Search form

Next Stop for Pokémon GO: Regulation & Litigation?

By Jeffrey M. Schlossberg and Jason C. Gavejian
  • August 1, 2016

The Pokémon GO craze has taken the world by storm, with estimated downloads of the digital game topping more than 75 million since the program became available on July 6. Apple has confirmed that it was the most downloaded app ever in its first week of availability.

When first offered, the game required users to grant permission not only to use a player’s smartphone camera and location data, but also to gain full access to the user’s Google accounts — including email, calendars, photos, stored documents and any other data associated with the login. Responding to a public outcry (including a letter from Minnesota Senator Al Franken), the game’s creator, Niantic, stated that the permission requests were “erroneous” and that Pokémon GO did not use anything from players’ accounts other than basic Google profile information. The company has since issued a fix to reduce access only to users’ basic Google account profile information. However, that has not prevented a call for Federal Trade Commission (FTC) oversight of Niantic’s data collection practices or a lawsuit against the company over its terms of service and privacy policy.

Privacy Policy

In a letter dated July 22, 2016, the Electronic Privacy Information Center (EPIC) wrote to the FTC requesting government oversight of Niantic’s data collection practices. EPIC is a non-profit public interest research center focusing public attention on privacy and civil liberties issues.

EPIC highlighted the following issues with Niantic’s privacy policy:

  1. Niantic does not explain the scope of information gathered from Google profiles or why this is necessary to the function of the Pokémon GO app.
  2. Niantic collects users’ precise location information through “cell/mobile tower triangulation, wifi triangulation, and/or GPS.” The Company’s Privacy Policy states Niantic will “store” location information and “some of that location information, along with your … user name, may be shared through the App.” The Privacy Policy does not indicate any limitations on how long Niantic will retain location data or explain how indefinite retention of location data is necessary to the functionality of the Pokémon GO app.
  3. With Pokémon GO, Niantic has access to users’ mobile device camera. The Terms of Service for Pokémon GO grant Niantic a “nonexclusive, perpetual, irrevocable, transferable, sublicensable, worldwide, royalty-free license” to “User Content.” The Terms do not define “User Content” or specify whether this includes photos taken through the in-app camera function.
  4. The Privacy Policy grants Niantic wide latitude to disclose user data to “third-party service providers,” “third parties,” and “to government or law enforcement officials or private parties as [Niantic], in [its] sole discretion, believe necessary or appropriate.” Niantic also deems user data, including personally identifiable information, to be a “business asset” that it can transfer to a third party in the event the company is sold. This issue has been identified as a particular concern to another non-profit organization – Common Sense Media, an independent organization focusing on children and technology. According to Common Sense Media, location information and history of children should not be considered a “business asset.”

Request to FTC

EPIC requested that the FTC exercise its authority to regulate unfair competition under the Federal Trade Commission Act (15 U.S.C. § 45) to prohibit practices by Niantic and other similar apps companies that fail to conform with FTC’s Fair Information Practices and the principles in The White House 2012 report, “Consumer Data Privacy In A Networked World.”

According to EPIC, Niantic’s unlimited collection and indefinite retention of detailed location data violates 15 U.S.C. § 45(n) because it is “likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.”

EPIC also contends the unlimited collection and indefinite retention of detailed location data violate the data minimization requirements under the Children’s Online Privacy Protection Act (COPPA), which requires providers to “retain personal information collected online from a child for only as long as is reasonably necessary to fulfill the purpose for which the information was collected.” 16 C.F.R. § 312.10.

Private Lawsuit Filed

A Pokémon GO user has filed suit in Florida state court alleging that Niantic’s terms of service and privacy policy are deceptive and unfair and violates the Florida Deceptive and Unfair Trade Practices Act. Beckman v. Niantic Inc., No. 50-2016-CA-008330, Fifteenth Judicial Circuit for Palm Beach County, Florida.

***

The issue of consumer privacy continues to garner significant attention and companies and app developers that collect and retain personal information should ensure they are in compliance with the relevant statutes.

In addition, employers whose employees play the game while at work may consider banning or otherwise regulating such activities. Employers also should consider potential compromises to proprietary and confidential information that could occur from data breaches or through counterfeit games designed to allow hackers access to company protected information.

Please contact Jackson Lewis with any questions about these and other issues.

©2016 Jackson Lewis P.C. This material is provided for informational purposes only. It is not intended to constitute legal advice nor does it create a client-lawyer relationship between Jackson Lewis and any recipient. Recipients should consult with counsel before taking any actions based on the information contained within this material. This material may be considered attorney advertising in some jurisdictions. Prior results do not guarantee a similar outcome.

Reproduction of this material in whole or in part is prohibited without the express prior written consent of Jackson Lewis P.C., a law firm with more than 900 attorneys in major cities nationwide serving clients across a wide range of practices and industries. Having built its reputation on providing premier workplace law representation to management, the firm has grown to include leading practices in the areas of government relations, healthcare and sports law. For more information, visit www.jacksonlewis.com.

See AllRelated Articles You May Like

March 20, 2019

New Jersey Prohibits Enforcement of Non-Disclosure Provisions in Settlement Agreements, Other Contracts

March 20, 2019

A sweeping amendment to the New Jersey Law Against Discrimination (LAD) bars enforcement of non-disclosure provisions in settlement agreements and employment contracts, and prohibits the waiver of substantive and procedural rights under the statute. The amendment applies to all contracts and agreements entered into, renewed, modified, or... Read More

March 11, 2019

New Jersey Bills Would Give Consumers Control Over Their Personal Data Privacy

March 11, 2019

New Jersey has joined a growing list of states considering legislation on data privacy to promote transparency, accountability, and individual choice. One bill would create new obligations for commercial entities whose online website or services collect personally identifiable information (PII) from individuals in New Jersey. A second... Read More

February 28, 2019

Portland, Oregon, Bars Discrimination Against Atheists, Agnostics

February 28, 2019

An amendment to the civil rights code of Portland, Oregon, extends protections against discrimination in employment, housing, and public accommodations to atheists, agnostics, and other “non-believers.” Religious facilities are expressly exempt. The Portland City Code, chapter 23.01, already prohibits discrimination on the basis of... Read More