Augmented reality: legal issues to consider

Augmented reality explained

The essential feature of augmented reality or AR technology is that it builds on the world around us, adding discrete virtual features to our surroundings. AR therefore differs from virtual reality, which is an entirely artificial experience, with nothing imported from the user’s environment. Currently, a common way in which AR is deployed is using the camera of the user’s smartphone – when the camera is pointing at a real person, object or physical space, on the phone the user sees the same view with additional items added onscreen.

One example of AR is the ‘filter’ function on the Snapchat app for smartphones, where the user can see their own face with digital effects superimposed – sunglasses, a moustache, an angelic halo and so on. A more practical use of AR is one already integrated with some GPS / ‘sat nav’ services, whereby when a road user wants a suggested route for driving to a destination, a display in their car might show the road ahead as seen by the naked eye, but with a superimposed layer of virtual arrows and signage to assist with navigation.

AR tech is likely to become much more widespread in the near future, and Apple are already backing it with their new toolkit for app developers to assist with AR integration, so we can expect to see a proliferation of AR across many sectors and contexts. Those working on AR tools should, however, be mindful of the potential for conflict with various areas of law, especially where legislation may not have caught up with what seems to be common practice, or where users behave in unpredictable ways while using AR tech.

The makers of the AR game Pokémon Go added a warning notice instructing users not to trespass, following various reports of players venturing onto private property while engrossed in the app. More recently in Wisconsin USA, the Milwaukee County Park department sought to create a requirement for the developers of such games to obtain a permit before drawing players to their parks with AR interactions, as the increased footfall was leading to increased maintenance and clean-up costs. This measure was met with a still-ongoing legal challenge from a developer working on a location-based poker game, arguing that this would be a violation of the First Amendment right to freedom of speech.

Below, we explore the key points of English law which should be considered by those working on AR functionality.

Intellectual property (IP)

The source code and object code underlying AR apps will, provided it is original, qualify for copyright protection as a literary work.  Businesses need to take steps to ensure that they own the copyright in any such code that is produced for them, for example, by employees, consultants, or independent agencies.  They also need to be careful to ensure that they do not reproduce code that has been written by others, unless appropriate licences have been obtained.

Although computer software as such is excluded from patentability in the UK, inventions utilising AR that produce a technical effect, and the hardware used to generate AR may be protected by patents.  As a result, businesses need to be aware of patents owned by third parties in relation to the field of AR so that they can ensure that they do not infringe them or so they can obtain appropriate licences.  Equally, where a business makes new technical developments in relation to AR they should consider whether they may be eligible for patent protection.

Meanwhile there also is the potential for the digital components of AR to be protected under IP laws:

• Images, text, and sounds used in the digital overlay may be protected by copyright.
• If the AR experience is built using a database of information about the real world, that database may also be protected by copyright or the separate EU database right.  In the case of location-based AR it is important to remember that copyright protection also extends to maps.
• Distinctive words, logos, and other AR assets may be registerable as trade marks.
• The makers of an AR experience may be able to rely on the law of passing off if another company’s AR experience incorporates components that are too similar to their own.

There is another level of IP to consider with AR. When an AR technology is incorporating the real world into what it generates for its users, this means the intellectual property of others may be incorporated too, and this could give rise to infringement claims, particularly where AR replicates, distorts or replaces trade marks or copyright protected works – for example, copyright infringement could occur if an app encourages users to take images of an artistic work, or trade mark infringement if an app utilises third party logos captured on camera to trigger features within the app.

Lastly, there may be a temptation for AR effects to borrow from an established phenomenon that has traction with consumers – for instance, effects based on distinctive music, characters or other recognisable features from a major film or TV series. As always, any such materials should only be used with the consent of the owner of the intellectual property rights in relation to such materials, and businesses should ideally ensure that they have a written licence agreement, whose terms cover the full extent of the planned use of the material in AR.

User Generated Content

It is possible that a particular AR technology may have some degree of functionality around user generated content (UGC), where a user can produce elements like text or imagery that are then shared with other users. It may be an appealing feature of AR to allow users to contribute their own effects, but this gives rise to additional legal issues.

One example might be for an AR tool which ties UGC to real-world locations. If users can “tag” a location with their own labels or photos, this could lead to disclosure of personal information (like an individual’s address being identifiable by other users), or damage to a business due to its location being tagged with undesirable and/or misleading content.

Ideally, the business responsible for the AR technology will have a section of its terms and conditions or end-user license agreement dedicated to UGC. Here the business can establish the position on liability for UGC which infringes third-party rights or is otherwise unlawful (although the business may still find itself in a position where it is liable, particularly if it does not promptly delete any UGC which infringes a third party’s rights that is drawn to its attention). It may also deal with the treatment of IP in UGC – ordinarily the business will be granted a broad license to use UGC – and deal with whether the business can edit or delete UGC.

UGC can also create reputational risk for a business.  Before UGC is utilised by a business, in an AR app or related marketing material, it is always sensible to establish procedures for vetting the content. The dangers of an automated system for utilising UGC are well illustrated by two recent marketing campaigns by Walkers Crisps and the National Lottery where official Twitter accounts automatically produced images incorporating UGC. In each case, this led to the official account tweeting offensive and controversial messages submitted by users.

Data Protection

Returning to the issue of personal data briefly mentioned above, it should be noted that AR is likely to involve extensive collecting and handling of personal data. There are several categories of personal data collected by many kinds of apps and tech platforms such as name, e-mail address and age. AR can go even further, and the full extent of data captured will vary, but by way of example it may be tracking an individual’s location in real time, capturing their appearance, identifying items that they purchase, or how often they interact with other users. Often in order to add the augmented layer of AR, it will be necessary not only to capture but also to analyse and process a wealth of personal data, so businesses deploying AR should consider the steps that they must take to ensure compliance with data protection law.

Most businesses will address a number of these obligations by way of a privacy policy. This may cover the information they collect, the ways the business uses that information, any sharing of it with third parties which may occur, whether the information may be transferred to other countries, measures in place for securing the information and the rights which the data subject has in respect of information about them. When there is an existing privacy policy, this may need to be updated with any relevant changes following the introduction of the AR technology, and businesses should consider whether users should be asked to give their consent, even if they gave consent previously. 

Given that the General Data Protection Regulation (GDPR) is coming into force in May 2018, with many changes which will raise the bar for how to collect and process data lawfully, AR developers should be informed on the obligations which will be applicable. AR enables the gathering of extensive datasets, but will this data be kept accurate? Is the data collection limited to what is necessary for the stated purpose, and is that purpose one which is legitimate? Is the data stored in identifiable form, and if so, for how long? Did the development of the AR technology adhere to a “privacy by design” approach and ensure “privacy by default”? What plans are in place for any security breaches leading to leaking of personal data? GDPR presents many pitfalls, especially where a developer seeks to address these questions only after completing their product.

The future

Future legal reform will inevitably disrupt existing AR technology to some degree, and it could potentially lead to frustration among consumers, especially if compliance requires a sweeping overhaul of the user experience. For now, the best approach for developers is to ensure they obtain detailed advice at an early stage on the laws currently in place, and the steps they should take to comply with them.

This article was written by Sam Collingwood, Trainee Solicitor. Fore more information, please contact Sam on +44 (0)20 7427 6507 or at sam.collingwood@crsblaw.com.