January 19, 2017

Pokémon Go and The Law: Privacy, Intellectual Property, and Other Legal Concerns

Pokémon Go made 22-year-old Kyrie Tompkins fall and twist her ankle. “[The game]  vibrated to let me know there was something nearby and I looked up and just fell in a hole,” she told local news outlet WHEC 10.

So far, no one has sued Niantic or The Pokémon Company for injuries suffered while playing Pokémon Go. But it’s only a matter of time before the first big Pokémon Go related injury, whether that comes in the form of a pedestrian drowning while catching a Magikarp (the most embarrassing possible injury) or a car accident caused by a distracted driver playing the game.

Before the first lawsuits arrive, here’s a brief analysis of some of the legal issues involved with the new hit mobile game.

LIABILITY FOR INJURIES

A few minor injuries have already happened to Pokémon Go players.  If a serious accident does occur, injured players can look to legal precedent from Snapchat-related car crashes.

The Snapchat claimants sued on a theory of product liability, essentially stating that Snapchat created a product that had inherent risks of foreseeable harm to consumers and/or released a product without sufficient warnings against potential harms. Similarly, Pokémon Go players could argue that it’s predictable that players would stare at their phones while walking distractedly, ignoring natural hazards and oncoming cars.

However, many of the Snapchat lawsuits center on Snapchat’s speed filter encouraging drivers to Snap while driving. No such filter exists for Pokémon Go. In fact, the game is not playable if the player is moving above a certain speed.

Furthermore, Pokémon Go has a number of warnings and safeguards against playing while driving or walking at dangerous speeds. A full-screen warning is displayed during loading that warns users against distracted playing. The game’s Terms of Service also includes disclaimers against liability and a warning about Safe Play: “During game play, please be aware of your surroundings and play safely.”

PRIVACY

Let’s start with the good:

Niantic has properly covered the basic privacy law requirements. The app includes clearly visible links to their privacy policy, which is also written clearly and (relatively) understandably. The privacy policy includes the necessary information, for both U.S. and E.U. users. Niantic has taken the necessary steps to protect children’s privacy as well.

And now for the possibly less-good:

Early on, players noticed a concerning privacy setting that effectively allowed Niantic access and control over players’ Google accounts. Niantic quickly fixed this problem and removed the access controls in an update. It’s likely that this level of Google account control was a holdover from the days when Niantic was still under the Google umbrella. I would chalk this up as a wash for Niantic, as the privacy concern was resolved fairly quickly.

Now, the real concern here is that the app takes in a lot of information. A lot of information. Some of it is personally identifiable information (like your name and email address). Some of it is user-submitted, like names you give to the forty Rattattas you catch in one day, because even the Pokémon in Manhattan are mostly rats and pigeons. Pokemon Go collects so much information that Senator Al Franken was inspired to publish a letter to Niantic demanding more clarity on the game’s privacy protections.

The most concerning privacy issue with this app is the constant tracking of location data. Some of these concerns were already noted, to less fanfare, with the release of Ingress, the precursor to Pokémon Go. By agreeing to the Pokémon Go privacy policy, you explicitly agree to allow Niantic to track your location any time you use the app. Most players leave the app open at all times, waiting for that sweet, sweet buzz of a new wild Pokémon appearing. This means that, effectively, you give permission for Niantic to track your movements all day, every day, wherever you go.

Niantic also does not provide much information on how your data can be shared. The privacy policy allows Niantic to “share aggregated information and non-identifying information with third parties for research and analysis, demographic profiling, and other similar purposes.” This means data on your daily commute can be sold to marketing companies to better market to you, the consumer. Niantic promises not to share any of this data without aggregating the data (grouping it together with others’ data) and stripping it of identifying information (your name, email, etc.). [Read more…]

Google Fights Genericide Claim (and Wins)

Google’s famous trademark in its name has just survived a challenger’s attempt to have it declared generic. In Elliott v. Google, a federal court in Arizona held last week that despite the public’s use of the word “googling” to mean “searching on the Internet,” the “Google” word mark still functions in the minds of consumers primarily to identify Google, the Mountain View-based Internet company, as the source of the search service associated with the “Google” mark. The plaintiff in the case argued that the public’s use of a trademark as a verb necessarily signifies that the mark has become generic. The court disagreed:

Verb use of a trademark is not fundamentally incapable of identifying a producer or denoting source. A mark can be used as a verb in a discriminate sense so as to refer to an activity with a particular product or service, e.g., “I will PHOTOSHOP the image” could mean the act of manipulating an image by using the trademarked Photoshop graphics editing software developed and sold by Adobe Systems. This discriminate mark-as-verb usage clearly performs the statutory source-denoting function of a trademark.

The court went on to explain that a problem arises for a mark owner only if mark-as-verb usage is indiscriminate, and the mark becomes referentially unmoored in the public’s mind from the mark owner’s product or service.

[Read more…]

FOIA: When the Exemptions Swallow the Rule

I’ve been researching and writing over the last few years on privately ordered—what the government calls “non-regulatory”—approaches to online IP enforcement. The gist of this approach is that members of trade groups representing different types of online intermediaries (broadband providers, payment processors, ad networks, online pharmacies) agree in private contracts or less formal “voluntary best practices” documents to sanction or cut services to alleged IP infringers. I put quotes around “non-regulatory” not only because that’s the government’s word, but because the descriptor masks the fact that the government, at the behest of corporate rights owners, leans heavily on targeted intermediaries to negotiate and accept these agreements, all the while holding the threat of regulation over their heads. It has proven to be a very effective strategy. Many of the website blocking provisions in SOPA, which so memorably went down in flames of public outrage, have subsequently been implemented through these agreements, which belong to a broad category of regulatory practices that governance scholars call soft law.
[Read more…]