Digital Mapping – The Future is Pokémon Go!
© Ice Miller LLP
Subscriber Benefit
As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe NowDigital mapping is the process by which software receives a collection of data and formats it into a virtual image to produce sophisticated digital maps. Commonly, our initial thought of digital mapping may include aerial photographs being processed to create a detailed map of a city, but digital mapping is quickly evolving, which is prompting data privacy concerns. New technology initiatives are focusing on augmented reality (“AR”) maps that will take over the next generation of digital mapping. To clarify, although AR and virtual reality (“VR”) are frequently discussed in the same conversation, there is a key difference. VR is like stepping into a completely different environment, such as putting on VR goggles and transporting into outer space. You block out the physical world and completely immerse yourself in a virtual environment. In contrast, with AR all of your senses remain in your current state of presence, but features are added to your environment. For example, the Pokémon Go game adds Pokémon characters to a live view through your smartphone camera.
However, as we saw in 2012 when Google and Apple were competing in a 3D mapping race—with mass data collection comes privacy concerns.[1] When Google and Apple revealed their new 3D mapping services, concerns for privacy intensified.[2] The tech giants were employing sophisticated camera-equipped airplanes to fly over metropolitan areas and capture photographs used to build 3D computer-generated maps of buildings and cityscapes, but that type of aerial surveillance ignited invasion of privacy concerns, since the cameras were allegedly capable of capturing personally identifiable details in the images.[3]
In addition to invasion of privacy concerns, AR maps could also foster apprehension relating to mass data collection, retention, and sharing. Like the camera-equipped airplanes, AR mapping may not only capture personally identifiable details, but may also lead to data collectors retaining the information indefinitely or transferring the data to third-party companies that will benefit from AR mapping data.
In 2016, Pokémon Go was a global phenomenon with over 800 million downloads.[4] The basic objective of the game is to capture, train, and fight Pokémon characters. But rather than sitting inside on a game console, the GPS-enabled game takes gamers outside to walk around and find Pokémon.[5] Once a gamer approaches a Pokémon, the smartphone’s camera is activated, and the gamers can see game mechanics and graphics layered on top of their real surroundings.[6] Recently, the CEO of Niantic (the creator of Pokémon Go) announced the company’s new initiative to generate an AR map of the world by leveraging Pokémon Go gamers (and future Harry Potter: Wizards Unite gamers).[7] By collecting the gamers’ camera views, coupled with software that identifies contours, objects, and other details of the environment, an AR map would be generated.[8] For gamers, this AR map would allow nearby gamers to play in the same environment.[9] Essentially, gamers will be able to add new virtual structures and share them with nearby gamers.[10]
Due to the high volume of gamers and their reliance on smartphone cameras, Pokémon Go is at the forefront of AR mapping. Niantic has announced that AR mapping will begin in public places such as parks and plazas, and the data will be shared with many third-party developers.[11]
This is where many data protection and privacy implications are triggered for businesses, because such data collection, retention, and sharing of personally identifiable information (“PII”) may require compliance with data protection and privacy regulations.
First, Pokémon Go’s Privacy Policy informs gamers of the data that is collected from users’ accounts and devices. Among the types of data collected is PII, Apple Watch Health App Data, and gamers’ location.[12] Given its global reach and the type of data collected, it is likely Pokémon Go does or will comply with domestic and international data protection and privacy regulations, such as the European Union (EU) General Data Protection Regulation (GDPR). Data protection and privacy regulations will most likely require third-parties who obtain the AR mapping data to be in compliance too. Third-party companies may include businesses incorporating the location technology into search and marketing strategies[13] or businesses utilizing the AR mapping data to accommodate technology that requires machine-readable maps, such as autonomous cars.[14]
Second, AR mapping requires precise device location data. Currently, Pokémon Go uses a combination of mobile/cell tower triangulation, GPS, and Wi-Fi points that gamers access to pinpoint gamers’ location.[15]Companies using Wi-Fi points to gain more precise location data should be especially careful to ensure there is no collection of payload data (the personal data transmitted over Wi-Fi), because that could lead to a violation of the Wiretap Act. See Joffe v. Google, Inc., 746 F.3d 920 (9th Cir. 2013) (Google Street View cars were intercepting unencrypted Wi-Fi Signals to enhance the precision of location data, but inadvertently collected payload data including personal emails, usernames, and passwords). Violations of the Wiretap Act could lead to criminal liability of fines or imprisonment up to five years, or both. 18 U.S.C. § 2511(4)(a) (2018).
The future of digital mapping is not only altering the reality that surrounds us; it may become a driving force behind immediate and long-term privacy implications. If your company collects and processes data similar to AR mapping data or obtains and uses such data from a data controller, such as Niantic, you may need to be in compliance with data protection and privacy laws.
Summer clerk Tiffany Kim was the lead author for this article. For guidance on data protection and privacy compliance, please contact Nick Merker, Stephen Reynolds or Martha Kohlstrand. Nick Merker, a former computer systems, network and security engineer, is a partner and co-chair of Ice Miller’s Data Security and Privacy Practice. Stephen Reynolds, a former computer programmer and IT analyst, is a partner in Ice Miller’s Litigation Group and co-chair of Ice Miller’s Data Security and Privacy Practice. Martha Kohlstrand is an associate in Ice Miller’s Litigation Group and focuses much of her work on data protection and privacy issues.
This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader should consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances.
[1] Reuters, Google, Apple 3D Mapping Raises Privacy Concerns, BusinessTech (June 20, 2012), https://businesstech.co.za/news/internet/15937/google-apple-3d-mapping-raises-privacy-concerns/.
[2] See id.
[3] See id.
[4] Paresh Dave, Pokémon Go Maker Niantic Plans to Build AR Maps with Users’ Help, Reuters (May 9, 2018, 10:06 AM), https://www.reuters.com/article/us-niantic-maps/pokemon-go-maker-niantic-plans-to-build-ar-maps-with-users-help-idUSKBN1IA28S.
[5] Dave Thier, What Is ‘Pokémon GO,’ and Why Is Everybody Talking About It?, Forbes (July 11, 2016, 11:44 AM), https://www.forbes.com/sites/davidthier/2016/07/11/facebook-twitter-social-what-is-pokemon-go-and-why-is-everybody-talking-about-it/#2e43de171758.
[6] See id.
[7] See Dave, supra note 6.
[8] See id.
[9] See id.
[10] See id.
[11] Id.
[12]See Niantic Privacy Policy, https://www.nianticlabs.com/privacy/en/ (last visited May 30, 2018).
[13] David Kaplan, Digital Maps Have Supported $1 Trillion In Business—Here’s How, GeoMarketing (Oct. 9, 2017, 2:20 PM), http://www.geomarketing.com/digital-maps-have-supported-trillion-in-business-heres-how.
[14] Location, Location, Location, The Economist (July 16, 2015), https://www.economist.com/business/2015/07/16/location-location-location.
[15] See Niantic Privacy Policy, supra note 14.