Search form

Next Stop for Pokémon GO: Regulation & Litigation?

By Jeffrey M. Schlossberg and Jason C. Gavejian
  • August 1, 2016

The Pokémon GO craze has taken the world by storm, with estimated downloads of the digital game topping more than 75 million since the program became available on July 6. Apple has confirmed that it was the most downloaded app ever in its first week of availability.

When first offered, the game required users to grant permission not only to use a player’s smartphone camera and location data, but also to gain full access to the user’s Google accounts — including email, calendars, photos, stored documents and any other data associated with the login. Responding to a public outcry (including a letter from Minnesota Senator Al Franken), the game’s creator, Niantic, stated that the permission requests were “erroneous” and that Pokémon GO did not use anything from players’ accounts other than basic Google profile information. The company has since issued a fix to reduce access only to users’ basic Google account profile information. However, that has not prevented a call for Federal Trade Commission (FTC) oversight of Niantic’s data collection practices or a lawsuit against the company over its terms of service and privacy policy.

Privacy Policy

In a letter dated July 22, 2016, the Electronic Privacy Information Center (EPIC) wrote to the FTC requesting government oversight of Niantic’s data collection practices. EPIC is a non-profit public interest research center focusing public attention on privacy and civil liberties issues.

EPIC highlighted the following issues with Niantic’s privacy policy:

  1. Niantic does not explain the scope of information gathered from Google profiles or why this is necessary to the function of the Pokémon GO app.
  2. Niantic collects users’ precise location information through “cell/mobile tower triangulation, wifi triangulation, and/or GPS.” The Company’s Privacy Policy states Niantic will “store” location information and “some of that location information, along with your … user name, may be shared through the App.” The Privacy Policy does not indicate any limitations on how long Niantic will retain location data or explain how indefinite retention of location data is necessary to the functionality of the Pokémon GO app.
  3. With Pokémon GO, Niantic has access to users’ mobile device camera. The Terms of Service for Pokémon GO grant Niantic a “nonexclusive, perpetual, irrevocable, transferable, sublicensable, worldwide, royalty-free license” to “User Content.” The Terms do not define “User Content” or specify whether this includes photos taken through the in-app camera function.
  4. The Privacy Policy grants Niantic wide latitude to disclose user data to “third-party service providers,” “third parties,” and “to government or law enforcement officials or private parties as [Niantic], in [its] sole discretion, believe necessary or appropriate.” Niantic also deems user data, including personally identifiable information, to be a “business asset” that it can transfer to a third party in the event the company is sold. This issue has been identified as a particular concern to another non-profit organization – Common Sense Media, an independent organization focusing on children and technology. According to Common Sense Media, location information and history of children should not be considered a “business asset.”

Request to FTC

EPIC requested that the FTC exercise its authority to regulate unfair competition under the Federal Trade Commission Act (15 U.S.C. § 45) to prohibit practices by Niantic and other similar apps companies that fail to conform with FTC’s Fair Information Practices and the principles in The White House 2012 report, “Consumer Data Privacy In A Networked World.”

According to EPIC, Niantic’s unlimited collection and indefinite retention of detailed location data violates 15 U.S.C. § 45(n) because it is “likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.”

EPIC also contends the unlimited collection and indefinite retention of detailed location data violate the data minimization requirements under the Children’s Online Privacy Protection Act (COPPA), which requires providers to “retain personal information collected online from a child for only as long as is reasonably necessary to fulfill the purpose for which the information was collected.” 16 C.F.R. § 312.10.

Private Lawsuit Filed

A Pokémon GO user has filed suit in Florida state court alleging that Niantic’s terms of service and privacy policy are deceptive and unfair and violates the Florida Deceptive and Unfair Trade Practices Act. Beckman v. Niantic Inc., No. 50-2016-CA-008330, Fifteenth Judicial Circuit for Palm Beach County, Florida.

***

The issue of consumer privacy continues to garner significant attention and companies and app developers that collect and retain personal information should ensure they are in compliance with the relevant statutes.

In addition, employers whose employees play the game while at work may consider banning or otherwise regulating such activities. Employers also should consider potential compromises to proprietary and confidential information that could occur from data breaches or through counterfeit games designed to allow hackers access to company protected information.

Please contact Jackson Lewis with any questions about these and other issues.

©2016 Jackson Lewis P.C. This material is provided for informational purposes only. It is not intended to constitute legal advice nor does it create a client-lawyer relationship between Jackson Lewis and any recipient. Recipients should consult with counsel before taking any actions based on the information contained within this material. This material may be considered attorney advertising in some jurisdictions. Prior results do not guarantee a similar outcome.

Reproduction of this material in whole or in part is prohibited without the express prior written consent of Jackson Lewis P.C., a law firm that built its reputation on providing workplace law representation to management. Founded in 1958, the firm has grown to more than 900 attorneys in major cities nationwide serving clients across a wide range of practices and industries including government relations, healthcare and sports law. More information about Jackson Lewis can be found at www.jacksonlewis.com.

See AllRelated Articles You May Like

October 15, 2019

New California Law Attacks Mandatory Arbitration Again … But Is It More Bark Than Bite?

October 15, 2019

California has joined a number of states in passing legislation purporting to prohibit mandatory arbitration agreements for sexual harassment and other claims. Such laws have gained popularity in the wake of the #MeToo movement, but are subject to challenge under Federal Arbitration Act (FAA) preemption principles. (See our articles... Read More

October 15, 2019

Third-Party Harassment and Discrimination: The Customer Isn’t Always Right

October 15, 2019

As fiscal year 2019 ends for the Equal Employment Opportunity Commission (EEOC), it has announced it is pursuing several new discrimination suits, including one alleging a casino failed to protect female staffers from sexual harassment by patrons. Sexual misconduct and harassment have been in the national spotlight more than ever and... Read More

October 14, 2019

New York City Enacts Legislation Clarifying Independent Contractor Protection under Human Rights Law

October 14, 2019

While courts have generally interpreted the New York City Human Rights Law (NYCHRL) as providing anti-discrimination protections to individuals performing services as independent contractors, effective in January 2020, amendments to the NYCHRL clarify such protections. These amendments also clarify that while the NYCHRL’s coverage of... Read More