Pokemon Go: Go Privacy

Pokemon Go, the new location- based augmented reality mobile game developed by Niantic, has become vastly popular in a very short period of time. Some initial rough estimates suggest that more than 20 million people have signed up in the US. Some of the attention received has little to do with how engaging the game is and more with how privacy intrusive seems to be. The initial release of the app asked for access to the full Google account of the user: not only e-mails, but also Google drive, photographs and so on. This called for a lot of criticisms and pushed Niantic to fix the situation by releasing an updated version of the app.

To have a better sense of what Pokemon Go can actually collect about us, we read carefully the Privacy Policy – something that you should always do anytime you are downloading an app. Here some important extracts:

“[..] We will collect certain information that can be used to identify or recognize you (PII)”. “Specifically, because you must have an account with Google, Pokemon Trainer Club (PTC), or Facebook before registering to create an Account, we will collect PII (such as your Google email address, your PTC registered email address, and/or your Facebook registered email address) that your privacy settings with Google, PTC, or Facebook permit us to access.”

The Policy sounds a bit vague when it says that “certain information” that can be used to identify the user can be collected. What are those information? It then gives an example when it talks about e-mail addresses. But e-mail address is just one of the many information the app may be able to collect. The Privacy Policy specifies that “we will collect PII that your privacy settings with Google [..] permit us to access”. This means that if you want to impede the app to collect anything it can about you, a solution may be to restrict the app permissions by changing the privacy settings in your Google account.

Note that there will be certain information (like your location) that the app will need and continue to collect in order to provide you the service. We suggest you to read the Privacy Policy for more information.

Privacy Policy that apparently does not seem to satisfy everyone. In fact, the game’s privacy policy violates German privacy and consumers’ protection law. Niantic risks to be sued by the Federation of German Consumer Organisations (vzbv) for that. The reason is that some of the clauses in the game’s user terms and privacy policy do not comply with the German law. One of the most controversial clauses seems to be the one that grants Niantic the rights of giving users’ data away to third parties in vaguely described circumstances. The alternative is for the company to change the policy to adhere to VZBV requests. We are curious to see how the situation will evolve and whether Niantic will decide to “settle” or to fight for its (privacy) rights.