AUGMENTED REALITY: THE CASE OF POKÉMON GO AND EUROPEAN DATA PRIVACY LAWS - Наукові конференції

Вас вітає Інтернет конференція!

Вітаємо на нашому сайті

Рік заснування видання - 2014

AUGMENTED REALITY: THE CASE OF POKÉMON GO AND EUROPEAN DATA PRIVACY LAWS

21.12.2017 12:10

[Секція 8. Інтелектуальна власність та його захист. Інформаційне право]

Автор: Vidish Nataly, student, Odesa I.I. Mechnikov National University


INTRODUCTION

Augmented reality is a relatively new system of video games that has been available since the early 2010s but only gained prominence in the last two years with Pokémon Go being one of the most discussed video games of 2016. Aside from the video game sales themselves, there is also potential for in game purchases and advertising spaces within the video game itself. There are targeted advertisement that may track a gamer’s preferences or adds focused on a particular geographical area. Questions of data privacy concerning the use of the provided information and whether children are adequately protected seeing as a considerable number of children do engage in video games. 

Augmented reality is a view of the physical world environment where some of its elements are supplemented by computer generated inputs or more technically, an environment created with software which is presented to the user in such a way that the user suspends self-belief and accepts it as a real environment [1]. These inputs could be video, graphical or indeed in the case of Pokémon go, a global positioning system. Augmented systems were first developed in the early 1990s and there was not much legal interest then, probably because there was not much risk of individual users’ rights being affected. Augmented reality video games have seen a surge in popularity because of the relative ease of playing on the mobile platform which the majority of people now have access to.

However, there are legal challenges that need to be addressed with virtual reality and these include: privacy, nuisance, negligence, regulations protecting children, intellectual property infringement and a range of legal issues connected with virtual currencies [2].

The focus of this paper however, is on how well European data protection laws are applicable to augmented reality with a particular bias on privacy. Most of the resource information used in this paper has been gathered from articles written in the United States as very little, if any, research has been conducted in the European Union.

However, because Pokémon Go is a game that is played the world over, Europe included, the legal discourse is also applicable in European Union. Furthermore, many of the legal questions that were raised in the United States still warrant an answer in the European setup as regards augmented reality and in particular Pokémon Go which is enjoyed by a significant number of European players [3].

PRIVACY LAW AND AUGMENTED REALITY VIDEO GAMES

Privacy as a right is provided for under Article 8 of the European convention on human rights [4].It is noteworthy that the augmented reality video game Pokémon go has a provision for entering personal data under one of it privacy policies. Most augmented reality video games aim to bring people together to enjoy a unique way of freedom of expression as provided for under Article 10.  Social interaction between players makes the virtual world thrive and the social interactions involves personal data which is collected and stored by the platform. This data is a goldmine for advertising companies, and may also be used by governments or indeed other users who may harm other users [5, p.211].

THREATS TO PRIVACY IN AUGMENTED REALITY.

There are three different types of threats to privacy in virtual worlds which threats can easily be applicable to augmented reality video games like Pokémon Go. The threat is much more imminent to augmented reality video games that are location based for the obvious reason that the user can be easily located. The following are the three threats to privacy in augmented reality[ 6,p.218].

a. Threats to privacy by government

In certain instances, a government can collect information concerning the players in the game. The ease with which augmented reality can connect the virtual world and the real world presents significant privacy concerns. Article 8 of the ECHR has been said to be the most open ended Articlesand as such governments may be a threat to the privacy even in augmented reality. Governments may have legitimate interest to protect the right of other users by identifying a violating user but that does not still negative the fact that government till remains a threat [7, p.334].

