As augmented reality game Pokemon GO reached startling 7.5 million downloads in US alone within 6 days, US lawmakers woke up to the issue of privacy violation by the company in the name of collection of data and details about players, most of them children.
The popular game not only gets full access to users’ Google accounts when activated on iOS, but also makes it clear that the data will be shared with the third parties and service providers. While Niantic is quick to fix some of the issues raised, US Senator Al Franken (D-Minn.) has shot off a letter to game creators Niantic seeking answers to his 7 questions.
— The game Pokémon Go collects profile, account information, location data and seeks permission to obtain control over devices through Cookies and Web Beacons.
with the “third party service providers”, without giving the details.
Franken, who is also in the US Senate Privacy and Technology Subcommittee, has asked whether Niantic would consider “opt-in” rather than requiring users to “opt out” if they don’t want data collected. He also sought the info on third parties with whom the Pokémon Company shares information and whether parental consent was obtained before doing so from children.
“I am concerned about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users’ personal information without their appropriate consent,” said Franken in his letter with 7 questions and sought an answer before August 12, essentially giving the company a month to respons to his queries. Here are his 7 questions:
1. Pokemon GO has stated that it collects a broad array of users’ personal information, including but not limited to a user’s profile and account information, their precise location data, and information obtained through Cookies and Web Beacons. Can you explain exactly which information collected by Pokemon GO is necessary for the •vWM ^PANKiiN.^ENA’IE.GOV
provision or improvement of services? Are there any other purposes for which Pokemon GO collects all of this information?
2. According to reports, Pokemon GO also requests permission to access a number of mobile capabilities, including but not limited to the ability to control vibration on a phone, prevent the phone from sleeping, and find contact accounts on the device. Can you explain exactly which features and capabilities are necessary for Pokemon GO to access for the provision or improvement of services? Are there any other purposes for which Pokemon GO has access to all of these features and capabilities?
3. If, in fact, some of the information collected and/or permissions requested by Pokemon GO are unnecessary for the provision of services, would Niantic consider making this collection/access opf-in, as opposed to requiring a user to opt-out of the collection/access?
4. Pokemon GO has stated that users’ information can be shared with The Pokemon Company and “third party service providers”. Can you provide a list of current service providers? Does Pokemon GO also share users’ information with investors in Pokemon GO?
5. Pokemon GO has further indicated that it shares de-identified and aggregate data with other third parties for a multitude of purposes. Can you more exhaustively describe the purposes for which Pokemon GO would share or sell such data?
6. Can you describe how Niantic ensures parents provide meaningful consent for their child’s use ofPokemon GO and thus the collection of their child’s personal information?
Apart from publicly available privacy policies, how does Niantic inform parents about how their child’s information is collected and used?
7. According to reports, signing into Pokemon GO on iOS through a user’s Google account gives Niantic full access to an individual’s Google account without the user’s knowledge. Niantic has since recognized that it erroneously asked for more permissions than it intended. Can you provide an update on any fix Niantic is seeking to correct this mistake? Also, please confirm that Niantic never collected or stored any information it gained access to as a result of this mistake.