Accountability in the Metaverse Through Blockchain and FinTech

Data is growing exponentially. The global volume of data created, captured, copied, and consumed is projected to reach 182 zettabytes (ZB) by 2025, and by 2028, it is expected to further grow to a massive 394 ZB, according to Statista.

Increased digital activity is the primary driver of this ballooning data volume. Still, this growth is far from complete. 

With the metaverse poised to expand as a mainstream platform for social interaction, entertainment, healthcare, education, commerce, and remote work, data will not only continue to grow but also create new challenges.

In the immersive environment of the metaverse, which is being seen as the next phase of the internet’s progression, massive amounts of personal and non-personal data are converging. This includes biometric data (gestures, heart rate, eye movements, face geometry, fingerprints, and voiceprints), spatial data (geolocation and room mapping), and behavioral data (interactions, emotional responses, and spending patterns).

However, there are currently no responsible mechanisms for researchers and regulators to access and govern all this quality and sensitive data.

This lack of an effective process is particularly urgent for FinTech and disruptive technologies, such as blockchain, decentralized governance, and token-based economies, which can transform these challenges into financial issues and market integrity concerns, thereby extending them beyond the realm of just legal or privacy matters.

A new study¹ called “Augmented Accountability: Data Access in the Metaverse” aims to address this very pressing challenge by proposing a regulatory approach to responsibly govern the unprecedented data flows generated by virtual environments.

The Metaverse: A New Frontier of Data and Risk

Virtual, three-dimensional (3D) spaces have long permeated the gaming and social world, but it was during the COVID-19 pandemic in 2020 that technological advances and societal transformations pushed the metaverse to the forefront, into mainstream discourse.

While still in development, the majority of experts believe the metaverse will be fully immersive by 2040, becoming a well-functioning aspect of our daily life and benefiting different aspects of society.

But what is it exactly? Well, the metaverse is simply the convergence of digital and physical in a persistent 3D environment. It is a virtual world where users engage in various activities and experiences.

The merge creates vast and diverse streams of data, producing significant opportunities as well as complex challenges. 

When it comes to opportunities, the virtual economies enable new forms of exchange, commerce, and asset creation. For instance, virtual goods like avatars, digital real estate, and NFTs create entirely new asset classes. 

Just like in the physical world, the virtual world also has roles like virtual architects and digital fashion designers, leading to new ones like streamers and in-game service providers. Businesses, meanwhile, can monetize through microtransactions and virtual services.

Furthermore, play-to-earn (P2E) models make for a suitable way to enable income generation in such emerging economies. By merging virtual economies with blockchain tech, this system allows players to consume virtual experiences while creating value, earning a living through digital assets and NFTs, and contributing to the economy.

With virtual economies having no physical boundaries, users from all over the world can build communities, economies, and governance structures around shared interests, regardless of their location or background. Here, decentralized autonomous organizations (DAOs) can help them with collective ownership and decision-making.

Businesses in the physical world can actually use the metaverse as an experimental ground to test new products and economic models before implementing them in the real world.

So, there are clearly a lot of opportunities available in the virtual realm, but they aren’t risk-free. 

The persistence of digital avatars and digital assets presents unique challenges. For instance, correlating eye-tracking data with users’ spending behavior can lead to potential financial profiling, discrimination, and exploitation. Businesses may also engage in predatory marketing and manipulate prices. 

A deceased person’s avatar or digital legacy may even be leveraged to influence social interactions, virtual economies, or governance decisions. Frauds, scams, virtual asset bubbles, and exploitation of low-income workers present other risks. 

So, while the metaverse promises to open up new and exciting opportunities for innovation and inclusion, it also poses risks of inequality and abuse if left unchecked.

Regulated Data Access (RDA): The Study’s Central Proposal

All the different services and activities in the metaverse generate a wide range of personal, non-personal, and native data. 

As the latest study noted, personal data reveals individual behaviours and vulnerabilities, while non-personal data enables analysis of broader trends and threats, and metaverse-native data offers new insights into user-platform interactions. Together, they present valuable opportunities for studying systemic risks, but that requires navigating the ethical, legal, and technical challenges of working with such sensitive information to ensure safety without increasing the risk of data breaches.

So, how can data in the metaverse be accessed responsibly?

Giancarlo Frosio, a professor of Intellectual Property and Technology Law and Director of the Global Intellectual Property and Technology (G-IPTech) Centre, School of Law, Queen’s University Belfast, has proposed a regulatory approach called Regulated Data Access (RDA).

RDA builds on the European Union’s Digital Services Act (DSA), Article 40. The Act mandates that providers of Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) must give vetted researchers access to their data.

With this data access, the authorities aim to enable the detection, identification, and deeper understanding of systemic risks that are posed to society through the online world, within the EU. It also intends “to create a safer digital space where the fundamental rights of all users are protected.”

To access this data, though, researchers need to be vetted, which requires them to meet specific criteria, including being affiliated with a research organization, being independent of commercial interests, and committing to making their research results publicly available. 

