Personal Data At Risk Due To New Craze: Pokémon Go

Pokemon Go has had more first week release downloads from the Apple App store than any other App in history. While augmented reality has long been used for military, industrial and medical applications, its huge potential for commercial and entertainment applications is only now being realised. Apple CEO Tim Cook recently stated, “We are high on augmented reality for the long run, we think there’s great things for customers and a great commercial opportunity’’. Whilst customers and consumers rush to take advantage of these opportunities, recent events demonstrate that the privacy implications of this technology have been left as an afterthought. There has been significant concern around the amount of personal data collected by the App, and how this may be shared. This is especially important because it is played largely by children.

What is Pokémon Go?

Pokémon Go is a free-to-play, location-based pervasive augmented reality game. In short, the Pokémon GO application uses the participants’ smartphone camera and gyroscope to display an image of a Pokémon as though it existed as a live entity in the real world.


Whilst designing the App the creators did not give thought to the fact that locations could potentially be people’s homes. Residents of the Sydney suburb of Rhodes were recently faced with large numbers of Pokémon GO participants gathering in their area. In another incident in Massachusetts a family living in an old church were surprised to find that their house had been marked as a Pokémon Gym; where participants get to train their fictional creatures. As a result, the family found their front garden inundated with Pokémon GO participants, all day and all night.

Another key aspect of the game is its ability to constantly record the participants’ location so as to alert them to any nearby Pokémon. This digital record of our whereabouts provides a new goldmine of information for the marketing sector. Detailed knowledge of our movements is simply an extra tool in the marketing armoury, allowing targeted messages to be sent to consumers depending on their location.

Inevitably, it is only a matter of time until such a collection of personal data will fall into the cross-hairs of the hackers. Niantic, the software development company behind Pokémon GO, states in its privacy policy that it takes the appropriate administrative, physical, and electronic measures designed to protect the information that it collects. It cannot, however, guarantee absolute security.

Changes in this area of the law with the General Data Protection Regulation due to enter into force in 2018 include new obligations such as ensuring privacy by design and default on a mandatory basis. As such clients designing new products or offering new services should bear in mind these developments and begin implementation in preparation for the changes that are to come.

So Pokémon GO participants; beware!

Forbes Solicitors regularly provide advice to public authorities, providers of social housing, charities and business regarding the Data Protection Act 1998. If you have any questions, please contact Daniel Milnes.

This entry was posted in Housing Litigation and tagged , .