Sen. Al Franken Has A Few Questions About Oculus Rift’s Privacy Policy

While we’ve been talking about virtual reality for decades, the current slate of VR headsets marks the first time we’ve seen anything close to widespread adoption of the technology. And when one of the leading companies in the field also happens to be owned by a company that makes billions of dollars tracking your online behavior, you can’t fault people for being concerned about privacy.

Yesterday, Sen. Al Franken (MN) sent a letter [PDF] to Facebook-owned Oculus, raising a number of concerns about the privacy policy for the Oculus Rift VR headset.

While Franken notes that he appreciates that Oculus’ privacy policy provides detailed information about “what data are collected, when they are collected, and with which companies they are being shared,” he expresses concerns about certain types of information Oculus collects from users, and the nature of its relationship with third parties.

“Oculus has stated that it automatically collects users’ physical movements and dimensions. Is this collection necessary for Oculus to provide services?” Franken asks in one of six questions. “Are there any other purposes for which Oculus collects this information? Does Oculus share this information with third parties, including its ‘related companies’, for any other purpose than the provision of services??

He goes on to ask if location information Oculus collects is necessary for Oculus to provide services, or if it collects it for any other purposes, and queries whether the company shares that information with third parties.

Franken also wants to know if Oculus really needs to store communications among users and information related to those communications to provide services. If so, how long it will retain the data?

If Oculus is going to be sharing data with “related companies,” who’s responsible for providing information about that relationship to consumers, if anyone? Franken asks, adding, “Which company is responsible for providing security information to consumers?”

Franken ends by asking Oculus about the section of its privacy policy that notes that no data transmissions or storage can be “guaranteed to be 100% secure,” and that there may be leaks, thefts, or otherwise inadvertent disclosures of user data.

“What precaution does Oculus currently have in place to ensure the security of consumers’ data?” Franken asks, before thanking Iribe for his “prompt attention to this important matter.”

The letter asks that Oculus CEO Brendan Iribe respond to Franken’s office by May 13.

It’s worth noting that Franken isn’t the first to approach the privacy policy with a critical eye: UploadVR co-founder and editor-in-chief Will Mason highlighted some issues he had with the privacy policy’s possibly far-reaching implications last week. Oculus Oculus responded a few days later, telling UploadVR that it’s thinking aout privacy “every step of the way,” but in its effort to “create the absolute best VR experience for people,” it needs “to understand how our products are being used.”

“The Oculus privacy policy was drafted so we could be very clear with the people who use our services about the ways we receive or collect information, and how we may use it,” the company said. “For example, one thing we may do is use information to improve our services and to make sure everything is working properly — such as checking device stability and addressing technical issues to improve the overall experience.”

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.