Emory Law Journal


Jesse Lake


Virtual reality (VR) consists of technology that injects users into a virtual world and will allow users to interact on an unprecedented level of cyber intimacy. VR technology is at a consumption tipping point as the technology is now cheaper and more accessible than ever before. Given the possible applications of VR in professional and business settings, some users will use their true name and likeness to interact with others, creating an effective extension of their person into the virtual world. By injecting their real identity into VR, these users are subject to risks of identity misappropriation—or the unauthorized use of their name and likeness by others. While identity misappropriation is already a sizeable problem in current social media interaction, VR is poised to exacerbate the issue. Unlike current social media identity misappropriations that yield only fixed media such as still photos, short videos, and written thoughts, when a VR identity is appropriated the thief can both create new content and continually interact with other people as the stolen identity. The problem is further intensified by other factors such as the real-time interaction between users, sophistication of perpetrators, and increased user investment in their virtual identity. As it stands, the current substantive legal framework for redress of online identity misappropriation amounts to a web of inconsistent privacy laws leaving gaps in protection for the millions of users that log onto the VR servers. These inconsistencies are substantially caused by procedural barriers brought about by dated Internet laws. These procedural barriers include Internet personal jurisdiction, strong judicial preference toward protecting the anonymity of anonymous online users, and sweeping immunity for Internet Service Providers (ISP). Together, these barriers leave plaintiffs without a defendant to sue: Anonymity and personal jurisdiction laws make enforcement against the appropriator virtually impossible, and ISP immunity prevents the plaintiff from suing the VR provider. This Comment will argue for the lifting of these procedural barriers to give victims of VR identity misappropriation the opportunity to bring their claim to court. The proposed solutions include reworking personal jurisdiction precedent, adopting a plaintiff-friendly John Doe subpoena standard, and rewriting the Communications Decency Act to both reduce immunity and establish a victim compensation fund. Implementing these proposals will deter VR identity thieves from committing future misappropriations and incentivize VR providers to police their own products.