Virtual reality (VR) and augmented reality (AR) are now considered mainstream technologies, and if your company is not yet using them, it will be.

AR has the ability to blur the lines between reality and computer-generated information, whereas VR is further along the spectrum of computer-generated content and involves the creation of an immersive, wholly computer-generated environment.

Both are known primarily for their use in recreation, most notably video games, though the technologies are also being incorporated into other industry sectors. Some argue AR will change the way we work, for example architects in various locations around the world may be able to, in real time and in 3D, manipulate the designs of buildings. And VR is already being used to train people in various industries, such as the military and medicine. Indeed, some experts believe that AR and VR will achieve widespread adoption in commercial applications well before either receives widespread consumer adoption for recreational purposes.

So regardless of how your company might adopt AR or VR, are you prepared to address the legal issues that will likely pop up as your company integrates the new technologies into its business? This article looks at certain intellectual property issues, privacy and security issues, and ways to address them.

Consider Whose Intellectual Property You Are Using

AR represents a significant leap in how computer-generated intellectual property is used. No longer is the user experience dictated solely by a software engineer or game designer, for example. The ability to choose-your-own-adventure, so to speak, in AR, means that users will often be able to interact with the intellectual property of third parties who likely did not agree to be part of the AR experience. Some brands may not want to be associated with certain kinds of AR technology. To the extent that an AR application directs the user to certain brands, it is prudent to have approval for the use of that brand. More generally, though, it is also a best practice to consider whether you want to allow any brand (or indeed, any third party) to opt out of the experience.

Another interesting area to watch will be how AR companies address copyright issues, because AR allows digital media to be overlaid on top of the real world. With regard to the Internet, litigation about overlays (such as pop-ups) typically involves a robust discussion of whether the overlay is a transformative use of the original copyright. So far, the use of AR technology has generally been rather transformative. But as AR becomes more commercial and ubiquitous, the application of the transformative doctrine to AR technology could be very interesting.

Moreover, under copyright law, there is an exception to copyright ownership for architectural works visible from a public place. However, certain uses of AR may encourage use of or engagement with protected copyrights in an infringing manner. Relatedly, the AR application's re-use of a user's own content raises yet another layer of copyright issues. Compliance with the Digital Millennium Copyright Act, drafting robust terms of use, intellectual property licensing, and other technology-specific strategies will be best practices for deterring claims of infringement against an AR application. Remember that it is important that the lawyers thinking about how to protect the company understand the application that they are protecting – so use the application and ask questions.

Many uses of AR technology involve a wide array of partnerships and licenses. Practitioners working through these licenses should understand – and document – what is being licensed and how the licensed property may be used in technology. Purveyors of AR should pay close attention to what their competitors do to address and manage risk.

Don't Forget About Privacy and Security Concerns

AR technology also presents interesting and novel questions around privacy and security. AR companies engage in data practices that are, in some respects, similar to those employed by other companies: they collect, store, and use various user data to enhance the user experience and sometimes share data with network affiliates and business partners. A difference is that AR companies are often collecting different kinds of data, such as data related to a device's movements and the dimensions of the room in which the user is using equipment. In addition, AR technology may give a company the ability to constantly record data in relation to everything a user is doing. For example, AR applications might track where a user is looking and how long the user looks at an object or person.

AR companies take the view that this information is useful for, among other purposes, improving user experience and minimizing health and safety risks. AR companies also explain that the collection of this data is critical for the continued development of AR software. Additionally, AR companies and other brands may find this data valuable, as the data may represent an opportunity to monetize an AR application. Among other privacy challenges raised by AR, this potential for large-scale data collection and collection of new kinds of data (e.g., user movements) makes it important for AR companies to have thoughtful internal privacy policies that articulate the nature of data collected and the ways in which it will be used and shared. Such policies will need to be reviewed and updated as AR technology continues to evolve to reflect how companies capture and store new data.

It is also important for AR companies to implement appropriate technical and organizational security measures designed to protect the significant amount of user information that may be stored and transmitted. Part of minimizing this security risk includes designing and implementing a robust internal security program and ensuring that the program is routinely tested, maintained, and updated. In addition, AR companies need to conduct appropriate pre-engagement diligence in advance of contracting with vendors to ensure that a potential vendor offers industry standard security controls. Finally, AR companies should ensure that service provider agreements include reps and warranties with respect to the service provider's privacy and security practices, including but not limited to an obligation to notify the AR company in the event of a data breach.

Where Are Things Heading?

In May 2017, House members formed a "reality caucus" to consider issues related to virtual, augmented, and mixed realities. Right now, the objective of this caucus is to learn about these technologies and educate other members of Congress about them. However, we might also caution that the creation of this caucus signals an opportunity and reason for the AR industry to consider and develop best practices while the industry remains nascent.

Conclusion

As we have seen time and again, new technologies do not necessarily mean new statutes or case law, which can be slow to catch up. Lawyers advising on these new technologies should do what they were trained to do – apply the existing rules and precedents to the best of our ability, use our knowledge of the technology and applicable laws to project how the law will develop. VR and AR remain so cutting edge – at least from the perspective of legal jurisprudence – that we are still in the stage of applying established rules and precedents to these emerging technologies. However, we will continue to track developments as they occur and become more tailored to these specific technologies.