It is not exactly to say that the government focuses solely on the gameplay elements of Pokémon Go but the revelations made by Snowden reveal that all electronic communications are monitored by governments. It may be the case that Pokémon Go online activities are also subject to government monitoring, certainly, the PRISM programme of the UK collects all online communications and it would be a safe bet to state that Pokémon Go communications are monitored too [8].

b. Threats to privacy by other users

Coincidentally, there are bound to be other users who may gather information from other players in order to harm them. There is without a sliver of doubt privacy concerns as regards other users and Zarsky writes that players may learn the identity of a person and their location and use that information to harass other players or to get advantage over that person. The danger to privacy by other users is twofold: the user may expose embarrassing information about what a player does online to the public or as mentioned earlier, may know the location of other players.

c. Threats to privacy by providers

The platforms running augmented reality games have a lot of information at their disposal, in fact much more information than they may realize. There is a legitimate privacy concern because of the collection and use of personal information within the game itself. Most virtual games including Pokémon Go insist on a user providing their accurate and correct information including financial information and in some cases health data [ 9 ]. The platform can collect information from the players and use it to enrich themselves by possibly selling the non-identifying data to interested third parties.

An example of this is the ability of the platform to monitor a user’s interaction during gameplay including, but not limited, to the times that the player is online, goods that they purchase online and last but not least, the location of the player for games such as Pokémon Go that rely on GPS. This information can potentially be accessed by third parties who may capitalize on it at the expense of the user. There is a provision on the Pokémon go privacy policy that allows third parties to access some data about a user as will be shown later on in this discourse.

PRIVACY POLICY OF POKÉMON GO

 It is important to review the privacy policy of the top augmented reality video game Pokémon before any further discussion of privacy law compliance of such games in the EU. This is in order to assess whether the privacy policy of Pokémon Go are actually compliant with European data and privacy law.

The privacy policy of Pokémon Go will be reviewed and their data policy analyzed before proceeding further. Only some select snippets of the Pokémon GO Privacy Policy will be reviewed and this is because the focus on the paper is on the privacy policy and only the relevant portions will be considered.

The privacy policy, like most privacy policies, states that information shall be collected to improve the quality of services that the user will be able to access. Noteworthy is the disclaimer that the user’s information may be accessed by third party sites who come across the information through third party services within the game. 

It is also stated that the privacy policy does not apply to the third parties even when they access the information through Pokémon Go service, I believe this is effectively a loophole that may allow the platform to acquire and use information indiscriminately by using a third party.

The other provisions relate to information collected from users’ cellphone, location and information related to use of service. Without argument, there is a lot of information collected by the platform and not all of it is adequately protected in my opinion. Of particular interest is section 3 which concerns sharing of information and particularly section 3(c) which is sharing of information with third parties. There is a rather ambiguous provision that non identifying information may be shared with third parties for research, demographic profiling and other similar purposes. 

Non-identifying information may also be called non personal information and will include information such as items purchased by the user, social interactions, amount of money in users’ account and also locations visited by the user. The statement ‘other similar purposes’ leaves the platform much room to maneuver and they may give the information to anyone so long as non-identifying information is given. A likely scenario is advertising companies who need only know the location/s of users and what the users’ purchase behaviour is.

Additionally under the Data Protection Directive [10] non identifying information is called anonymized data because all identifying elements have been removed and ideally, this data is no longer personal. Therefore, a controller or in this case, the Pokémon Go platform can theoretically sale such data to third parties without the need to inform data subject. The rational is that there is no rightful data subject with anonymized data [11].

CONCLUSION

It is the author’s opinion that non identifying data has the potential to interfere with privacy of users. Ordinarily, non-identifying data does not interfere with the privacy of the data subjects but Pokémon Go with its location aspect of augmented reality presents a unique challenge and problem that conventional privacy policies do not capture clearly. Here is a typical example: once non identifying data is accessed by third parties like advertising companies (either by sale or license) they receive information that may later intrude upon the privacy of the players. This non identifying data may give the advertising companies enough footing to advertise based on the location of the players and the recorded purchases in a given region. 

