“Pokémon Go” and Legal Implications in Brazil

News item | 07-12-2016

The launching of new games always causes excitement, but the level of access to personal and sensitive data may bring risks. Do players know this?

Written by: Renato Opice Blum, Bruno, Abrusio e Vainzof Advogados Associados

Gone is the time when social isolation was the main villain for the online game critics. Nowadays, online games incorporated physical elements, with players interacting with other people in different environments, with very real dangers.

This is exactly the case of the polemic and commented game Pokémon GO. Counting on numberless players of several countries, the game has been causing enthusiasm by allowing players, through data geolocation and users’ smartphone cameras, to hunt little monster on city streets in heightened reality environments.

The idea of going around to catch game creatures (the so-called ‘pokémon’) in public environments may even be interesting to get people out of their houses. However, the frequency of accounts of  absurd situations arising from playing the game is startling. Since the reporting of cases of trickery, falling into precipice, robberies and so on, addiction to this game has effectively generated consequences that go way beyond virtual manipulation of bits and bytes. In fact, the legal implications have already begun to be noticed:

1. Level of Access to User Information

As it usually happens with all services of this nature, in order to access Pokémon GO the interested party must provide data and authorize the game’s holding company. In this game’s case, the degree of access to information is enormous, based on the description of the policies appearing on the company’s official website. According to the company’s Terms of Use, in addition to personal data, information based on localization and photographs are shared with the company, and players agree to the use of cookies, web beacons, and push notifications, among others. Everything is stored in the United States and, depending on the case, it can be shared with unintended parties on the part of the user. Other kinds of information, such as age, date of birth, gender, nationality, hobbies, and preferences may be collected and associated with the player’s personal data.

As it can be seen, in possession of all this information, Pokémon GO will know more about some young people than their own parents will. It remains to be found out if it is with absolute awareness that people are providing all these authorizations, since the reading of the terms and conditions is not a very familiar habit to the majority of web users. Therefore, the question is: would it not be too risky, only for entertainment purposes, to combine and share with a single service supplier so much personal information?

2. Data Technical Safety

On its website, the gaming company informs of the caution and technical certifications applicable to the safety of client data, which seem satisfactory. Nevertheless, considering that it is impossible to ensure with 100% certainty that hackers will never have access to the system, what can happen if all this identifiable data “leaks”? The problem here is that the level and detail of personal data are high (e.g., physical routes, preferred places, hobbies) and, if used for illegal purposes, they can compromise even the players’ physical safety.

3. Adventures through the City

Although people have a relative knowledge about the differences between public and private places, to players it is always good to remember: environments with access to the public are not necessarily synonyms of public spaces. That is: many open places of access to the public (e.g., churches, malls, commercial establishments) are private and follow access rules determined by the proprietors, which may restrict players’ access and use. Additionally, religious temples, for instance, usually enjoy special legal protection and cannot have any inconvenience caused by eventual people in search of their virtual monsters. Some places have also restriction rules for cameras or cell phones for the preservation of author and image rights (e.g., cinemas, theaters) and, therefore, the practice of this game in these environments may bring problems to the most insistent gamers.

4. Possibility of Damage Liability

In Brazil, the Civil Rights Framework for the Internet and the Consumer Defense Code decisively establish [1] the service provider’s obligation to provide technical safety and data privacy for its clients. Equally, in the other countries where Pokémon Go was launched certainly there are similar protection rules. Therefore, more than a voluntary measure, it is up to the holding company of Pokémon GO the duty to safeguard the inviolability of the ocean of data collected from its users. Damages arising from these services may evidently be the objects of legal liability, implicating the taking of applicable legal measures.

Finally, it cannot be denied that while the gaming world in general, serves as entertainment , it must be lived/carried out with responsibility and under the legal limits. Furthermore, besides the necessary reflection on the reasonable risks that each one is prepared to assume on the leisure activities, it is important to emphasise that the new games may put people on the streets and in motion, but good sense can never be forgotten at home.

This article first appeared in the second issue of the Global Cyber Expertise Magazine – November 2016.