Jaburg Wilk


Does Pokémon GO Lure You in With a Dangerous Privacy Policy and Terms of Use?

Categories: Internet and Technology, Article

Pokemon Go's privacy policy and terms of use reviewed by attorneys

For years, we have been lamenting that our young people spend too much  time indoors playing computer games and not enough time outside or connecting with others.  Yet, those same critics now condemn young Pokémon Go players who venture out on Pokémon hunts for a myriad of perceived sins including inattentiveness and irresponsible behavior. Critics also revel in slamming Niantic, Inc., the maker of Pokémon GO, for creating another game purportedly aimed at tracking its players' every move and profiting from the data created by each player.

After stripping away the media hype, what's left is a genuinely fun game that encourages its players to trek around that has a Terms of Use and a Privacy Policy that are quite typical of games of its  type  and  no  more  onerous  than  any  of  the  popular  social  media  sites. So, what provisions are in the Terms of Use and Privacy Policy of Pokémon GO?   

Terms of Use

Pokémon GO's Terms of Use  (found at www.nianticlabs.com/terms/pokemongo/en and last updated on 07/01/16) are pretty standard.  Arguably, the most privacy concerning provision found here is Niantic's requirement that users sign up with an existing Google, Facebook, or other "pre-existing third-party accounts" that Niantic allows. Niantic creates each user's account "by extracting from your ... account certain personal information (such as your email address) "that the user's privacy settings permit. This basic account information grab is no more intrusive than what many other mobile apps require for use.

For parents and others worried about children signing up and playing the game, Pokémon Go requires that the parents of children under 13 "register with The Pokémon Company International, Inc. "before an underage child's account can be created. This is pretty standard and is designed to comply with the parental consent  requirements  found  in  the federal  Children's Online Privacy Protection Act (COPPA) and certain European data protection laws.

Privacy Policy

pokemon go privacy policy review

Niantic's Privacy Policy (found at www.nianticlabs.com/privacy/pokemongo/en and  last updated  on  07/01/16)  contains  certain  provisions  that  some  in  the media  and elsewhere  have bemoaned but which are somewhat typical of mobile games these days. 

First, like many other apps, Niantic  collects  personally identifying  information  or "PII" from each user which "can be used to identify or recognize you (or your authorized child)." Like in the Terms of Use, the Privacy Policy specifies that collected PII will include things such as a user's "Google email address ...and/or your Facebook registered email address. "A user's privacy settings with those platforms determines what information Niantic  will  gain  access  to. Niantic also collects other information such as user names and messages sent to other Pokémon GO players.

Second, like nearly every website online, Niantic uses "automated data collection tools such as Cookies" to tell when and how users are using Pokémon GO.  Niantic's servers also automatically record "Log Data" which could include "a User's  Internet  Protocol  (IP)  address, user agent, browser type, operating system" and other information.  All of this data, the Privacy Policy states, is collected primarily so Niantic can provide and improve its services. With mobile devices, Niantic collects information such as " a device identifier, user settings, and the operating system of your (or your authorized child's) device, as well as information about your use of our services while using the mobile device." Again, none of these types of information grabs are anything new or more intrusive than most other apps or mobile games these days. 

Third, Niantic unsurprisingly collects location information (Pokémon GO is after all, an augmented reality game which relies on and is primarily about player location). Niantic collects and stores each user's location information using each  device's  cellular,  Wi-Fi,  and/or  GPS signals. When Pokémon GO players "take certain actions during gameplay, [their] user name and location may be shared through the App with other users who are playing the game." Here too, Niantic's ability to know a user's location is no more intrusive than any other mobile app or game a user gives permission to track them through.

tracking location

Next is the provision that's seemingly attracted the most attention in the  media  after location data – the sharing of user data with third parties. The Privacy Policy states that Niantic "may share aggregated information and non-identifying information with third parties for research and analysis, demographic profiling, and  other  similar  purposes." Niantic admits that the information collected from users,  including  PII, "is  considered  to  be  a  business  asset." This should not surprise anyone.  Like most mobile app developers, Niantic is a business that wants to generate revenue and be profitable. As such, no one should be surprised if Niantic shares or sells its user data  to  companies  like  Starbucks,  McDonalds,  or  any  other  businesses  that  will  pay  to market and sell products and services to mobile game users, based on their location or otherwise. 

Overall, there is nothing in either the Terms of Use or Privacy Policy that most Pokémon GO players haven't already agreed to many times over through the use of websites, other mobile apps  and  mobile  games.  In  2016,  it  would  be  naïve  to  expect Niantic  or  any other  mobile  app provider not to  provide  or  sell  anonymized  user  data to third  parties  as marketing  demographic information or for other purposes.  There may not be much privacy left in the digital age, but if any  Pokémon  GO  users  or  potential  users  don't  like  Niantic's Terms  of  Use  or  Privacy  Policy, there's  still  the  choice  of  simply  not  downloading  or playing  the  game.  While players may be lured in by the fun of playing Pokémon GO, the only legal lures are standard ones.

About the Authors:

Maria Crimi Speth is a shareholder and intellectual property attorney at the Phoenix law firm of Jaburg Wilk. As chair of their intellectual property group, she has expertise in copyright law, trademark law, and Internet law.  She focuses on litigation involving intellectual property rights and First Amendment rights. Ms. Speth is  the  author  of  the  book, Protect  Your  Writings: A  Legal  Guide  for  Authors.

Michael B. Dvoren is an intellectual property attorney at the Phoenix law firm of Jaburg Wilk, where he assists clients with various intellectual property matters, including protection, enforcement, litigation and transactions.  Both he and Maria assist clients with preparing terms of use and privacy policies.