Just a few hours after having received its promised security-focused update, Pokémon Go is once again under scrutiny by security and privacy advocates. Senator Al Franken of Minnesota has issued a statement asking for clarification from Niantic, the creators of the quickly growing mobile game, on how user data is being used within the application and its services.
I am writing to request information about Niantic s recently released augmented reality app, Pokemon GO, which – in less than a week’s time – has been downloaded approximately 7.5 million times in the United States alone. While this release is undoubtedly impressive, I am concerned about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users’ personal information without their appropriate consent. I believe Americans have a fundamental right to privacy, and that right includes an individual’s access to information, as well as the ability to make meaningful choices, about what data are being collected about them and how the data are being used. As the augmented reality market evolves, I ask that you provide greater clarity on how Niantic is addressing issues of user privacy and security, particularly that of its younger players.
In his letter, Franken touches on the Google account access issue that we previously discussed, but his requests reach further than that. He wants a better understanding on how the data is used and what parents can do to protect their children’s information. In Franken’s letter, he requests that Niantic answers his list of concerns by August 12, 2016. Some of the highlights from his requests include:
1. Pokemon GO has stated that it collects a broad array of users’ personal information, including but not limited to a user’s profile and account information, their precise location data, and information obtained through Cookies and Web Beacons. Can you explain exactly which information collected by Pokemon GO is necessary for the provision or improvement of services? Are there any other purposes for which Pokemon GO collects all of this information?
4. Pokemon GO has stated that users’ information can be shared with The Pokemon Company and “third party service providers”. Can you provide a list of current service providers? Does Pokemon GO also share users’ information with investors in Pokemon GO?
6. Can you describe how Niantic ensures parents provide meaningful consent for their child’s use of Pokemon GO and thus the collection of their child’s personal information? Apart from publicly available privacy policies, how does Niantic inform parents about how their child’s information is collected and used?
The full letter from Franken to John Hanke, CEO of Niantic, can be read here. Franken has been an advocate of protecting privacy in a world of ever evolving technology. He had introduced the Location Privacy Protection Act back in 2015 that would give consumers more control on their private location data.
Original image credit Senator Franken.