The use of the metaverse can be very intrusive as the set of data processed in this environment increases exponentially. Any virtual environment is by design fully data-enabled and allows for a broader spectrum of information related to human activities to be processed. In particular, it may involve new categories of data with greater granularity and precision. For example, the diversity of biometric data collected is increasing through wearables or neural interfaces, but what is more interesting is the information being sought from these biometric data. VR glasses extract information from iris variations, and remotes that interface with the metaverse reveal postural changes, allowing analysis of emotional response. The “laws” of the metaverse will have to be contrasted not only with the GDPR, but also with the new regulatory proposals in the EU, the Digital Services Act, the Data Act, the Digital Markets Act, the Data Governance Act, the proposed AI Regulation, etc.