Addressing the privacy concerns of these augmented games is important. Not least because the popularity and broad demographic appeal means significant volumes of data can be harvested. That’s a trait that is not unique though to these apps. Many other apps can and do collect large volumes of location and other user data – even those that do limit location data collection to when they are in use, which are still in the minority.
The rules in Europe do require information, such as that which the senator is calling for, to be provided to users, so they can make an informed choice when they download the app and start to play the game. Particularly where games and other apps can be downloaded and played by children, presenting the information in a timely way, and in language which is readily understood, with an effective consent mechanism can be challenging. Even when it is provided it is often simply clicked through anyway – which begs the question of how effective this is.
The tendency to click through terms and conditions is one of the reasons why rules being tightened as part of the new General Data Protection Regulation include data minimisation and purpose limitation, along with clear notice and consent mechanisms, and tighter parental consent requirements. Nonetheless, even these new rules won’t act as a complete bar on secondary usage and the analysis of data or its use for profiling purposes. Nor should it. A lot of the secondary usage will often relate to benign activities in aggregated anonymised pools to improve the product range. Some, however, could result in profile data sharing.
Setting standards for transparency is important, but so is encouraging people to read these notices when they are provided and reflect on whether they are comfortable with allowing this information about themselves to be collected in exchange for the fun or utility from playing a free game or using a free app. The challenge is as much about education as it is about rules and legislation.