Just in case you have been living under a rock for the last month or so, Pokémon Go has become the latest mobile phone gaming craze. It is based on the Nintendo game Pokémon, in which you travel around a mythical land capturing, training, and then fighting these creatures called “Pokémon” (pocket monsters) with other Pokémon hunters.
What is interesting about this particular game is the interactive nature and the fact that it is based in the real world. For a technical viewpoint, read my fellow analyst’s post on the subject here. The fact that it actually gets the kids out of their darkened rooms and into the wild outdoors, gaining valuable vitamin D for their sun-starved teenage skin, is a bonus.
Pokémon Go is one of the first real applications of an IoT overlay. “What?” I hear you say. But think about it: this application taps into GPS and mobile device technology to provide an interactive game that has had some serious implications for personal privacy. Even beyond the data that is being gathered by Niantic on game-user metrics, to me one of the biggest issues is the infringement on the personal privacy of people who do not use the game. The virtual Pokémon world that Niantic has created is overlaid on the real world. The virtual world’s Gymnasiums, PokéStops, lures, and Pokémon are hidden among virtual grasses laid over real-life surburbia, factories, museums, and in one case, a Bosnian minefield from the wars in the Balkans. However, nobody has asked permission to place these, and apparently Pokémon spawning locations are completely random.
This has led to a number of issues around the globe for the game and its maker, Niantic. Among other incidents, a man in Vancouver has posted a sign telling people to stay away, a small suburban park in Sydney, Australia, has been swamped by Pokémon players, to the horror of residents, and more worryingly, 911 calls have been made, causing issues for police stations and fire departments.
This is a major privacy issue. It has even led to a lawsuit by a New Jersey resident against Niantic and Nintendo in the California federal court. At the time of this writing, neither Nintendo nor Niantic had commented about case specifics, although Niantic did note that its terms and conditions of use require that the player “not trespass, or in any manner gain or attempt to gain access to any property or location where you do not have the right or permission to be.”
Does this relieve Niantic of its obligations, if any, regarding the citizens whose privacy has been breached due to its game?
First, a little history about Niantic. This company first rose to prominence with the release of the Ingress game. Ingress used GPS positioning to create a virtual world where two teams “fought” for dominance over territory. It tended to be played by more technically adept people and did not have the cachet of Pokémon.
The Pokémon Go game has been overlaid on the original Ingress virtual world. The original Ingress Waypoints, which tended to be landmarks such as local churches and community halls, have been turned into Gymnasiums and PokéStops. We suspect that due to the more limited success of Ingress, people did not notice the odd player staring into their mobile device in an attempt to change a Waypoint’s color from Blue to Green. However, due to the popularity of Pokémon Go, the number of players at these locations has ballooned. This has obviously increased visibility and raised a lot of questions.
- Who gave permission for a property to be included in the virtual world?
- Does the presence of the property in the virtual world give the players of the game a perceived right of access in order to participate in the game?
- Finally, do the owners of the trespassed property have a right to privacy and a right to claim trespass? If so, against who: the players, or the company?
We will attempt to answer each of these important questions in turn, starting with “Who gave permission for a property to be included in the Niantic virtual world?” At its simplest, the answer is that the only entity that may grant access to a property is the registered owner of the property. Therefore, legally, permission should be obtained in order to place something on a property, and Niantic did not obtain permission. However, nothing has been placed there physically: it is just a virtual placement, so no ingress to the property was required to place the object. Legally, the company has not committed a trespass. Further, the location of a Pokémon spawn is based on a purely random algorithm, and the placing of the spawn does not require physical access. Therefore, there is no trespass.
To play the game, there is usually no requirement to physically enter a property that holds a Pokémon Go Gym, Lure, or PokéStop, as users can be within twenty-five meters (twenty-seven yards, four inches, for those of you who have not modernized your measurement standards) of the object to activate the game process. But does Niantic need permission to place an object? Not really, as it is not actually placing anything physical. However, Niantic has been active in removing objects from sensitive areas. It has removed the capability to add additional Gyms, or PokéStops, which does indicate a sensitivity to the privacy and nuisance issues that have been arising since the introduction of the game.
Do the players of the game have a perceived right of access due to there being a PokéStop, Gym, or Pokémon in a particular location? Again, the simple answer is “no.” Under all legal jurisdictions, only the registered owner has the right to grant access to private property. The legislation gets a little grayer when you are talking about government-owned property or property where access is granted for a given purpose: e.g., a sport center, museum, or religious building. Here, access is granted for carrying out the purpose of the building: to play or watch sports, enjoy exhibitions, or observe religious practices. Access is not granted to carry out other unrelated tasks. Therefore, again, there is no right of access to play Pokémon Go.
The final question is the most important: Do those who have had their privacy invaded have any recourse against Niantic or even Nintendo? This is the crux of the case laid out by the New Jersey resident. The case is interesting and potentially complicated: on the face of it, Niantic has no liability for any act of trespass or nuisance. In fact, Niantic attempts to deflect this liability in one of its clauses in its terms and conditions of use. The clause states that a player may not
“…trespass, or in any manner gain or attempt to gain access to any property or location where you do not have the right or permission to be.”
However, under the doctrine of vicarious liability (criminal law) or negligence (common law), there may be the ability to apportion damages against them. There is next to no chance of Niantic being held vicariously liable, as the prosecution would have to find the defendants criminally liable, and that is a massive legal hurdle to jump. As a legal friend once said to me, the difference between the “balance of probabilities” and “beyond a reasonable doubt” is a large as the difference between walking to your corner shop and traveling to the moon. Is it beyond the balance of probabilities that Niantic should have known about the possibility of privacy issues? Arguably yes, and there is evidence that it was very aware of this, due to the clause in its terms and conditions of use. However, those who are playing the game will also be aware of the rights of property owners regarding privacy and trespass. It will be hard to prove, as there is little to no case law to support either side. We are not lawyers here at TVP Strategy, but it suffices to say that this case could have massive legal implications on the Internet of Things over the coming years.