Pursuing Pokemon Go Characters
If you walked down the street during the past week, you probably saw more people than usual staring at their phones trying to “catch” Pokemon characters. An estimated 7.5 million people have downloaded the Pokemon Go mobile app since its launch during the first week of July.
Pokemon was a huge hit in the 1990s with multiple video games, card games and television shows. In the early part of July, the franchise has made a comeback with Pokemon Go. This augmented reality mobile app, developed by Niantic, uses a phone’s GPS and clock to detect a user’s location to make Pokemon characters “appear” in the person’s surroundings on a mobile phone screen. The successful player can then “catch” the characters. The mobile app is available as a free download.
A game that could threaten a player’s privacy
Through its enormous popularity, Pokemon Go has come under increased scrutiny and criticism about its privacy practices. A review of Pokemon Go’s initial privacy policy indicates that Niantic was authorized to collect user data that included:
- Email address
- IP address
- The web page a user visited prior to logging into Pokemon Go
- The username and a user’s location
Additionally, if a Google account was used to sign-in on an iOS device, Niantic had access to the user’s entire Google account including read and write access to a user’s email and Google Drive documents.
The game goes on, but Pokemon becomes less intrusive
The game’s privacy policy allowed sharing of this information with third-parties and law enforcement agencies which is usually standard with location-based mobile apps. It was the full access to a player’s Google accounts that critics described as unprecedented and unnecessary.
Following reporting on its privacy policy, Niantic acknowledged that this level of account access was unnecessary and blamed a “coding error” for it. The company has since stated that the settings will be modified to collect only a user’s unique player ID and email address.
Companies can learn a lesson from Pokemon Go about privacy
Besides collecting Pokemon characters, there is more to be learned from playing the game.
The privacy controversy is instructive in a couple of ways. First, it highlights the importance of privacy-by-design when creating a product.
A product’s design team should always consider privacy issues and even consult privacy counsel prior to the launch of a product. Pokemon Go has had an incredibly successful launch, but bad publicity from negative reporting on its privacy policy could halt its momentum as potential users question the developer’s commitment to privacy and protection of personal information.
Additionally, companies should limit access and collection of information to that which is necessary for its business purposes. Reputational harm and increased risk of legal liability can result from the unnecessary collection and storage of personal information.
As seen here, it took only a few days for the Pokemon Go frenzy to be the subject of reporting by the major media outlets, but for the wrong reasons. Instead of reporting about users catching Pokemon characters, the reports focused on the amount of data the developers were catching from users thanks to the game’s privacy policy.
If you have questions regarding cyber liability, data privacy or privacy policies, please contact Tim Hayes at McKenna Storer.