United States senator Al Franken, who represents Minnesota, has written an open letter to the CEO of Pokemon Go developer Niantic Labs in which he expresses his concern with the game’s privacy settings.
In the letter (read it here), Franken said the game’s popularity is “impressive.” However, he said he’s worried over how the game collects and use player data.
“I am concerned about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users’ personal information without their appropriate consent,” he wrote. “I believe Americans have a fundamental right to privacy, and that right includes an individual’s access to information, as well as the ability to make meaningful choices, about what data are being collected about them and how the data are being used.
“As the augmented reality market evolves, I ask that you provide greater clarity on how Niantic is addressing issues of user privacy and security, particularly that of its younger players.”
Pokemon Go players can opt out of things such as their precise location and other device identifiers, Franken said, but he also commented that many players are children and might not do this.
Also in his message, Franken commended Niantic for responding swiftly to how, in some cases, Pokemon Go could access a user’s entire Google account.
“When done appropriately, the collection and use of personal information may enhance consumers’ augmented reality experience,” he said. “but we must ensure that Americans’–especially children’s–very sensitive information is protected.”
In light of what Franken called “uncertainties,” he asked Niantic Labs CEO John Hanke to respond to a series of question by August 12. These questions, in full, are listed below.
1. Pokemon Go has stated that it collects a broad array of users’ personal information, including but not limited to a user’s profile and account information, their precise location data, and information obtained through Cookies and Web Beacons. Can you explain exactly which information collected by Pokemon Go is necessary for the provision or improvement of services? Are there any other purposes for which Pokemon Go collects all of this information?
2. According to reports, Pokemon Go also requests permission to access a number of mobile capabilities, including but not limited to the ability to control vibration on a phone, prevent the phone from sleeping, and find contact accounts on the device. Can you explain exactly which features and capabilities are necessary for Pokemon Go to access for the provision or improvement of services? Are there any other purposes for which Pokemon Go has access to all of these features and capabilities?
3. If, in fact, some of the information collected and/or permissions requested by Pokemon GO are unnecessary for the provision of services, would Niantic consider making this collection/access opf-in, as opposed to requiring a user to opt-out of the collection/access?
4. Pokemon Go has stated that users’ information can be shared with The Pokemon Company and “third party service providers.” Can you provide a list of current service providers? Does Pokemon Go also share users’ information with investors in Pokemon Go?
5. Pokemon Go has further indicated that it shares de-identified and aggregate data with other third parties for a multitude of purposes. Can you more exhaustively describe the purposes for which Pokemon Go would share or sell such data?
6. Can you describe how Niantic ensures parents provide meaningful consent for their child’s use of Pokemon Go and thus the collection of their child’s personal information? Apart from publicly available privacy policies, how does Niantic inform parents about how their child’s information is collected and used?
7. According to reports, signing into Pokemon Go on iOS through a user’s Google account gives Niantic full access to an individual’s Google account without the user’s knowledge. Niantic has since recognized that it erroneously asked for more permissions than it intended. Can you provide an update on any fix Niantic is seeking to correct this mistake? Also, please confirm that Niantic never collected or stored any information it gained access to as a result of this mistake.
GameSpot has contacted Niantic to try to find out if the developer has seen Franken’s note and plans to respond.
This isn’t the first time Franken has raised concerns about privacy in regards to technology. Earlier this year, he wrote a letter to Oculus VR in which he asked to know how Oculus uses the data it collects.
Pokemon Go–which challenges players to catch Pokemon in the real world and also helps sell pizza–launched last week and has become a phenomenon on a level that Niantic might not have even imagined. On the business side, its release has added $9 billion to Nintendo’s market cap. Nintendo didn’t make the game, but it owns a share of The Pokemon Company, which produced Pokemon Go in partnership with Niantic.
Recently, it was reported that in wake of the game’s huge success, Hollywood studios are scrambling to sign a deal for the Pokemon movie rights. In other news, two US Marines who were playing Pokemon Go helped catch an attempted murder suspect this week in California.
For more on Pokemon Go, check out GameSpot’s review.