Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

US Senator has privacy concerns about Pokémon Go’s data collection

John Ribeiro | July 13, 2016
Al Franken wants to know how the data collected is used

The popularity of augmented reality smartphone game Pokémon Go has raised a variety of concerns, including a warning by the National Safety Council, urging drivers not to play the game behind the wheel and asking pedestrians to be careful while playing it.

U.S. Senator Al Franken, a strong privacy advocate, has raised the inevitable question about the privacy of the extensive data the game collects from its users, including children, and whether the data is used for other purposes.

"I am concerned about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users' personal information without their appropriate consent," Franken, a Democrat from Minnesota, wrote in a letter Tuesday to John Hanke, the CEO of Niantic, the developer of the game.

Citing recent reports and the privacy policy of Pokémon Go, Niantic appears to collect a broad swath of personal information from its players, according to the senator. Ranging from the user's general profile information to their precise location data and device identifiers,  "Niantic has access to a significant amount of information, unless users - many of whom are children - opt-out of this collection," Franken wrote.

Senator Franken wants to know whether all the information collected is necessary for the provision or improvement of services, or if there are any other purposes for which the data is collected. If some of the data is not not necessary for the provision of services, would the company offer an opt-in option to users for sharing that data, rather than the current opt-out choice.

The senator also wants to have the list of third-party service providers that Niantic says it shares data with in its privacy policy, and would like to know whether Pokémon Go also shares the data with its investors.

"Pokemon GO has further indicated that it shares de-identified and aggregate data with other third parties for a multitude of purposes. Can you more exhaustively describe the purposes for which Pokemon GO would share or sell such data?," he wrote.

Niantic ran into its first privacy issue earlier this week when it was disclosed that the game gave Niantic full access to a user's Google account when setting up a game account on iOS devices. The company later said it had discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user's Google account, but assured users that only basic Google profile information like user ID and email address were accessed. It said it was working with Google on a fix to ensure permission for providing only the basic account information.

In its privacy policy, Niantic has said that it complies with "verifiable parental consent requirements mandated by the Children's Online Privacy Protection Act (COPPA) and European data protection laws (including, without limitation, the Data Protection Directive)" through a verification and consent process handled by the Pokémon Trainer Club.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.