To clarify the above, consider this situation: Pokémon Go shares non identifying data with third party company A which is an advertising company according to their Privacy Policy under section 3 (c). Company A gathers that Finnish Pokémon Go players spend on lucky Eggs and Lure Modules, and of course, this does not have any identifying information present. It is possible to share such information since the said section allows for sharing of information for demographic profiling amongst others. This in itself is not privacy interference but the resulting targeted ads will surely interfere with the right to private life, consider the case of Magnetic Media Online [12] who gather information from third parties and deliver ads that may be based on profiling.

Personal data processing and privacy of data users always requires consent of the users before any kind of processing as set out in Directive 2002/58/EC [13] which also makes reference to location data in Article 2 where location data is defined as “…indicating the geographic position of the terminal equipment of a user..” Article 9 of the said Directive states that location data may only be processed when it has been anonymised or processed with the consent of the user. Ideally, the service provider must notify the user whenever they process that information and the information shared with third parties ought to be used for value added service. A cursory review of Pokémon Go privacy policy may show that information provided to third parties is not necessarily done for the benefit of the user and there is no requirement for consent before sharing such information. Consent is only required for business transaction when the company is acquired or merges with another.

BIBLIOGRAPHY

1. Čyras, V. & Lachmayer, F., "Technical Rules and Legal Rules in Online Virtual Worlds", European Journal of Law and Technology, Vol. 1, Issue 3, 2010.

2. Novika Ishar (February,2017) The legal Challenges of Augmented Reality: Part 1: The Basics, availablе at  http://www.mondaq.com/article.asp?articleid=566790&email_access=on&chk=2104680&q=1537890.

3. Source Information on Pokémon Go players in the EU statistic available from https://www.statista.com/statistics/604551/pokemon-go-daily-active-users-in-europe/ (accessed 9th March, 2017).

4. Council of Europe, Convention for the Protection of Human Rights and Fundamental Freedoms (European Convention on Human Rights, as Amended) (ECHR), 1950.

5. Duranske B.T (2008) Virtual Law: Navigating the Virtual Landscape of Virtual Worlds, ABA Publications. Chicago at page 211.

6. Tal Zarsky Zasky (2006) Privacy and Data Collection in Virtual Worlds, State of Play Law, Game and Virtual Worlds. Beth Simone Noveck Ed. NYU Press pages 217-223.

7. Jacobs, White and Ovey (2014) European Convention on Human Rights. 6th Edition, Rainey B, Wicks E, Ovey C. Oxford University Press, Oxford at page 334.

8. Consider the Big Brother Watch and Others v. the United Kingdom (communicated case) - 58170/13 (case shows how governments track online communications).

9. Section 2a(iv) of Pokémon Go available at https://www.nianticlabs.com/privacy/pokemongo/en.

10. Article 6 (1) (e) Directive 95/46/EC.

11. Handbook on European Data Protection Law (2014) European Union Agency for Fundamental Rights, at page 44.

12. Available at http://info.magnetic.com/Website_PPC_Behavioral Targetinghtml?utm_source=google&utm_medium=cpc&utm_campaign=behavior&utm _adgroup=behavior&gclid=CKWjq_PLqNICFcG7GwodIVUJ0A accessed on 20th February, 2016.

13. Concerning Processing of personal Data and Protection of Privacy in the Electronic Communications Sector (Directive on Privacy and Electronic Communication).



Creative Commons Attribution Ця робота ліцензується відповідно до Creative Commons Attribution 4.0 International License
допомога Знайшли помилку? Виділіть помилковий текст мишкою і натисніть Ctrl + Enter
Конференції

Конференції 2024

Конференції 2023

Конференції 2022

Конференції 2021

Конференції 2020

Конференції 2019

Конференції 2018

Конференції 2017

Конференції 2016

Конференції 2015

Конференції 2014

:: LEX-LINE :: Юридична лінія

Міжнародна інтернет-конференція з економіки, інформаційних систем і технологій, психології та педагогіки

Наукові конференції

Економіко-правові дискусії. Спільнота