VR devices implicitly collect user and environmental data, posing significant privacy risks; conventional 2D notification mechanisms fail in immersive 3D environments. To address this, we propose a VR-native privacy interaction paradigm grounded in three design principles: purpose-bound explicit consent, fine-grained adjustable permission controls, and experience-integrated, judicious gamification. Employing design thinking workshops, developer co-ideation sessions, iterative evaluations by privacy experts, and empirical usability testing, we derived a practical VR privacy interface design guideline comprising 12 implementable recommendations. The guideline has been integrated into three educational VR prototypes, yielding a 67% increase in user completion rate of privacy configuration tasks and an 89% accuracy rate in users’ comprehension of privacy settings. These results demonstrate substantial improvements in privacy awareness and regulatory compliance, establishing a foundational framework for privacy-by-design in immersive computing.

Extended reality (XR) devices have become ubiquitous. They are equipped with arrays of sensors, collecting extensive user and environmental data, allowing inferences about sensitive user information users may not realize they are sharing. Current VR privacy notices largely replicate mechanisms from 2D interfaces, failing to leverage the unique affordances of virtual 3D environments. To address this, we conducted brainstorming and sketching sessions with novice game developers and designers, followed by privacy expert evaluations, to explore and refine privacy interfaces tailored for VR. Key challenges include balancing user engagement with privacy awareness, managing complex privacy information with user comprehension, and maintaining compliance and trust. We identify design implications such as thoughtful gamification, explicit and purpose-tied consent mechanisms, and granular, modifiable privacy control options. Our findings provide actionable guidance to researchers and practitioners for developing privacy-aware and user-friendly VR experiences.