"In 10 years you won’t go to meetings – you’ll digitally teleport to them." Meta Founder, Mark Zuckerberg
Noting that the metaverse will not be built overnight by a single company, Meta said that many of the products to be designed for Meta's concept will only be fully realized within the next 10-15 years. But Meta founder Mark Zuckerberg is promising to spend $10 billion a year on the metaverse over the next ten years as other major tech groups chase after him. He claims that in that time, the metaverse will reach one billion people, hosting hundreds of billions of dollars in digital commerce.
In January, Microsoft acquired gaming company Activision, considered one of the world's largest developers and publishers of video games, in a $75 billion deal to provide the building blocks for the metaverse. Microsoft's CEO Satya Nadella said that we will soon be sitting at a conference room table, either with our avatars or our holograms. But how do we adapt to employment in the metaverse, with labor laws largely developed in the context of the physical office? With the emergence of the Metaverse, we can say that both commercial and legal issues have come to the fore in areas such as contracts, data protection, and employment. Based on these ambitious statements, we examined the virtual office model, the metaverse phenomenon, its effects on the business world, and how employee data can be protected within the framework of current regulations.
“Corporate” Metaverse
During the pandemic, the way of working online has become a model adopted by most companies. Many employees continue to hold their meetings through applications such as Zoom and Teams due to the COVID-19 outbreak. Therefore, we can say that online meetings have replaced face-to-face meetings. As of mid-2020, the number of full-time remote workers in the US has increased by more than 40% compared to pre-COVID eras, according to the Stanford Economic Policy Research Institute. Technology companies that invest in the metaverse field such as Meta and Microsoft are carrying out some projects for the transition to "virtual meetings", the next version of online meetings. According to the research of B2Press Online PR Service, 44 percent of employees want to work in the metaverse environment and this Bill Gates wrote on his blog, “In the next two or three years, I predict that most online meetings will move from 2D camera image grids to 3D space with metaverse digital avatars. Eventually, you will use your avatar to meet people in a virtual space that replicates the feeling of being in a real room with them,” he wrote. He also added that virtual reality (VR) glasses and motion capture gloves are necessary to understand body language and be able to hear the voices of others. Undoubtedly, such tools will expand the reach of employees, allowing them to run their businesses virtually.
Metaverse will create powerful opportunities for team building and collaboration in the virtual business world. While employees are in different locations in the physical world, they will be able to be in the same study room with their colleagues in the digital world. In this working model, which we can call a virtual office, employees will be able to attend meetings with their digital twins. Horizon Workrooms, a product of Meta company, and Mesh for Teams, which continues to be developed by Microsoft, can be given as examples of these projects. Meta claims that the work experience in the metaverse is much more real than Zoom or Teams meetings, with the detection of three-dimensional images, sound, and sensitive hand movements.
Company employees of Horizon Workrooms announced that they have successfully realized the virtual meeting experience using their avatars. The goal of both projects is to enable the employees to come together around a virtual table to discuss and maintain the work interactively. Moreover, through the three-dimensional digital twin, for example, an employee operating in the retail sector will be able to manage and control more than one store. A meeting can be held with simultaneous translation with someone who does not speak the same language or uses sign language. Therefore, hearing and speech barriers will no longer be an obstacle. MediaRubic, which provides services in the field of digital learning technologies in Turkey, took its place in Spatial, the metaverse platform, with MetaOfis. Claiming that it carries the seriousness of the real meeting room in its design, the company stated that it has an office with a campus look, an amphitheater with a giant screen where users can broadcast content, indoor and outdoor areas where they can socialize, a meeting room and a virtual classroom.
Is Business Law ready for the Metaverse?
Although Metaverse takes hybrid work one step further, it brings with it many legal problems. In terms of labor law, issues such as how employers will pay their employees, how the working hours and rest periods will be determined within the company, whether a work accident will occur as a result of malfunctions of vehicles, and bodily harm when employees switch from home to a virtual office with VR glasses may come to the fore. Practical difficulties may arise, such as how to revise employment contracts within the scope of the metaverse, and who will be responsible for unauthorized access to one of the avatars. However, it is very important to make a legal definition of the legal identity of avatars. In the Turkish legal system, there is no clear definition of avatars, which correspond to users, yet. Although avatars are a three-dimensional reflection of the users, it does not seem possible to qualify them as representatives because they do not legally have the title of the person. However, although the legal dispute does not take place in the metaverse environment, it is useful to examine the decision of the Court of Cassation dated 2020. In the incident that is the subject of the decision in question, the character he uses in the game, namely the avatar he created, is sold to a third party after the plaintiff's e-mail address is entered without permission and the account information in the game "Knight Online" is stolen. Thereupon, the Court of Cassation states that the avatars have material value and concludes that the defendant obtained an unfair advantage over the avatar sold to the third party. In yet another decision, Antalya BAM accepts that the digital asset in the social media account and digital wallet of the deceased should be inherited with its decision in 2020. Based on this decision, it can be concluded that the assets owned in the metaverse can also be inherited and evaluated in the estate. However, the evaluation of avatars in this context will be determined in the future. Considering the explanations above, we can say that avatars are a material value or a means of communication, or there is a need for a determination on the definition of a new legal identity under the name of "metahuman".
Although it is important to clarify the legal identity of avatars clearly, let's examine the issue from a labor law perspective. The wheels of the physical business world turn with each country's legal regulations. Belgium, for example, has officially switched to working only 4 days a week because of the increase in working hours with the working from home model. In California, workers can be fired without notice, while in the Netherlands, employees are generally not dismissed without approval from the court or the Dutch employment agency. Employers in Turkey must have a valid or justifiable reason for the termination of the employment contract. So, will national legislation protect employees, or does working in the metaverse world require a completely new legal arrangement? It is defined as a virtual model of the behavior and consequences of a physical product or service in the real world. In simpler terms, the digital twin; is a virtual model of a process, product, or service.
