Sponsor briefing: Navigating the metaverse – negotiating boundaries in this borderless world

Nicholas Lauw, Yuankai Lin, Selina Toh and Pu Fang Ching from RPC Premier Law on the legal issues related to the metaverse

The term ‘metaverse’ was originally coined in a 1992 science fiction novel, Snow Crash. The term would receive global attention 29 years later when Mark Zuckerberg rebranded Facebook as Meta and announced that it would be building its own version of the metaverse.

So, what is the metaverse? Viewed as the next version of the internet, the metaverse is a network of virtual spaces which offers people all around the world an interactive social experience. Users can interact with one another through the use of avatars in multiple three-dimensional virtual worlds as well as conduct transactions using cryptocurrencies.

In the absence of any international regulatory standards or guidelines, it is questionable as to whether the existing systems of laws in the physical world are fit for purpose in governing developers’ obligations and users’ conduct in this enigmatic ecosystem.

It would be foolhardy to believe that the metaverse would be a utopian virtual reality. As with past and present versions of the internet, disputes between users are inevitable especially with a much greater degree of interaction anticipated in the metaverse. Users are also at risk of being victims to criminal acts perpetuated by bad actors online.

Furthermore, in the absence of any international regulatory standards or guidelines, it is questionable as to whether the existing systems of laws in the physical world are fit for purpose in governing developers’ obligations and users’ conduct in this enigmatic ecosystem.

Clash of the verses

A key characteristic of the metaverse is decentralisation. In the popular metaverse ‘The Sandbox’, ‘land’ within the metaverse is sold in the form of non-fungible tokens (NFT). The owner of the ‘land’ is free to alter its metadata as he or she wishes. Any user is free to create, buy, transfer and trade digital game assets within the metaverse. As such, a user purchasing an asset on the metaverse is likely not dealing with the publisher of ‘The Sandbox’ at all, but with another user.

This immediately differentiates the metaverse from more traditional e-commerce platforms such as Amazon or Lazada where a set of terms and conditions governs transactions that take place. Unlike platforms such as eBay, metaverses may not collect identifying information about its users, or set out a clear dispute resolution procedure. This raises issues, such as the conflict of laws, when a dispute arises between users domiciled in different locations and/or where their avatars are located in different metaverses.

Where conflict of law issues arise, the Singapore courts would generally consider whether Singapore is the forum with the most real and substantial connection to the dispute in question. In the metaverse where virtual borders exist in place of physical ones, it may not be a straightforward exercise determining the forum and/or the governing law of such digital transactions. The traditional ‘real and substantial connection’ test would require a court to consider connecting factors such as the location of the users, the location of the avatars, the relevant server(s) and whether data is transferred between different metaverses.

The risk of these potential uncertainties could be mitigated with standard terms and conditions incorporating a choice of forum and governing law for users of a particular metaverse. However, unless there is a unanimous set of terms and conditions governing the different metaverses, conflict of law issues will still arise where the transaction involves multiple metaverses. Indeed, the regulation of the metaverse remains subject to much debate and uncertainty and users should prepare themselves for the myriad unprecedented legal issues that may lie ahead.

Fraud and asset recovery

Innovation cuts both ways. While the novelty of evolving technologies may be enthralling, their unfamiliarity has contributed to the emergence of new scams which are hard to predict. For instance, in 2021 alone, the value of cryptocurrency-related crimes reached US$14bn, an increase of 79% from 2020. Similarly, while the next version of the internet presents endless possibilities for its users, the risks of falling prey to new scams in the unchartered waters of the metaverse are ever-present. Crimes and scams such as the theft of cryptocurrency, fraud, identity and copyright theft and money laundering will be hard to anticipate, prevent and remedy in the metaverse.

Victims of such crimes or scams in the metaverse may presently seek relief under the law through an array of traditional asset recovery processes. Depending on the circumstances, a defrauded party may seek a freezing order on certain assets or the proceeds of fraud, mandatory or prohibitory injunctions to compel or restrain any person from performing specific acts, a search order to obtain evidence of the fraud, as well as third-party and/or pre-action discovery. Applying these relief to claims in the metaverse will not be straightforward, but the Singapore courts have demonstrated the willingness and ability to adapt these processes to claims arising out of the virtual realm.

In CLM v CLN [2022] SGHC 46 (CLM) which involved cryptocurrency theft, the Singapore High Court granted a proprietary injunction and a freezing order against persons unknown as the description of the unknown defendants was sufficiently certain to identify both those who are included and those who are not. The court also considered that cryptocurrencies satisfied the legal characteristics of property as they were definable, identifiable by third parties, capable in its nature of assumption by third parties, and have some degree of permanence or stability. In granting the freezing order, the court was alive to the heightened risk of dissipation in the virtual world where digital wallets may be created to frustrate any tracing and recovery efforts, and where cryptocurrencies may be transferred swiftly with the click of a button. The plaintiff also obtained disclosure orders against the cryptocurrency exchanges (where portions of the stolen cryptocurrency assets had been transferred) to understand what remained of the stolen crypto assets and their whereabouts.

