The Pokémon GO craze has taken the world by storm, with estimated downloads of the digital game topping more than 75 million since the program became available on July 6. Apple has confirmed that it was the most downloaded app ever in its first week of availability.
In a letter dated July 22, 2016, the Electronic Privacy Information Center (EPIC) wrote to the FTC requesting government oversight of Niantic’s data collection practices. EPIC is a non-profit public interest research center focusing public attention on privacy and civil liberties issues.
- Niantic does not explain the scope of information gathered from Google profiles or why this is necessary to the function of the Pokémon GO app.
- With Pokémon GO, Niantic has access to users’ mobile device camera. The Terms of Service for Pokémon GO grant Niantic a “nonexclusive, perpetual, irrevocable, transferable, sublicensable, worldwide, royalty-free license” to “User Content.” The Terms do not define “User Content” or specify whether this includes photos taken through the in-app camera function.
EPIC requested that the FTC exercise its authority to regulate unfair competition under the Federal Trade Commission Act (15 U.S.C. § 45) to prohibit practices by Niantic and other similar apps companies that fail to conform with FTC’s Fair Information Practices and the principles in The White House 2012 report, “Consumer Data Privacy In A Networked World.”
According to EPIC, Niantic’s unlimited collection and indefinite retention of detailed location data violates 15 U.S.C. § 45(n) because it is “likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.”
EPIC also contends the unlimited collection and indefinite retention of detailed location data violate the data minimization requirements under the Children’s Online Privacy Protection Act (COPPA), which requires providers to “retain personal information collected online from a child for only as long as is reasonably necessary to fulfill the purpose for which the information was collected.” 16 C.F.R. § 312.10.
The issue of consumer privacy continues to garner significant attention and companies and app developers that collect and retain personal information should ensure they are in compliance with the relevant statutes.
In addition, employers whose employees play the game while at work may consider banning or otherwise regulating such activities. Employers also should consider potential compromises to proprietary and confidential information that could occur from data breaches or through counterfeit games designed to allow hackers access to company protected information.