So, Article 40’s RDA introduces an unprecedented level of transparency and oversight for VLOPs and VLOSEs. This enhances the safety of digital platforms by making sure that they adhere to their obligations, cannot misrepresent or obscure the realities of their risk assessments, and hold them accountable for their actions.

While the metaverse platforms like Horizon, Fortnite, Microsoft (MSFT -0.63%) Mesh, Second Life, and Decentraland (MANA +0.49%), or enterprise XR (extended reality encompasses VR, AR, and Mixed Reality (MR)) suites are not covered here, the provisions for regulated data access can still apply to the metaverse with little adjustments. 

The researchers argue that these platforms may qualify as VLOPs or VLOSEs and become subject to the DSA’s data access rules.

When applied to the metaverse, RDA can serve as a transparency mechanism to mitigate fraud, money laundering, market manipulation, and behavioral exploitation. For FinTech ecosystems, such accountability tools can help reduce systemic risks and reinforce user confidence in virtual space and digital asset markets.

Blockchain and Decentralization: A Double-Edged Sword

The promise of a digital frontier where individuals can immerse themselves in boundless virtual experiences comes in two forms, centralized and decentralized metaverses.

In a centralized metaverse, such as Meta (META -2.65%) and Roblox, a single entity controls the entire platform, such as Meta (formerly Facebook), in the case of online virtual reality game Meta Horizon Worlds.

This means one organization or individual is in charge of the entire virtual realm and everything within it. Everything from setting rules, dictating operations, and owning servers to managing data and monetizing through their systems, they control it all.

The assets, like skins and currency, of such a metaverse are platform-specific and locked within their ecosystem. This means that a Roblox item won’t work in Horizon Worlds and vice versa. So, interoperability is extremely limited here, if any, preventing users from moving freely between ecosystems with assets.

In contrast, the Web3 metaverse, like Decentraland and The Sandbox (SAND -0.07%), is decentralized. Instead of the single entity controlling the assets of tens of millions of users, it is the user who has full control over their own assets. Built on blockchain, items, land, and avatars are represented by NFTs or tokens here, which can be truly owned by users.

Being on-chain, assets can theoretically move across different worlds, though development is still ongoing to remove the fragmentation and make interoperability possible in practice.

Users don’t log in with centralized accounts like Facebook either, but with crypto wallets where user identity is pseudonymous and not controlled by the platform.

The openness and lack of a central authority in the decentralized metaverse, however, make RDA more challenging. For starters, data is fragmented, and combining multiple data sources may be technically complex for researchers to access. The pseudonymity of the sector further makes it hard to study demographics, communities, or behavioral patterns accurately.

But at the same time, this creates new opportunities through smart contracts and DAOs.

Using the self-executing smart contracts to encode the rules for data access can automate compliance, while the transparency of blockchain can provide tamper-proof audit trails. Instead of relying on corporate disclosure, regulators and researchers can access and verify the authenticity of data by themselves. Also, their data usage can be tracked and held accountable.

DAOs here can act as community-driven data stewards. The broad community gets to vote on who can access and for what purposes, which gives participants a say in how their data is used.

This way, blockchain can reshape data governance in immersive economies, much like how it transformed banking transparency and improved trust, enhanced accountability, and democratized the financial ecosystem.

Global Regulatory Gaps

With data protection and privacy becoming increasingly critical, regulators around the world have introduced measures to secure online environments and support the sustainable growth of the digital economy.

In the EU, the DSA represents the most advanced framework, which has explicitly mandated RDA. It covers a broad range of digital services, including online intermediaries and hosting services, while having specific obligations for VLOPs.

While the DSA doesn’t clearly define the scope of data covered, it refers to ‘confidential information,’ which suggests this access may include private datasets as well.

Moreover, under the Act, researchers are qualified as vetted through the Digital Services Coordinator (DSC), which then submits a request to the platform specifying data, purpose, and timeframe. The platform can propose some amendments and then offer functionally equivalent access, which, upon approval, is granted. The access ends when the conditions lapse.

In the UK, the Online Safety Act (OSA) prioritizes transparency. The focus of OSA is on content moderation, with its aim being to protect users from harmful and illegal content, such as cyberbullying and child exploitation. It requires platforms to have robust systems in place to identify, report, and remove such content. However, it lacks comprehensive provisions on data access for transparency and research purposes. It is also silent on RDA.

In the US, the Platform Accountability and Transparency Act (PATA) is proposed with the main goal of bolstering transparency and accountability on social media platforms by having them disclose specific data and operational practices. By giving the public access to advertising libraries and transparency reports, the Act aims to increase public visibility into the activities of the platform and address pressing issues like platform bias, misinformation,  and the societal impacts of algorithmic amplification.

Currently in draft, PATA also makes platform data accessible to vetted researchers, much like the EU’s DSA, but its scope is rather limited, mainly to large social media platforms, and relies on the FTC for enforcement.

