Pokémon Go, the augmented reality mobile location based game, has been taking the world by storm, but has been the source of some significant concern around the amount of personal data collected by the app, and how this may be shared. This is especially important because it is played largely by children.
Much of the early privacy concern focused around the fact that users appeared to be required to give Niantic, the San Francisco-based software company which developed the game, full access to their Google account (one of the main ways of registering in the game), which would include all their contacts and any documents stored in Google Docs. However, it was fairly quickly revealed that this was actually the result of a configuration error, which was rapidly corrected, and that Niantic did not make use of or try to access any of the extra information it didn’t need to verify the identity of the player. Nevertheless, even this short lived issue provides a valuable lesson in putting privacy thinking at the heart of the user experience design process.
The long term privacy issues with Pokémon Go however clearly focus on the location issue. Of course location based digital services have been around for at least as long as the smartphone itself. What is perhaps different about Pokémon Go, is that it is not simply collecting location data – but it is actively encouraging large numbers of people to visit particular locations where Pokémon can be caught. Yes there are big questions around the privacy concerns of sharing (selling) of location information with third parties, and those questions are already giving rise to investigations, notably in the USA and Germany.
The even more interesting question becomes: How are decisions made about where to place PokéStops, and PokéGyms? There is a huge potential here for a kind of targeted manipulation, the encouragement of particular audiences and profiles to visit specific locations. I would expect Niantic sees the potential in selling this capability, and I would be very surprised if on some level they are not already either doing it or thinking about doing it: Want to drive more visitors to your location? Pay for a particular Pokémon to make an appearance, a PokéStop or PokéGym designation, or your competitor will.
Then of course there are also the consequences of the location-specific aspects of the game. A family in Alberta, Canada, has initiated a class-action lawsuit against Niantic because their house is a PokéGym, and they don’t want their private property to be a destination for players. The Torrington woman said her home in the quiet hamlet northeast of Calgary has been inundated with unwanted visitors ever since her property was designated a Gymnasium. She has had no success in getting Niantic to do anything about it and is tired of strangers peaking into her windows. A Calgary lawyer filed the class action lawsuit in Court of Queen’s Bench on behalf of this family and any other Canadians facing a similar problem.
Pokémon Go is going to be an interesting privacy story for quite some time I think. Not simply because of its huge popularity, but the use of location data is only going to grow over the coming years, and the issues are only going to get more complex. The popularity of Pokémon Go and the huge data it generates, will almost certainly make it a pioneering proving ground for both the problems, and hopefully the solutions, relating to location privacy.
To learn more about best practices for respecting location or geolocation privacy, contact PRIVATECH.