Pokémon GO Leads to Irish Location Data Guidance

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By George R. Lynch

Aug. 9 — In light of the recent release across Ireland of the popular mobile application Pokémon GO, the Irish Data Protection Commissioner released Aug. 9 location data guidance for individuals and organizations.

Location data has been a safety concern for consumers because mobile apps collect an individual's current or past location and display it to other users. Although Pokémon GO is used by people of all ages, the app's popularity with children in particular has already raised privacy concerns among consumer advocates and parents.

Pokémon GO works by using the global positioning system and camera on mobile devices and allows players to catch Pokémon that appear through an augmented reality on a device's screen. Privacy professionals have criticized the game for excessive collection of personal data through its geolocation tracking that makes it easy to know where individuals may be at any given time (15 PVLR 1560, 8/1/16)

Apps, WiFi Collect Personal Data

The Irish Data Protection Commissioner's guidance defined location data and warns individuals to be aware of certain apps and public WiFi networks that may collect personal data. Additionally, the guidance encouraged consumers to know their rights in regards to how location data may be lawfully collected and processed. It also provided an overview of when organizations may collect data, what data they may collect and how individuals may access that information.

The guidance for organizations reiterated to data controllers that location data constitutes personal data and is covered by Irish Data Protection Acts of 1988 and 2003. The Irish data protection agency also warned organizations that location data may be sensitive personal data.

The DPA said that data controllers “have a responsibility to minimise the amount of data collected, processed and retained because of risks posed by linked location data.” Informed consent is the most appropriate basis for processing personal location data, the DPA said.

“As the rate of technological innovation continues apace, more and more location data is being collected and transmitted and individuals should be vigilant of how this information is collected, processed and re-used,” the DPA said.

To contact the reporter on this story: George R. Lynch in Washington at glynch@bna.com

To contact the editors responsible for this story: Donald G. Aplin at daplin@bna.com ; Daniel R. Stoller at dstoller@bna.com

For More Information

An overview of the Aug. 9 guidance on location data is available at http://src.bna.com/hzR.

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.