Senator Franken is freaked out by Pokémon Go's privacy practices

Less than a week into its existence, the very popular augmented reality game Pokémon Go has caught the attention of authorities. Police departments have issued warnings asking people to please stay aware of their surroundings, not to walk into traffic while trying to catch a cartoon character on their screen, and avoid dangerous situations where they might be robbed. They want Pokémon Go trainers to stay safe. Meanwhile, in Washington, D.C., Senator Al Franken is worried about the safety of Pokémon Go players’ data.

“Pokémon GO—in less than a week’s time—has been downloaded approximately 7.5 million times in the United States alone,” said  Sen. Franken (D-Minn) in a statement. “While this release is undoubtedly impressive, I am concerned about the extent to which Niantic [the game developer] may be unnecessarily collecting, using, and sharing a wide range of users’ personal information without their appropriate consent.”

Franken’s concerns were spurred in part by an alarmist Tumblr post that said signing up for the game with one’s Google account meant granting permissions to Pokémon Go developer Niantic that would allow it to read and send email as the player, access their private photos, see their location history, and access their Google docs. The company immediately realized its error and said it would ask for permission to less data.

“Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected,” said the company in a statement to Polygon.

This isn’t the real privacy problem with the game though. The most troubling privacy issues around Pokémon Go so far have manifested for people who aren’t even players, such as Boon Sheridan whose house became a virtual destination of interest in the game, leading players to show up at all hours outside. Some players have admitted to trespassing in the real world to access important destinations in the virtual one.

But that’s not Franken’s concern. His worry is about the data the company is collecting from players’ phones, given its access to their smartphone location, controls, and camera (which is how the company creates its virtual overlay on the real world). Franken sent a letter to Niantic CEO John Hanke, asking him to answer seven questions about its privacy practices by August 12.

Franken asks whether Pokémon Go is collecting any information not necessary for the game, whether it would let players opt out of some of the data collection, what third parties Pokémon Go is sharing players’ data with (including investors), and how it’s protecting the data of children who we assume are playing the game along with the 20-somethings who grew up obsessed with Pokémon.

Franken also asked Niantic to confirm that it “never collected or stored any information it gained access to as a result of [the] mistake” of asking for over-broad Google account permissions.

It remains to be seen if players will still be as obsessed with the game a month from now, when those answers are delivered.