As everyone probably knows by now, “Pokémon Go” encourages players to interact with their natural environment by using realistic maps of their surroundings as part of the game.
The game itself is quite simple. Landmarks, cemeteries, public buildings and monuments are “stops” where players can go to collect things (like eggs containing Pikachu or other Pokémon). Other public places, such as churches, parks and businesses, are tagged as “gyms” where players can battle each other. Tagging public places may cause legal and ethical concerns. Niantic (developer of Pokémon Go) uses much of its data from Google Maps and player-generated tags from Ingress (a previous game) to identify real-life places as either “stops” or “gyms.”
Privacy, Legal and Ethical Concerns
Misidentification of Data. Problems arise when the data is wrongly tagged and identifies a private place (such as a residence) as a “public place,” which is what recently happened at the home of a couple in Massachusetts. Currently, if such an event occurs, it can be addressed by Niantic using information provided about specific locations that have been incorrectly tagged. Google honors most takedown notices when Google Maps locations inadvertently violate individuals’ rights to privacy (or for other good reasons). The real danger is that due to the incredible popularity in a very short period of time of location-based games such as Pokémon, many imitators are looking to cash in. Other large and small entities all over the globe will be rapidly developing and deploying their own location-based games, and such imitators may not prove to be as amenable to honor takedown notices or to correct information about specific locations as they should be.
Future Applications for Location-based Technology. The potential of location-based technology extends far beyond the gaming world into an infinite number of applications for geotagging ability and location-based interaction, which companies hungry for data will be eager to exploit. Such applications are likely to be developed and rapidly deployed, especially in consumer-facing areas such as gaming, wearables technology and fitness tracking. It is not hard to imagine that in the very near future, not only every individual, but also every house and car will represent a virtual treasure trove of data to be exploited.
Privacy and Ethical Risks. The problem with this future scenario is that many people value their privacy and will want to have control over their personal data. Such people will not want the world at large to know where they live or any other personal facts about them, including vulnerable people such as the elderly, victims of domestic violence, or people with children. In such cases, if someone’s private residence is tagged and posted in a global database and therefore easily accessible, such tagging could result in a real-world risk with serious adverse effects to an innocent party, or at minimum a potential violation of personal privacy. After all, our homes are supposed to be our “castles” in respect to personal and privacy rights, meaning our homes are our exclusive domains in which we can enjoy privacy without unreasonable government or third-party interference.
Risks to Business. Businesses are also at risk from incorrect geotagging. What if a commercial database inadvertently mis-identifies a business, causing the business to lose customers and revenue? For example, if a business person owns an Asian bakery in a certain neighborhood and it is mis-identified as a Latin bakery, customers looking specifically for Asian bakeries will likely ignore the mis-identified business and go to its correctly-tagged competitors. Unless the owner is aware of what is happening, the business could be losing revenue due to incorrect geotagging data. Worse still, it is not hard to imagine a situation where the bakery is mis-tagged and the owner may not have any redress, either because the owner is not able to locate the developer of the geotagging application or the developer of the application simply refuses to correct or remove the erroneous data. Another risk exists if a business is deliberately mis-tagged by a competitor and it suffers reputational or other damages as a result of the mis-identification.
Out-of-date Information. Individuals as well as businesses may be targets of malicious mis-tagging, but inadvertent mistakes due to old and out-of-date information could also be devastating to businesses and individuals. An example is a scenario where a recently purchased private residence was previously owned by an illegal drug dealer or registered sex offender. In such cases, the outdated information could be very damaging to an innocent individual purchasing the residence.
The potential for genuine mistake or malicious abuse is exacerbated once applications are created that allow individuals to tag public or private locations themselves. Currently, only developers that have created location-based applications are able to geotag locations, but in the near future this ability may not be restricted to these application developers. If tagging is not regulated, third parties could maliciously tag a residence if, for example, they wanted to make an “example” of a resident of the house, or if they simply disagree with the residents’ political, religious or other views.
One Proposed Solution
Extension of Data Privacy Protections to Virtual Spaces and Data Objects. Legislators should extend data protection laws to virtual spaces and data objects, and this must happen before we have to deal with one or more of the situations described above. Currently, personal information or data is “personal,” meaning regulated personal information or data is only associated with an identified or identifiable data subject, and therefore only data subjects have privacy rights in most countries. Data protection regulations should be amended to protect not only data subjects but also virtual spaces and data objects.
Future of Location-based Gaming. The good news is that location-based gaming possibilities are endless.For example, games could be targeted at adults and history enthusiasts that use location-based “gaming” and geotagging to allow a user to recreate and participate in ancient or recent U.S. or world battles. Such game applications could also recreate important historical events that would have local appeal anywhere in the world. Imagine entering Independence Hall in Philadelphia and seeing on a tablet or other device the images of the signers of the Declaration of Independence. The event would come a novel way to teach history to adults and children.
Or imagine the convergence that could occur in gaming, similar to what happened a few years ago when a calendar, voice recorder, camera, music player and computing capabilities were integrated in a single smartphone. For example, a combination of a great naval battle could occur in a “gym” setting, using a virtual reality device, so people would not be staring into the small screen of their cellphones but instead would be actually participating virtually in the battle projected around them. Moreover, they could perhaps wear a vest or arm-band imbued with sensors that incorporate technology similar to self-driving car technology, which would track the movements of the player and alert the player to danger (for example, if the player was about to walk in front of a vehicle, or run off a cliff). An alert could appear on the virtual reality device, temporarily pausing the game and notifying the player that he or she was likely to incur injury or harm in the real world. Once the situation was rectified, the player could reactivate the game to continue. In order to maximize safety, future “gyms” could be large properties specifically dedicated to gaming enthusiasts covering several acres with no vehicular traffic, cliffs or drop-offs, large bodies of water, or other hazards. The likelihood of injury to players would thus be reduced or mitigated and people could game safely instead of gaming in a more risky public park or street.
Geolocation tagging for gaming, business use, historical learning and other applications is in its infancy but has the future potential to affect both individuals and businesses on many levels. Due to the widespread impact of these possible uses of geotagging, privacy professionals, lawyers and policymakers should consider and focus not only on data subjects, but also virtual spaces and data objects in order to protect and facilitate global changes anticipated from these technologies.
About the Authors
Daniel Christensen currently serves as group counsel of IT, privacy & security at Intel Corporation. Dan has served in various business/legal roles ranging from acting general counsel to chief privacy officer, working in different countries/state, and spanning various industries including technology, healthcare, telecom and energy. His substantive expertise includes privacy/security, data governance, transactional, regulatory compliance, IP, private equity and M/A. Dan has a MBA from Oxford (UK), a JD from University of Utah, a double BA from BYU, and is CIPM, CIPT and CIPP/US certified by the International Association of Privacy Professionals.
Diana Jimenez is a senior attorney at Intel Corporation in the Privacy and Security Group. She has been a lawyer for over 25 years in the areas of technology transactions, open source, M&A, regulatory compliance and now privacy.