Franken (who sits on the Privacy and Technology Subcommittee and has kind of made tech issues his thing) wanted to know about how Niantic Labs used all the data it collects from a person’s phone, and what some of the access permissions are for.
Shortly after its release, Pokemon Go became the most popular mobile game in the U.S. ever, with 21 million daily users, SurveyMonkey said in July. Worldwide it peaked at nearly 45 million – though Bloomberg recently noted it’s tailed off to about 30 million.
“I appreciate Niantic’s response, but I intend to work further with the company in the future to ensure that we’re doing everything possible to protect the privacy of Americans – particularly American children – who play Pokemon GO,” the DFL senator said in a statement.
Niantic, in laying out its reasons for collecting the data in the letter, basically says all of its requests are necessary, and that it keeps personal information private.
So a big one is location, since it’s a GPS-based augmented reality game, which Niantic explains – you can’t play if the phone can’t tell where you are. The app also collects phone information for debugging, or finding cheaters (some of which they’ve been permanently banning).
So when is the app collecting data? Only when it’s open and running, Niantic says in its letter, adding: “there is no background collection of data.”
The letter was written by Niantic Labs’ General Counsel Courtney Greene Power. Read the full letter here.
Is it sharing the data?
This was a big question Franken had as well – how does all this personal information get shared with other companies or groups? (Pictured above is a list of permissions on Android, as of Sept. 1.)
Niantic says it doesn’t, outside of broad aggregate data – so think demographic trends, not individuals’ account information.
Niantic does use third-party companies for services like gathering or interpreting data for its own usage, things like marketing or demographic analysis, the letter says. Those companies are required to keep that info private and secure.
In addition, data from players under the age of 13 isn’t shared.
Niantic also says it “does not and has no plans to sell Pokemon GO user data … to any third party,” and it does not share user data with investors. Though Niantic also notes the aggregate data again might get used for things like sponsor deals.
The developer also took some heat right after the Pokemon GO launch for asking for a ridiculous amount of access to Google accounts for iPhone users – but they quickly called it a mistake and rolled back the requests, and in the letter say they never “sought, accessed, [or] received” any other data than a Google ID and email.