Standard

This document is a Call for Technologies (CfT) for the MPAI Metaverse Model (MPAI-MMM) - Architecture Technical Specification. MPAI has already published two documents belonging to the MPAI-MMM project: MPAI Metaverse Model - Functionalities [3] and MPAI Metaverse Model - Functionality Profiles [4]. They were developed as a basis for the planned Technical Specification: MPAI-MMM Architecture. Three documents are attached to this Call for Technologies:

- Use Cases and Functional Requirements: MPAI Metaverse Model - Architecture.

- Framework Licence: MPAI Metaverse Model - Architecture.

- Template of Responses: MPAI Metaverse Model - Architecture.

The document takes a multiple agency as well as a citizen-centric viewpoint. It provides guidance on:

- smart city ecosystem privacy protection;

- how standards can be used at a global level and at an organizational level for the benefit of citizens; and

- processes for smart city ecosystem privacy protection.

This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations that provide services in smart city environments.

This document specifies an interoperable, open and extensible information structure for recording PII principals' consent to PII processing. This document provides requirements and recommendations on the use of consent receipts and consent records associated with a PII principal's PII processing consent, aiming to support the:

- provision of a record of the consent to the PII principal;

- exchange of consent information between information systems;

- management of the life cycle of the recorded consent.

This document provides privacy engineering guidelines that are intended to help organizations integrate recent advances in privacy engineering into system life cycle processes. It describes:

(1) the relationship between privacy engineering and other engineering viewpoints (system engineering, security engineering, risk management); and

(2) privacy engineering activities in key engineering processes such as knowledge management, risk management, requirement analysis, and architecture design.

The intended audience includes engineers and practitioners who are involved in the development, implementation or operation of systems that need privacy consideration, as well as managers in organizations responsible for privacy, development, product management, marketing, and operations.

This document specifies controls which shape the content and the structure of online privacy notices as well as the process of asking for consent to collect and process personally identifiable information (PII) from PII principals.

This document is applicable in any online context where a PII controller or any other entity processing PII informs PII principals of processing.

This document gives guidelines for:

- a process on privacy impact assessments, and

- a structure and content of a PIA report.

It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations. This document is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII.

ISO/IEC 29100:2011 provides a privacy framework which

- specifies a common privacy terminology;

- defines the actors and their roles in processing personally identifiable information (PII);

- describes privacy safeguarding considerations; and

- provides references to known privacy principles for information technology.

ISO/IEC 29100:2011 is applicable to natural persons and organizations involved in specifying, procuring, architecting, designing, developing, testing, maintaining, administering, and operating information and communication technology systems or services where privacy controls are required for the processing of PII.

This document provides a framework for identifying and mitigating re-identification risks and risks associated with the lifecycle of de-identified data.

This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, that are PII controllers or PII processors acting on a controller’s behalf, implementing data de-identification processes for privacy enhancing purposes.

This document provides a user-centric framework for handling personally identifiable information (PII), based on privacy preferences.

This document provides illustrative use cases, with associated analysis, chosen to assist in understanding the requirements of 31700-1. The intended audience includes engineers and practitioners who are involved in the development, implementation or operation of digitally enabled consumer goods and services.

The requirements for a systems/software engineering process for privacy-oriented considerations regarding products, services, and systems utilizing employee, customer, or other external user's personal data are defined by this standard. Organizations and projects that are developing and deploying products, systems, processes, and applications that involve personal information are candidate users of the IEEE 7002 standard. Specific procedures, diagrams, and checklists are provided for users of the IEEE 7002 standard to perform conformity assessments on their specific privacy practices. Privacy impact assessments (PIAs) are described as a tool for both identifying where privacy controls and measures are needed and for confirming they are in place.

The metaverse promises a host of bright opportunities for business, economics, and society. Though, a number of critical aspects are still to be considered and the analysis of their impact is almost non-existent. In this paper, we provide several contributions. We start by analysing the foundations of the metaverse, later we focus on the novel privacy and security issues introduced by this new paradigm, and finally we broaden the scope of the contribution highlighting some of the far-reaching yet logical implications of the metaverse on a number of domains, not all of them in tech. Throughout the paper, we also discuss possible research directions. We believe that the provided holistic view on the foundations, technology, and issues related to the metaverse (with a focus on security and privacy), other than being an interesting contribution on its own, could also pave the way for a few multidisciplinary research avenues.