Privacy Beware: Pokémon GO

01 August 2016

The success of Pokémon GO marks a significant milestone in the growing use of augmented reality and its implications for privacy. As the Pokémon GO craze currently sweeping the planet shows, our insatiable appetite to catch the next new piece of smartphone software (or in this case a Pokémon) continues to trump any consideration for the implications this might have on our privacy.

While augmented reality has long been used for military, industrial and medical applications, its huge potential for commercial and entertainment applications is only now being realised. Apple CEO Tim Cook recently stated, “We are high on augmented reality for the long run, we think there’s great things for customers and a great commercial opportunity.” But while companies rush to take advantage of these opportunities, recent events demonstrate that the privacy implications of this technology have been left as an afterthought.

Pokémon GO challenges participants to find and catch Pokémon characters in their real world surroundings. As they move around, their phones will vibrate to let them know they are near a Pokémon. Once encountered, participants take aim on their smartphone touch screen and throw a Poké Ball to catch it. All very exciting and cutting edge, but very straightforward in how it works. In short, the Pokémon GO application uses the participants’ smartphone camera and gyroscope to display an image of a Pokémon as though it existed as a live entity in the real world.

While it’s true to say that as a society we’ve become accustomed to public spaces being filled with groups of people taking videos on their smartphones, what we are not used to is large crowds gathering outside our homes. 

Residents of the Sydney suburb of Rhodes were recently faced with large numbers of Pokémon GO participants gathering in their area. Players were looking to maximize their progress in the game due to the appearance of a number of PokeStops, the game’s landmark-based locations that provide limited edition items and special bonus points. With thousands of players descending on their neighbourhood, residents resorted to throwing water bombs at the visiting crowds out of frustration.

In another incident in Massachusetts a family living in an old church were surprised to find that their house had been marked as a Pokémon Gym; where participants get to train their fictional creatures. As a result, the family found their front garden inundated with Pokémon GO participants, all day and all night.

Another key aspect of the game is its ability to constantly record the participants’ location so as to alert them to any nearby Pokémon. As one participant in New York discovered, this can cause problems, especially when you decide to play the game at an ex-girlfriend’s house and your new girlfriend accuses you of cheating courtesy of your Pokémon GO digital footprint. Furthermore, this digital record of our whereabouts provides a new goldmine of information for marketeers. Detailed knowledge of our movements is simply an extra tool in the marketing armoury, allowing targeted messages to be sent to consumers depending on their location. 

Inevitably, it is only a matter of time until such a collection of personal data will fall into the cross-hairs of the hackers. Niantic, the software development company behind Pokémon GO, states in its privacy policy that it takes the appropriate administrative, physical, and electronic measures designed to protect the information that it collects. It cannot, however, guarantee absolute security.

So Pokémon GO participants; beware. You may discover that there is more than just a Pokémon waiting for you.  

Receive our monthly newsletter

About the Author

Nick Brough


Originally a criminal defence solicitor, Nick’s skills are invaluable in the sensitive and unpredictable situations where clients face reputational and privacy threats.

+1 646 934 6219
Our 24 hour number
+1 646 934 6219
Legal information

© 2020 Schillings International LLP. SCHILLINGS is a trading name of Schillings International LLP and Schillings International (USA) LLP.

Schillings International LLP is a limited liability partnership registered in England and Wales with registration number OC398731. A list of members of Schillings International LLP is available for inspection at our registered office 12 Arthur Street, London, EC4R 9AB. Schillings International LLP is an Alternative Business Structure regulated and authorised by the Solicitors Regulation Authority.

Schillings International (USA) LLP is a registered limited liability partnership organised and existing under the laws of the State of Delaware, United States of America, whose principal place of business is at One World Trade Center, Suite 8500, New York, NY 10007. Our New York based attorneys are registered as a foreign legal consultant in the State of New York.