DCSIMG
Skip to Content

Sen. Franken Presses Makers of "Pokemon GO" Smartphone App Over Privacy Concerns

Launched Last Week, Pokemon GO Has Already Been Downloaded an Estimated 7.5 Million Times by Smartphone Users; The App Collects, Uses, and Shares a Wide Range of Users' Digital Data in Potentially Concerning Ways

Tuesday, July 12, 2016

Today, U.S. Sen. Al Franken (D-Minn.) raised the alarm over potentially serious privacy concerns with "Pokémon GO," a new smartphone game that millions of users around the country have downloaded over the past week.

Launched on July 6, Pokémon GO is a so-called "augmented reality app," meaning that it blends the real world and virtual world by using technology like your phone and GPS tracking. And that also means 
the app wants access to a whole trove of your personal data and informationthings like your precise location, your email address, IP address, the last website you looked at, and according to initial reports, even access to the contents of your Gmail account.

Sen. Franken finds that kind of access to user information troubling, which is why today he's called on Niantic, the company that developed the game, to explain how it collects user data and what it does with that data. You can read a copy of his letter by clicking 
here.

"Pokémon GO—in less than a week's time—has been downloaded approximately 7.5 million times in the United States alone," 
wrote Sen. Franken, who is the top Democrat on the Senate Privacy and Technology Subcommittee. "While this release is undoubtedly impressive, I am concerned about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users' personal information without their appropriate consent. I believe Americans have a fundamental right to privacy, and that right includes an individual's access to information, as well as the ability to make meaningful choices, about what data are being collected about them and how the data are being used. As the augmented reality market evolves, I ask that you provide greater clarity on how Niantic is addressing issues of user privacy and security, particularly that of its younger players."

Sen. Franken has long been an advocate of protecting Americans' privacy, especially in light of new technologies. In 2015, he reintroduced his Location Privacy Protection Actwhich would give consumers more control over their private location information.

You can read the full text of today's letter by clicking 
here or reading below. 

July 12, 2016


Mr. John Hanke, CEO                                                                       

Niantic, Inc.                           


Dear Mr. Hanke:

 

I am writing to request information about Niantic's recently released augmented reality app, Pokémon GO, which - in less than a week's time - has been downloaded approximately 7.5 million times in the United States alone. While this release is undoubtedly impressive, I am concerned about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users' personal information without their appropriate consent. I believe Americans have a fundamental right to privacy, and that right includes an individual's access to information, as well as the ability to make meaningful choices, about what data are being collected about them and how the data are being used. As the augmented reality market evolves, I ask that you provide greater clarity on how Niantic is addressing issues of user privacy and security, particularly that of its younger players.


Recent reports, as well as Pokémon GO's own privacy policy, suggest that Niantic can collect a broad swath of personal information from its players. From a user's general profile information to their precise location data and device identifiers, Niantic has access to a significant amount of information, unless users - many of whom are children - opt-out of this collection. Pokémon GO's privacy policy states that all of this information can then be shared with The Pokémon Company and "third party service providers", details for which are not provided, and further indicates that Pokémon GO may share de-identified or aggregated data with other third parties for a non-exhaustive list of purposes. Finally, Pokémon GO's privacy policy specifically states that any information collected - including a child's - "is considered to be a business asset" and will thus be disclosed or transferred to a third party in the event that Niantic is party to a merger, acquisition, or other business transaction.


Media reports have also highlighted that Pokémon GO has full access to some users' Google accounts, which includes their Gmail services. We recognize and commend Niantic for quickly responding to these specific concerns, and ask for continued assurance that a fix will be implemented swiftly. When done appropriately, the collection and use of personal information may enhance consumers' augmented reality experience, but we must ensure that Americans' - especially children's - very sensitive information is protected.

 

In light of these uncertainties, I respectfully request that you respond to the following questions by August 12, 2016:


1.     Pokémon GO has stated that it collects a broad array of users' personal information, including but not limited to a user's profile and account information, their precise location data, and information obtained through Cookies and Web Beacons. Can you explain exactly which information collected by Pokémon GO is necessary for the provision or improvement of services? Are there any other purposes for which Pokémon GO collects all of this information?

 

2.     According to reports, Pokémon GO also requests permission to access a number of mobile capabilities, including but not limited to the ability to control vibration on a phone, prevent the phone from sleeping, and find contact accounts on the device. Can you explain exactly which features and capabilities are necessary for Pokémon GO to access for the provision or improvement of services? Are there any other purposes for which Pokémon GO has access to all of these features and capabilities?

 

3.     If, in fact, some of the information collected and/or permissions requested by Pokémon GO are unnecessary for the provision of services, would Niantic consider making this collection/access opt-in, as opposed to requiring a user to opt-out of the collection/access?

 

4.     Pokémon GO has stated that users' information can be shared with The Pokémon Company and "third party service providers". Can you provide a list of current service providers? Does Pokémon GO also share users' information with investors in Pokémon GO?

 

5.     Pokémon GO has further indicated that it shares de-identified and aggregate data with other third parties for a multitude of purposes. Can you more exhaustively describe the purposes for which Pokémon GO would share or sell such data? 

 

6.     Can you describe how Niantic ensures parents provide meaningful consent for their child's use of Pokémon GO and thus the collection of their child's personal information? Apart from publicly available privacy policies, how does Niantic inform parents about how their child's information is collected and used? 

 

7.     According to reports, signing into Pokémon GO on iOS through a user's Google account gives Niantic full access to an individual's Google account without the user's knowledge. Niantic has since recognized that it erroneously asked for more permissions than it intended. Can you provide an update on any fix Niantic is seeking to correct this mistake? Also, please confirm that Niantic never collected or stored any information it gained access to as a result of this mistake.


Thank you for your prompt attention to this important matter, and please do not hesitate to contact me.

 


                                          Sincerely,

 

###

Duluth Office
515 W 1st St
Suite 104
Duluth, MN 55802
(218) 722-2390

Moorhead Office
819 Center Avenue
Suite 2A
Moorhead, MN 56560
(218) 284-8721

Rochester Office
1202-1/2 7th Street NW
Suite 213
Rochester, MN 55901
(507) 288-2003

Saint Paul Office
60 East Plato Blvd
Suite 220
Saint Paul, MN 55107
(651) 221-1016

West Central Mobile Office

Official Web Site of Sen. Al Franken
Text Only   |   Privacy Policy   |   Contact