TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Perspectives | Data protection should extend to virtual places and data objects Related reading: The AI Act's debiasing exception to the GDPR



As everyone likely knows by now, “Pokemon Go” encourages players to interact with their natural environment by using realistic maps of their surroundings as part of the game.

The game itself is quite simple (here's a brief explainer). Players can collect "Pokemon" while walking around in the public. Some landmarks, cemeteries, public buildings, and monuments are “stops” where players can collect things (like potions). Other public places such as churches, parks, and businesses are tagged as “gyms” where players can battle each other. Tagging public places may cause legal and ethical concerns. Niantic, the game's developer, uses much of its data from Google Maps and player-generated tags from Ingress (a previous game). This data is used to identify real-life places as either “stops” or “gyms.”

Problems arise when the data is wrongly tagged and identifies a private place as a “public place,” which is what recently happened to a couple in Massachusetts. If such an event occurs, mistakes can be addressed by Niantic, which allows people to provide information about specific locations that can be mis-tagged. And Google honors most take-down notices when a Google Maps location inadvertently violates an individual’s right to privacy.

The real danger is that due to the incredible popularity in a very short period of "Pokemon Go," many imitators are looking to cash in on the location-based gaming craze. As a result, other organizations around the world will rapidly develop and deploy their own location-based games, and such imitators may not prove to be as amenable to honor take down-notices as Google is, or to correct information about a specific location provided by an individual as Niantic.

To be sure, the potential of location-based technology extends far beyond the gaming world into an infinite number of applications for geo-tagging and location-based interaction, which companies that are hungry for data will be eager to exploit. 

To be sure, the potential of location-based technology extends far beyond the gaming world into an infinite number of applications for geo-tagging and location-based interaction, which companies that are hungry for data will be eager to exploit. Such applications will especially emerge in consumer-facing areas such as gaming, wearables technology, and fitness tracking. 

The problem with this future scenario is that many people value their privacy and will want to maintain control over their personal data. Users will not want the world at large to know where they live or any other personal facts about them, including vulnerable people like the elderly, victims of domestic violence, or people with children. In these cases, if someone’s private residence is tagged and posted in a global database making the data easily accessible, tagging could result in a real-world risk with serious adverse effects to an innocent party, or at minimum a potential violation of personal privacy. After all, our homes are supposed to be our castles.

Businesses are also at risk from incorrect geo-tagging.

For example, what if a commercial database inadvertently mis-identifies a business, resulting in the loss of customers and revenue? Or, what if a business is mis-identified, and customers go to its correctly-tagged competitors. Unless the owner is aware of what is happening, the business could be losing revenue due to incorrect geo-tagging data. Worse still, it is not hard to imagine a situation where the bakery is mis-tagged and the owner may not have any redress, either because the owner is not able to locate the developer of the geo-tagging application, or the developer of the application simply refuses to correct the erroneous data or ignores a request to remove the data. Businesses could also be deliberately mis-tagged by a competitor and could suffer reputational damages as a result. 

Old and out-of-date information could also be devastating to businesses and individuals. What if a recently purchased residence was previously owned by an illegal drug dealer or registered sex offender? In such cases, the outdated information could be very damaging to an innocent individual purchasing the residence.

The potential for genuine mistakes or malicious abuse is exacerbated once applications are created that allow individuals to tag public or private locations themselves. Currently only developers are able to geo-tag locations, but in the near future this ability may not be restricted to these application developers. If tagging is not regulated, third parties could maliciously tag a residence if, for example, they wanted to make an “example” of a resident of the house, or they simply disagree with the resident’s political or religious views.

There is one potential solution, however.

Legislators should extend data protection laws to virtual spaces and data objects, and this must happen before we have to deal with one or more of the situations described above

Legislators should extend data protection laws to virtual spaces and data objects, and this must happen before we have to deal with one or more of the situations described above. Currently, personal information or personal data is “personal,” meaning that regulated personal information or personal data is only associated with an identified or identifiable data subject, and therefore only data subjects have privacy rights in most countries, such as the right to access their data or demand their data be corrected and/or deleted if it is inaccurate or prejudicial.

Data protection regulations should be amended to protect not only data subjects, but virtual spaces and data objects. 

The good news is that location-based gaming possibilities are endless. For example, future games could target adults and history enthusiasts that use location-based “gaming” and geo-tagging to allow a user to re-create and participate in ancient or modern battles, such as the the Battle of Thermopylae or Gettysburg. These games could also recreate important historical events anywhere in the world. Imagine entering Independence Hall in Philadelphia and seeing the signers of the Declaration of Independence appear around the room in which you are standing. The event would come alive as a novel way to teach history to adults and children.

Or imagine a paradigm-shifiting gaming convergence, similar to when a calendar, voice recorder, camera, music player, and computing capability were integrated in a single smart phone. For example, gamers could recreate a great naval battle in a gym setting using a virtual reality device with the battle projected all around them. Moreover, they could wear a vest or arm band imbued with sensors. The sensor would track the movements of the player, so it could alert them to danger. An alert could appear on the VR device temporarily pausing the game and notifying the player that she was likely to incur harm in the real world. In order to maximize safety, future gyms could be large properties specifically dedicated to gaming enthusiasts covering several acres with no real-world hazards. The likelihood of injury to players would thus be reduced or mitigated and people could game and learn more safely than in a public park or street.

Geo-location tagging for gaming, business use, historical education, and other applications is in its infancy but with the potential to affect both individuals and businesses in the future on so many levels. It would therefore be necessary for data protection legislation to contemplate not only data subjects, but also virtual spaces and data objects in order to both protect, and facilitate, global changes anticipated from these technologies.

Update: 8/24/16; 4:16 pm: This post was updated to correct how what is collected at "pokestops" and added a link to an "Pokemon Go" explainer page. 

photo credit: Union Cavalry Charge via photopin (license)

1 Comment

If you want to comment on this post, you need to login.

  • comment Ruby Zefo • Aug 24, 2016
    Maybe we should insert virtual laws into the virtual games with which gamers need to be compliant or they face hefty virtual fines, injunctions (they can't play for 48 hours) and possibly a virtual jail sentence (the pillory!) for egregious behavior?  I'm working on my legal aid avatar right now.