As this shows, there is currently regulatory fragmentation in the global metaverse, which creates hurdles for the growth of the virtual economy. Requiring businesses to comply with a multitude of regulations, which can sometimes be in conflict with each other, increases costs and inefficiencies, in turn, affecting their ability to operate and innovate. 

The regulatory uncertainty also dampens economic activity and erodes trust. Since FinTech thrives on cross-border liquidity and interoperability, harmonized global standards are needed to prevent loopholes and regulatory arbitrage and foster competition and collaboration to boost growth.

Why This Matters for Finance and Innovation

The concept of metaverse climbed to its peak of mainstream discussion when in Nov. 2021, the social media giant Facebook renamed itself Meta and announced a $10 billion investment to develop virtual experiences.

While the hype surrounding the metaverse has since died down, development is ongoing in this convergence of augmented reality (AR), virtual reality (VR), and the Internet. The metaverse economy is actually projected to grow to $1.5 trillion globally by 2030.

But of course, this massive opportunity comes with critical concerns about data breaches, user privacy, and cybercrimes. 

In the absence of accountability structures, the metaverse economy also faces systemic risks like financial manipulation in virtual markets, exploitation of biometric and/or behavioral data, and a loss of investor and consumer trust.

These risks, however, can be mitigated by reassessing the existing regulatory frameworks, with a focus on establishing clear and enforceable data access regulations. 

More importantly, by converging blockchain and RDA frameworks, the metaverse can help foster safer digital asset markets. 

Clear rules tend to also attract institutional investors. We saw this happen the past two years when the US Securities and Exchange Commission (SEC) finally approved Bitcoin (BTC +0.99%) Spot exchange-traded funds (ETFs), a decade and a half after BTC was created, as well as Ethereum Spot ETFs. 

Since they began trading, institutions have poured tens of billions of dollars into these investment vehicles. Bitcoin ETF issuers currently hold over $148 billion in total net assets, while $27.5 bln worth of assets are held by Ethereum (ETH +0.32%)  ETF issuers.

A recent survey by EY further revealed that concerns about volatility and regulatory clarity are key issues for investors globally. In light of this, the report said that emerging regulatory clarity is seen as the number one catalyst for growth of the cryptocurrency industry.

Attention and capital flow from institutions help boost innovation and infrastructure development. Moreover, combining blockchain with RDA can lead to new compliance-as-a-service FinTech solutions that are far more transparent, robust, and provide new revenue streams while embedding accountability.

Policy Recommendations & Future Outlook

Unlike static online platforms, the immersive nature of the three-dimensional metaverse introduces new dimensions of not only data types and user interactions, but also potential harms that current regulations are simply not equipped to address. 

For instance, granting access to data such as eye-tracking, spatial mapping, and behavioral patterns, which can provide valuable insights into user behavior, platform obligations, and systemic risks, presents challenges, including ensuring privacy, mitigating potential reidentification risks, and balancing competing stakeholder interests. 

To address these issues and the complexities of user consent in the metaverse, the paper offers several valuable recommendations.

For starters, metaverse platforms can adopt decentralized identity (DID) solutions and self-sovereign identity (SSI) models. This will give users greater control over both their personal data and digital identities. 

As the paper noted, through SSI and DIDs, metaverse users can dictate just how their data is used. What’s more is that they can revoke consent at any time.

Platforms can also provide users with verifiable credentials to manage their virtual identities and consent preferences across platforms and environments. Adoption of dynamic consent mechanisms, meanwhile, ensures that the level of consent required of users matches the level of their activity or interaction risk.

The integration of decentralized identity solutions and smart contracts can help make consent specific and revocable in real time, enhancing compliance, transparency, and auditability.

Implementing privacy-enhancing technologies has been described by the study as essential for enabling RDA in the metaverse. Such tech, it noted, balances platform interests, user privacy, researcher needs, and legal compliance.

In the metaverse, privacy-enhancing tools like secure multi-party computation (MPC), zero-knowledge proofs (ZKPs), homomorphic encryption, differential privacy, and confidential computing can safeguard user content while allowing for meaningful data analysis.

In addition to developing global standards for secure data catalogues and processing protocols, the study suggests recognizing RDA as a public-interest service, which is foundational to trust and resilience in digital finance.

Encouraging FinTech innovators to design compliance tools using blockchain infrastructures can further help operationalize RDA in the metaverse.

Conclusion: Toward Augmented Accountability

Data is the foundation of the digital world. And access to data is key to accountability in the metaverse. Accountability in any place, physical or virtual, promotes transparency, prevents the misuse of power, and establishes trust. For FinTech, accountability creates the condition for sustainable growth in the next trillion-dollar digital economy.

Now, if applied wisely, blockchain and other disruptive tech can align innovation with regulation, ensuring that the increasing convergence of virtual and real world evolves into a trusted financial and social infrastructure.

Click here for a list of top AR & VR stocks.

References:

^{1. Frosio, G., & Obafemi, F. (2025). Augmented accountability: Data access in the metaverse. Computer Law & Security Review, 59, 106196. (Version of Record), published 2025. https://doi.org/10.1016/j.clsr.2025.106196}