement that must cooperate with Metaverse companies for purposes of collecting evidence through tracing and tracking. This would be a more effective way to handle internal issues of the Metaverse. V. CONCLUSION The legal system established, powered, and executed today is mainly for physically related legal discrepancies that deals with the community daily. It is ever so difficult to place the same legislation in the virtual world which is the Metaverse. The Metaverse is known as a place for people to spend their time and earnings how they please in accordance with community guidelines. However, the issues presented above cannot single-handedly be resolved without clear legislations present. The suggestions provided is to tackle the current problems faced in the Metaverse currently — though the Metaverse is not at its full potential yet. In the future, there will be more issues arising and the legislators of each country will need to devise relevant laws that may help decipher the disputes or sanction criminal acts in the virtual world as the current law has loopholes and lacunas. It is also important to have a separate court to deal with any arising issues of the Metaverse, thus ensuring that the disputes or crimes occurring in the virtual world are able to be assessed by judges and professionals well versed with it. Disclaimer: The opinions expressed in this article are those of the authors and do not necessarily reflect the views of the University of Malaya Law Review, and the institution it is affiliated with. Footnotes:
[1] Merriam Webster. (n.d.). Meta. Merriam Webster. Retrieved from <https://www.merriam-webster.com/dictionary/meta>. Site accessed on 4 Jan 2023. [2] Donets, P. N. (2021). A Place Where Worlds Are Born: On the 30th Anniversary of ‘Metaverse’ by Neal Stephenson. Science and Education a New Dimension, IX(48)(261), 24. [3] Park, S. -M., & Kim, Y.-G. (2022). A Metaverse: Taxonomy, Components, Applications, and Open Challenges. IEEE Access, 10, 4209. [4] Statista. (n.d.). Metaverse – Worldwide. Statista. Retrieved from <https://www.statista.com/outlook/amo/metaverse/worldwide>. Site accessed on 4 Jan 2023. [5] Guidi, B., & Michienzi, A. (2022). Social Games and Blockchain: Exploring the Metaverse of Decentraland. 2022 IEEE 42nd International Conference on Distributed Computing Systems Workshops (ICDCSW), 199. Retrieved from <doi: 10.1109/ICDCSW56584.2022.00045>. Site accessed on 10 Dec 2023. [6] Edward, C. (2022). Are NFTs Key to Accessing the Metaverse? Engineering & Technology, 17(4), 65. [7] Bang, J., Ahn, S. (2022). Action-Based Audit with Relational Rules to Avatar Interactions for Metaverse Ethics. Smart Media Journal, 11(6), 51. [8] European Innovation Council and Small and Medium-sized Enterprises Executive Agency. (2022, Jun 30). Intellectual Property in the Metaverse. Episode IV: Copyright. European Commission. Retrieved from <https://intellectual-property-helpdesk.ec.europa.eu/news-events/news/intellectual-property-metaverse-episode-iv-copyright-2022-06-30_en>. Site accessed on 10 Dec 2023. [9] Legal Information Institute. (n.d.). 17 U.S. Code § 102 - Subject Matter of Copyright: In General. Cornell Law School. Retrieved from < https://www.law.cornell.edu/uscode/text/17/102>. Site accessed on 10 Dec 2023. [10] Russo, J., & Risch, M. (2018). Virtual Copyright. In Barfield, W., & Blitz, M. (Eds.), The Law of Virtual and Augmented Reality. SSRN. https://ssrn.com/abstract=3051871 [11] Friedmann, D. (2022). Digital Single Market, First Stop to the Metaverse: Counterlife of Copyright Protection Wanted. In Mathis, K., & Tor, A. (Eds.), Law and Economics of the Digital Transformation. Springer. https://dx.doi.org/10.2139/ssrn.4097881 [12] Stassen, M. (2022, Aug 30). Blackpink’s Virtual Concert On PUBG Mobile Was Watched By 15.7M Viewers. Music Business Worldwide. Retrieved from <https://www.musicbusinessworldwide.com/blackpinks-virtual-concert-on-pubg-mobile-was-watched-by-15-7m-viewers1/>. Site accessed 20 Dec 2023. [13] See footnote 11 above. [14] Yang, H. (2022, Jul). What Happens When An NFT Project Ends? Formula 1 Ends Its NFT Earn-2-Play Video Game. AISTS. Retrieved from <https://aists.org/what-happens-when-a-nft-project-ends-formula-1-ends-its-nft-earn-2-play-video-game-2/>. Site accessed 20 Dec 2023. [15] Copyright Act 1987 (Act 332) (Malaysia) s 7(1) (‘CRA 1983’). [16] CRA 1987 s 7(3)(a). [17] CRA 1987 s 7 (3)(b). [18] CRA 1987 s 10. [19] CRA 1987 s 7. [20] Bezpečnostní Softwarová Asociace — Svaz Softwarové Ochrany v Ministerstvo Kultury (Court of Justice of the European Union, C-393/090, 22 Dec 2010) I-14005. [21] CRA 1987 s 7(3)(a). [22] Ladbroke (Football) v William Hill (Football) Ltd [1964] 1 All ER 465. [23] CRA 1987 s 7(3)(b). [24] CRA 1987 s 3. [25] CRA 198 s 3. [26] CRA 1987 s 13. [27] CRA 1987 s 36(1). [28] CRA 1987 s 37. [29] Murray, M.D. (2023). Trademarks, NFTS, and the Law of the Metaverse. Arizona Law Journal of Emerging Technologies, 6(3). [30] See footnote 29 above, 4. [31] Minsky v Linden Research 2008 U.S. Dist. LEXIS 143547. [32] Max, T. C. (2012). Litigating Trademark and Copyright Cases in the Metaverse. The Metropolitan Corporate Counsel, 20(2). Retrieved from < https://www.sheppardmullin.com/assets/htmldocuments/tedmaxmetropolitancorporatecounsel.pdf>. Site accessed on 20 Dec 2023. [33] Trademarks Act 2019 (Act 815) (Malaysia) s 3(1) (‘TMA 2019’). [34] TMA 2019 s 2. [35] Koninklijke Philips Electronics NV v Remington Consumer Products Ltd [2006] EWCA Civ 16. [36] Coker, J. (2022, Nov 1). Policing the Metaverse – Law Enforcement's New Challenge. Infosecurity Magazine. Retrieved from <https://www.infosecurity-magazine.com/news-features/policing-metaverse-law-enforcement/>. Site accessed on 16 Jan 2023. [37] Kröger, J. L., Lutz, O. H. -M., & Müller F. (2020). What Does Your Gaze Reveal about You? On the Privacy Implications of Eye Tracking. In IFIP Advances in Information and Communication Technology, 226-241. [38] Trend Micro. (n.d.). EU General Data Protection Regulation (GDPR). Trend Micro. Retrieved from <https://www.trendmicro.com/vinfo/us/security/definition/eu-general-data-protection-regulation-gdpr#:~:text=This%20regulation%20is%20called%20the,all%20individuals%20within%20the%20EU.>. Site accessed on 10 Jan 2023. [39] Personal Data Protection Act 2010 (Act 709) (Malaysia) s 2 (‘PDPA 2010’). [40] PDPA 2010 s 4. [41] PDPA 2010 s 5-12. [42] PDPA 2010 s 5(2) [43] PDPA 2010 s 129. [44] McAfee. (n.d.). A Guide to Identity Theft Statistics for 2023. McAfee. Retrieved from < https://www.mcafee.com/learn/a-guide-to-identity-theft-statistics/>. Site accessed on 20 Dec 2023. [45] Morris, C. (2021, Jun 30). Massive Data Leak Exposes 700 Million LinkedIn Users’ Information. Fortune. Retrieved from <https://fortune.com/2021/06/30/linkedin-data-theft-700-million-users-personal-information-cybersecurity/>. Site accessed on 16 Jan 2023 . [46] Lake, J. (2020). Hey, You Stole My Avatar!: Virtual Reality and Its Risk to Identity Protection. Emory L. J., 69(4), 833. [47] Penal Code (Act 574) (Malaysia) s 416. [48] Computer Crimes Act 1997 (Act 563) (Malaysia) s 3, 4. [49] Communications and Multimedia Act 1998 (Act 588) (Malaysia s 232, 236 (‘CMA 1998’). [50] CMA 1998 s 233. [51] CMA 1998 s 234. [52] PDPA 2010 s 9; Personal Data Protection Standard 2015 (Malaysia). [53] PDPA 2010 s 5(2). [54] Tilia. (2023, Nov 20). Tilia LLC User Terms of Service. Tilia. Retrieved from <https://www.tilia.io/legal/terms-of-service#term-and-termination>. Site accessed on 25 Jan 2023. [55] Roblox. (n.d.). Roblox Community Standards. Roblox. Retrieved from <https://en.help.roblox.com/hc/en-us/articles/203313410-Roblox-Community-Standards>. Site accessed on 25 Jan 2023.
0 Comments
Leave a Reply. |
CategoriesAll Comments Criminal Law Environmental Law Law And Society UMLR |