Once concepts belonging purely to science fiction, virtual reality (VR) and augmented reality (AR) have changed from being mere constructs of our imagination to a powerful marketing tool with tremendous business potential. Since their explosion in popularity back in the early 2010s, many brands have jumped on the bandwagon to take advantage of the technology and reinvent their customers’ retail experience.

In particular, VR and AR are gaining ground in Asia’s retail scene. The Chinese government has even backed the development of VR in its national development initiatives. As part of its mandate to bolster new areas of economic growth, China has stated in its 13th five-year plan that, amongst other emerging cutting-edge fields, it will spur innovation and industrial application in VR.

VR and AR present retail companies with a plethora of options to connect customers with their products like never before. Using AR technology, Rebecca Minkoff and Lacoste allow its customers to virtually try on their clothing through a phone or mirror screen. With a VR headset, Alibaba transported its customers to Macy’s New York store as part of its 2016 Singles Day shopping festivities, and through its Buy+ and Alipay tools, allowed them to make purchases in the VR environment by simply nodding. Thanks to these interactive retail tools, Alibaba’s sales on Singles Day 2016 rocketed to US$17.8 billion, far beyond the total of US$14.3 billion in 2015.

While use of VR and AR in the retail sphere could result in great benefits for companies, caution should be exercised as such technologies are not without their potential legal risks.

Privacy

In addition to compliance with local and international data privacy regulations, enterprises should pay special attention to any biometric data that is collected through VR/AR. Due to the immersive nature of VR/AR technologies, biological traits of such customers are often measured and recorded through features often found in VR/AR, such as facial recognition and body tracking. Such biometric information is classified as sensitive personal data in many countries such as Australia and India, and requires special treatment. For instance, consent must be obtained before collecting sensitive personal data, and such data cannot be shared by related corporate bodies in the same way as they may share other personal information.

Security

As with any technology, VR/AR are vulnerable to cyber attacks. Companies should ensure that proper safeguards are in place to protect customer data. These safeguards include vetting VR/AR service providers to examine their technological and security capabilities, periodically reviewing VR/AR service providers’ authentication policy and access control policy, and having appropriate encryption for secure transmission of data.

State Restrictions

In some APAC countries, local restrictions may impede or even prohibit certain application of VR/AR technologies. Take Pokémon Go as an example. China has banned the popular AR game following the China Audio-video and Digital Publishing Association’s decision that the game poses geographical information security and customer safety risks to Chinese citizens. The decision stemmed from the frequent traffic accidents caused by distracted Pokémon Go players and the state’s national security concerns over the game. In South Korea, the launch of Pokémon Go was delayed because of the game’s reliance on Google Maps, which was restricted in the country for national security reasons. It is therefore imperative for businesses to thoroughly understand the local landscape and restrictions in its targeted jurisdiction before launching any VR/AR offering there.

Intellectual Property Rights

An understanding of local regulations on intellectual property rights is also important for enterprises when they are engaging VR/AR service providers. While legislation on copyright across jurisdictions often contain exceptions where copyright-protected works may be reproduced without the owner’s consent, companies should ensure that any usage of their copyrighted works falling outside of such exceptions are closely controlled. For example, Hong Kong’s Copyright Ordinance permits the incidental inclusion of copyrighted work in a sound recording, film or broadcast. This means that a VR/AR service provider may include copyrighted work on its VR/AR platforms without the copyright owner’s consent if the inclusion is incidental. Hence, where the engagement of the service provider involves use of copyrighted materials falling outside such exceptions, enterprises should exercise extra caution in regulating such uses, such as restricting the reproduction of the copyrighted materials through a license agreement with the VR/AR service provider.

Ownership of VR/AR content is another issue that must be addressed in the VR/AR license agreement. In order to create a VR/AR experience, VR/AR service providers have to convert the company’s materials into VR/AR content. Brand owners must push for ownership of such content in the licensing agreements with their service providers. In particular, content ownership in relation to live events and online streaming must be clearly set out.

Although VR/AR is becoming increasingly prevalent in the market, there is yet to be any established search engine for VR/AR content on the internet. This makes the search and monitoring of infringing activities challenging at this time. It is therefore more important than ever for companies to bolster protection of its intellectual property through contracts and defensive registrations to meet the added level of risks that AR/VR introduce.