Linden Lab Official:Using Personal Data
Introduction
This guide gives a brief introduction to privacy considerations for Personal Data of Second Life Residents. It is not a replacement for reading applicable global privacy regulations, but it may guide you to make informed decisions that respect the privacy rights of Second Life Residents.
Privacy Rights of Second Life Residents
Data transferred outside of the Second Life service or its supporting websites is not exempt from protection under applicable data privacy laws. This applies whether data is collected by Scripted Agents, LSL scripts, or external tools. Access to the Second Life service and access to Personal Data of Second Life Residents are both conditioned on adherence to all applicable global privacy regulations governing the collection, storage, processing, or transmission of Personal Data. These laws include Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We recommend that you seek guidance from a privacy attorney for additional, updated information before using Personal Data of Second Life Residents outside of Second Life.
What is Personal Data?
To understand Personal Data, one first needs to understand Personally Identifiable Information.
Personally Identifiable Information, often abbreviated as PII, is information that is capable of identifying an individual user, account, computer, or household. Note that PII need not include the actual name of an individual. That the information can refer to any of the above alone or in conjunction with other data elements linkable with that information suffices to make it PII.
- Examples: A username, an agent ID, an IP address, or a tracking cookie are all examples of PII.
Personal Data includes all PII. Any additional information that one links to this PII also becomes Personal Data.
- Examples: When one of the above examples of PII is combined with the contents of a Resident’s profile page, their online status, their chat, or their in-world travel behaviors, the PII and the linked data all become Personal Data.
Understanding Personal Data in Second Life
After Residents consent to the Second Life Terms of Service and connected Privacy Policy, Second Life presents select information about Residents to each other within the Second Life environment. This presentation is for the sole purpose of facilitating interaction within Second Life. Without a separate agreement in place (for e.g. as a sub-processor or vendor), there is no default right that any third party has to collect, store, process, or transmit a Second Life Resident’s Personal Data outside of Second Life.
Third-Party Collection, Processing, or Storage of Personal Data
In order to collect, store, process, or transmit Second Life user Personal Data, you must satisfy all applicable global privacy regulations.
Please keep in mind that Second Life has a global customer base, and the applicable law usually is determined based on the Resident’s country or state of residence. Second Life does not disclose the location or state of residence of Residents. Third-party developers should seek counsel from a privacy attorney to obtain legal advice on complying with these laws before they use Personal Data of Second Life Residents.
Objecting to the Use of Personal Data
Linden Lab cannot govern activities that happen outside of the Second Life platform. Where Residents determine violations happen outside of Second Life, such as when Personal Data is presented on third-party websites without their consent, multiple options are available.
Every Resident is encouraged to begin by contacting the individual operating the site in order to achieve a peaceful resolution. This can take the form of a personal request using an email address they provide for this purpose, or by submitting a form (usually called a Data Subject Access Request) on their website to request your information to be removed.
Other options may include contacting regulators to file complaints against third-party websites, their hosting providers, or their content delivery networks where the site operator or hosting provider cannot be determined.
Residents of California can learn about their options here: [1]
Residents of the European Union and the UK can learn about their options here: [2]