Senator Al Franken Says Rift Privacy Policy Is No Laughing Matter And Wants A Formal Response From Oculus

Former Saturday Night Live comedian and current U.S. Senator Al Franken (D-MN) has some concerns with the Oculus Rift's privacy policy and whether or not all the data collection taking place is truly necessary for the VR headset to function. He jotted those concerns down in an open letter to Oculus CEO Brenden Iribe and requested that he respond by May 13, 2016.

"When done appropriately, the collection, storage, and sharing of personal information may enhance consumers' virtual reality experience, but we must ensure that Americans very sensitive information is protected," Franken wrote in his letter.


The Rift's privacy policy has come under scrutiny now that headsets have begun shipping out to consumers. There's quite a bit of rhetoric contained in the Rift's terms and conditions that has some people feeling uneasy, such as the sharing of information about consumers' physical movements and dimensions, along with location data, with third-party outfits "within the family of related companies that Oculus is a part of."

Here's the list of questions Franken wants Iribe to address by next month:

1. Oculus has stated that it automatically collects users' location information. Is this collection necessary for Oculus to provide services? Are there any other purposes for which Oculus collects this information? Does Oculus share this information with third parties, including its "related companies", for any other purpose than the provision of services?

2. Oculus has stated that it automatically collects users' physical movements and dimensions. Is this collection necessary for Oculus to provide services? Are there any other purposes for which Oculus collects this information? Does Oculus share this information with third parties, including its "related companies", for any other purpose than the provision of services?

3. Oculus has indicated that it stores communications among Oculus users and any information associated with such communications. Is this retention necessary for the provision of services? And for how long will Oculus retain the data?

4. Given that the data-sharing relationship between Oculus and its related companies is not readily apparent to Oculus' customers, in your view, which company is responsible for providing information about this relationship to consumers? Which company is responsible for providing security information to consumers?

5. Oculus has indicated that it shares de-identified and aggregate data with others for any puipose. Does Oculus currently sell this information to third parties? Can you specify the purposes for which you d share or sell such data?

6. Oculus s privacy statement provides the following with respect to information security: "[N]o data transmission or storage can be guaranteed to be 100% secure. As a result, while we strive to protect the information we maintain, we cannot guarantee or warrant the security of any information you disclose or transmit to our Services and cannot be responsible for the theft, destruction, or inadvertent disclosure of information." What precautions does Oculus currently have in place to ensure the security of consumers' data?

Oculus is owned by Facebook, the world's largest social network, and some of the data collection seems to be more suited for a social service than a VR headset. In a recent email to UploadVR, Oculus addressed some of the concerns that have been brought up.


"Facebook owns Oculus and helps run some Oculus services, such as elements of our infrastructure, but we’re not sharing information with Facebook at this time. We don’t have advertising yet and Facebook is not using Oculus data for advertising," Oculus said.

Oculus also indicated that it's trying to "create the absolute best VR experience for people," and that the data it's collecting is used for that purpose.