Under normal circumstances, the legal regulations of that region apply in whichever country or state the companies are physically in. However, when the metaverse is involved, rules by the decentralized structure will have to be operated. For this, to eliminate the problems that may occur in the virtual office environment, legal problems will be resolved either according to the law of the country where the metaverse platforms are established or according to the law of the country where the company and the parties having problems are located. If the legal processes are determined according to the law of the country where the platform is located, the laws of the country where the parties are located will lose their validity. If we look at the subject from another angle, the metaverse is a platform and the basic principles of the employer-employee relationship exist independently of this platform. In this relationship, it seems that it will not be possible for the parties to renounce the applicable country law. However, it should be noted that there are also opinions regarding the creation of world-specific rules independent of countries. Although different opinions on the subject are presented, the uniform rules suitable for the metaverse world have not been determined yet. The "Management Data and Artificial Intelligence for Everyone" study published by the European Parliament Research Group in July 2022, which companies and organizations that will be involved in the virtual business world in Metaverse can follow in determining their responsibilities, draws attention. The study, which includes the rules for the use and operation of artificial intelligence systems, can also be applied to the metaverse by analogy. In addition, the internal guidelines that determine the rules of operation in the metaverse environment will need to be updated taking into account the specific features of the platform.
How Will the Protection and Transfer of Employee Data Take place?
While examining business life in Metaverse, it is necessary to mention how employee data will be processed, stored, and transferred, since it is important for employers. Because, given the scale of personal data that technology companies like Meta expect to collect and monetize with employee participation in the metaverse, important responsibilities on the employer side regarding privacy and data security come to the fore.
The Financial Times produced a report analyzing hundreds of Meta's applications to the U.S. Patent and Trademark Office. The report in question included that Meta collected many biometric data from eye twitches to nose sprains and body movements. This type of data helps companies ensure that the digital environments they create are realistic, and they are also used to direct targeted advertisements. In the physical world, the EU General Data Protection Regulation (GDPR) regulates what employee data can be processed, stored, and transferred, including employers' medical and personal records, as well as assessments of those records. Within the scope of these rules, companies that want to join the metaverse world should consider how to protect their employees' data in the virtual world and comply with data protection legislation. For this reason, when both Turkish and EU laws are taken into consideration, Meta's collection of biometric data for mimics, which we mentioned above, may cause Turkish and EU companies to not favor Horizon Workrooms.
Under EU Law, Article 44 of the GDPR prohibits the transfer of personal data of EU citizens to countries outside the European Union that are not equivalent to the EU in terms of data protection laws unless certain safeguards are provided. Again, within the scope of employment contracts in EU member states, the processing of personal, health, and biometric data of employees is subject to certain rules. Although these rules vary between member states, they contain additional compliant regulations to GDPR.
In Turkish Law, except in exceptional cases within the scope of KVKK, employers are prohibited from processing personal data and sensitive personal data of their employees without their explicit consent. At the same time, processed personal data should not violate the principle of proportionality. In addition, it is also held responsible for fulfilling the obligation to inform about the purposes for which the processed data is processed, where it will be stored, or who can access it. For example, apart from exceptional provisions, employers are required to obtain explicit consent if they process biometric data such as fingerprints of employees. At the same time, fingerprint data needs to be limited and measured, related to the purpose of processing. In such a case, a magnetic card system or an SMS entry model may be adopted instead of fingerprint data, which is biometric data in terms of overtime control or physical space security in terms of workplaces. In addition, it is within the scope of the law that the processed data cannot be transferred to the country and/or abroad without the express consent of the employees. If the conditions stipulated for the transfer of personal data are met, it is stipulated that there should be sufficient protection in the foreign country to which the transfer is made and that certain procedures should be applied in cases where it is not available. It is stated by the Board that all e-mails sent and received in the use of e-mail service in workplaces whose servers are located abroad are considered as transferring personal data abroad, and those necessary procedures should be followed by employers.
When evaluating in terms of GDPR and KVKK, it is necessary to ensure that the data of the employees are used and protected only for the stated and agreed purposes by the consent they have given in the metaverse. For this, the compliance of service agreements with platform partners with the law should be observed. At the same time, employers should note that all current data privacy principles apply in the metaverse environment just as they do in the physical world. From this perspective, it should periodically review and update all standard operating procedures, risk management checklists, and compliance guides regarding the metaverse accordingly.
Employers will need to strike a balance between monitoring employee activities and protecting employees' right to privacy. In the UK, the trust clause is an implied condition of every employment contract, but intense employee tracking violates this clause. To combat this issue, employers need to carry out a data protection impact assessment and ensure that any monitoring done is proportionate, used only for legitimate reasons, and where less intrusive measures are not possible. Compliance with the law seems very difficult in a metaverse environment where all kinds of movements of employees can be recorded and tracked. Therefore, it is expected that a data privacy law with inclusive and uniform rules will be created by the regulatory authorities for virtual office operation only in the metaverse.
With all the opportunities that the Metaverse will bring, come complex legal problems related to the way businesses operate. Companies need to anticipate these problems and take the necessary actions for legal compliance processes. Companies that will participate in the virtual working model in Metaverse are required to carry out both Labor Law and KVKK compliance processes, and to professionally audit the data they process and keep in information systems.
By Onur Kucuk, Managing Partner, and Ezgi Anasiz, Associate, KP Law