Innovation cuts both ways. While the novelty of evolving technologies may be enthralling, their unfamiliarity has contributed to the emergence of new scams which are hard to predict.

In another case, the Singapore High Court granted a worldwide proprietary injunction on behalf of a Singaporean NFT investor to freeze the sale and ownership of a rare NFT. In coming to its decision, the court observed that a NFT could constitute property and that damages would not be an adequate remedy because of the unique nature of a NFT. The court also assumed jurisdiction to hear the present dispute as the claimant was located in Singapore and carried on his business here (notwithstanding the difficulties posed by the decentralised nature of blockchains in establishing jurisdiction of the dispute).

Crimes and scams in the metaverse will certainly increase in number and sophistication. It is very likely that the Singapore courts will be called upon repeatedly to adapt traditional asset recovery processes to provide relief for innovative acts of fraud.

Intellectual property

The re-creation of ‘in real life’ products and experiences within the metaverse can result in intellectual property rights disputes where parties create reproductions of objects or trade marks in the metaverse which they may not own the rights to in real life.

Earlier this year, the luxury brand Hermès commenced legal proceedings in the US District Court for the Southern District of New York against American artist, Mason Rothschild, for creating and commercialising in the Metaverse around 100 NFTs associated with digital representations of Hermès Birkin bags covered in faux fur and patterns, polka dots, and other artworks. The artist’s NFTs, termed ‘MetaBirkins’, took off in the Metaverse, and by early January 2022 these ‘MetaBirkin’ NFTs had been sold in excess of an aggregated US$1m. Hermès sued the artist for trade mark infringement and dilution, misappropriation of its BIRKIN trade mark, cybersquatting (on the basis that the artist had registered and used the domain name MetaBirkins.com, false designation of origin and description, and caused injury to business reputation). In May 2022, US District Court of the Southern District of New York summarily denied the artist’s motion to dismiss Hermès’ lawsuit and the case continues. However, it is worth noting that the case is based largely on trade mark infringement. If the artist had chosen to use a virtual image of a Birkin bag without using the word ‘Birkin’, Hermès’ case for trade mark infringement might have been weaker despite the fact that the shape of the Birkin bag is arguably recognisable in and of itself as a Hermès product.

Complications also arise with regard to protecting trade marks for use on the metaverse. A trade mark registration confers protection of the mark to the goods and services designated in the application. Trade mark proprietors should also consider classes of goods and services outside of the traditional classes applicable to their goods and services when filing their marks to cover use on reproductions of physical goods and services on the metaverse.

The metaverse also has the potential to exacerbate issues relating to the infringement of trade marks online. Infringement online can occur where a party who has trade mark rights in one country, offers or sells goods and services under the same mark to a country where it does not have rights. To avoid claims of infringement, websites tend to limit the availability of goods and services on their websites to internet users from countries where the website owner has trade mark rights, and take steps to make this obvious to visitors to the site. National boundaries, however, may not strongly feature in the metaverse. As such, a shop in the metaverse may end up selling or offering to sell digital assets to users from countries where they do not have trade mark rights, increasing the risks of trade mark infringement.

Finally, there is the issue of how to enforce trade mark rights against another metaverse user. Many users in the metaverse hide behind avatars, with limited to no information available about the real identities of these users. Moreover, given the decentralised nature of metaverse platforms, the question of whether such platforms have responsibility in relation to such infringing acts and/or will have to implement enforcement mechanisms (such as identifying the avatars) to resolve disputes between users are also being debated.

Data protection

As a virtual world where users are able to ‘live’ in, the metaverse will be a gateway to more nuanced and complex forms of cyber security and data breaches such as unprecedented phishing scams, malware invasions, as well as social engineering attacks.

As a digital representation of real life, it is not hard to envisage the amount of personal data that can be collected from a user’s actions on the Metaverse. This is especially if the user has ‘doxxed’ himself (ie, revealed his true identity making it easy to associate a wallet address or an avatar with an actual person).

Each country has its own data protection laws and regulations. In a decentralised metaverse full of people originating from different countries and where content is not centrally controlled, it may be difficult to determine which data protection laws apply. The metaverse may be hosted on the servers of a party from one country. That party then sells ‘land’ in the metaverse to another party from another country. This ‘land’ may be used to host content by a participant from a third country. If personal data of users from all over the world who consume the content on the ‘land’ is collected and used, all parties must be aware of what their respective potential personal data protection objections are. Moreover, given that many data protection laws and regulations only apply to organisations and entities that process personal data as part of their activities, and not individual users acting in their personal capacity, current data protection laws and regulations may be insufficient to tackle a decentralised Metaverse in which there is no centralised body governing the interactions among users.

Commentary

The metaverse has the potential for exponential growth where burgeoning opportunities await for individuals, businesses and the community at large. Developers, service providers and users of the metaverse themselves must be alive to the myriad potential legal implications and risks that lurk in the backdrop, in order to foster and develop a safe environment for all stakeholders.