Usable Privacy in Virtual Worlds: Design Implications for Data Collection Awareness and Control Interfaces in Virtual Reality

TL;DR

The paper tackles the problem that VR privacy interfaces are largely inherited from 2D interfaces and fail to exploit immersive 3D affordances. It couples hands-on concept-brainstorming with novice designers and a privacy-expert focus group, using a VR escape-room sandbox to generate and evaluate data-collection awareness and control mechanisms. Key contributions include low-fidelity VR privacy concepts, refined concepts evaluated by usability/privacy experts, and a set of actionable design implications emphasizing privacy-by-design, granular control, transparency, and thoughtfully gamified interactions. The findings offer practical guidance for designing privacy-aware, engaging, and trustworthy VR experiences in data-rich XR environments. The work advances usable privacy in XR by proposing VR-specific interfaces that balance engagement with informed consent and data minimization.

Abstract

Extended reality (XR) devices have become ubiquitous. They are equipped with arrays of sensors, collecting extensive user and environmental data, allowing inferences about sensitive user information users may not realize they are sharing. Current VR privacy notices largely replicate mechanisms from 2D interfaces, failing to leverage the unique affordances of virtual 3D environments. To address this, we conducted brainstorming and sketching sessions with novice game developers and designers, followed by privacy expert evaluations, to explore and refine privacy interfaces tailored for VR. Key challenges include balancing user engagement with privacy awareness, managing complex privacy information with user comprehension, and maintaining compliance and trust. We identify design implications such as thoughtful gamification, explicit and purpose-tied consent mechanisms, and granular, modifiable privacy control options. Our findings provide actionable guidance to researchers and practitioners for developing privacy-aware and user-friendly VR experiences.

Figures (4)

• Figure 1: Overview of the design process for VR data collection awareness and control interfaces. a) Novice game designers and developers ideate and sketch innovative solutions tailored to 3D virtual environments during concept brainstorming and sketching sessions. b) The generated design concepts are analyzed and discussed in a focus group with usable privacy experts to assess effectiveness and feasibility. c) Insights from the design and evaluation stages inform a set of design implications.
• Figure 2: Puzzle rooms from nair2023exploring. a) The monitors display different letters on Ishihara color test plates. Depending on the word the user can read, color blindness can be inferred. b) The user has to mimic the poses displayed on the wall to reveal the password, enabling measurement of their wingspan. c) When the panels on the wall turn from red to green, the user has to press the button on the table to uncover the letter of the password, revealing their reaction time. d) The password is written in different foreign languages around the room; the direction of the user's gaze reveals which language(s) they recognize.
• Figure 3: Overview of themes emerging from the thematic analysis of the design sessions and the focus group.
• Figure 4: Privacy control interfaces in the telemetry escape room, where users have to perform a set of four poses to uncover a password on the wall, thereby revealing their height and wingspan. (a) The user interacts with a whiteboard displaying data collection information, using green and red erasers to accept or deny permissions. Denying triggers an alternative task where players draw poses instead of performing them physically. (b) The user can manipulate a virtual 3D mannequin to perform poses, providing a less data-intensive approach to completing the task and uncovering the room’s password.