In a letter addressed to Oculus CEO Brendan Iribe, Franken requested that the company provide answers to the following six questions:
1. Oculus has stated that it automatically collects users’ location information. Is this collection necessary for Oculus to provide services? Are there any other purposes for which Oculus collects this information? Does Oculus share this information with third parties, including its “related companies”, for any other purpose than the provision of services?
2. Oculus has stated that it automatically collects users’ physical movements and dimensions. Is this collection necessary for Oculus to provide services? Are there any other purposes for which Oculus collects this information? Does Oculus share this information with third parties, including its “related companies”, for any other purpose than the provision of services?
3. Oculus has indicated that it stores communications among Oculus users and any information associated with such communications. Is this retention necessary for the provision of services? And for how long will Oculus retain the data?
4. Given that the data-sharing relationship between Oculus and its related companies is not readily apparent to Oculus’ customers, in your view, which company is responsible for providing information about this relationship to consumers? Which company is responsible for providing security information to consumers?
5. Oculus has indicated that it shares de-identified and aggregate data with others for any purpose. Does Oculus currently sell this information to third parties? Can you specify the purposes for which you d share or sell such data?
6. Oculus s privacy statement provides the following with respect to information security: “[N]o data transmission or storage can be guaranteed to be 100% secure. As a result, while we strive to protect the information we maintain, we cannot guarantee or warrant the security of any information you disclose or transmit to our Services and cannot be responsible for the theft, destruction, or inadvertent disclosure of information.” What precautions does Oculus currently have in place to ensure the security of consumers’ data?
Franken summarizes the promptings that led him to seek these answers from Oculus in this paragraph:
In addition to collecting information provided by consumers, Oculus automatically collects information when the consumer uses Oculus’ services. Information about consumers physical movements and dimensions, as well as location data, can be shared with “other companies that are within the family of related companies that Oculus is a part of. The company’s privacy statement also indicates that Oculus may share de-identified or aggregated data with others for any purpose. Furthermore, the information Oculus collects can be shared with third parties to directly market products to consumers on or off Oculus’ platform. When done appropriately, the collection, storage, and sharing of personal information may enhance consumers’ virtual reality experience, but we must ensure that Americans very sensitive information is protected.
In the letter, Iribe is given an informal deadline of May 13 to respond to these questions.
Franken has served as the junior senator from Minnesota since 2009. Some of the most notable moments in his career have occurred over technological issues and many of his stances on those matters had to do with his commitment toward protecting personal privacy.
In 2014, Franken voted against the infamous Cybersecurity Information Sharing act. In a speech from the senate floor he explained his refusal to support the bill by declaring:
“…It is critical that, in deciding how to protect our information networks, we also continue to protect the fundamental privacy rights and civil liberties of Americans.
In short, there is a pressing need for meaningful, effective cybersecurity legislation that balances privacy and security.
…Since this legislation was first introduced, I – and a number of my colleagues on both sides of the aisle – have raised serious concerns about the problems the bill presents for Americans’ privacy and for the effective operation of our nation’s cyber defense.”
Sending this letter, therefore, seems directly in line with Franken’s typical method of operation as a senator. We’ve reached out to Oculus for comment and will update you if they respond, or if Iribe answers these questions transparently.