The use of geolocation data in AI development is rapidly evolving, with its applications expanding across various industries. In this advisory, members of Varnum’s Data Privacy and Cybersecurity team examine a key AI use case: Niantic’s “Pokémon Go”. This case highlights critical considerations that businesses must address as they leverage vast amounts of data for new applications. These considerations include the protection of children’s data and the compliance requirements necessary to safeguard sensitive information.

What is “Pokémon Go”?

“Pokémon Go”, launched in 2016 by Niantic, is an augmented reality (AR) mobile game that overlays digital creatures on real-world locations. Players interact with the game by traveling to specific geolocated spots to capture virtual Pokémon, participate in battles and explore their surroundings. With over one billion downloads globally, “Pokémon Go” has gathered vast amounts of geolocation data as users traverse real-world environments.

What Did Niantic Do with This Data?

Recently, Niantic revealed that it has been leveraging data collected from “Pokémon Go” to develop a large-scale geospatial AI model. This model uses anonymized and aggregated location data to better understand geographic patterns and improve AR experiences. According to Niantic, the model not only aids in enhancing its existing products but also paves the way for broader applications in geospatial intelligence, urban planning and beyond. Niantic’s efforts underscore the value of real-world data in building sophisticated AI systems, potentially revolutionizing industries ranging from gaming to infrastructure.

Why Is This Valuable for Companies?

The integration of real-world geolocation data into AI systems offers significant advantages:

1. Enhanced AI Models: Access to extensive geospatial data allows companies to train AI systems that better understand spatial relationships and human movement patterns.
2. Improved Customer Experiences: Applications powered by such AI models can offer personalized and context-aware services, leading to increased user engagement and satisfaction.
3. New Revenue Streams: Companies can monetize insights derived from location data across industries such as retail, real estate and logistics.

Special Considerations for Children’s Data

The ability to use data collected from a globally popular app highlights the potential for gaming companies and other businesses to pivot into data-driven AI innovation. However, leveraging such data raises critical privacy considerations. For example, when leveraging a mobile gaming application, companies should be cognizant of the fact that the game may be largely used by younger audiences, increasing the likelihood that the company will be collecting children’s data and be subject to regulations such as the Children’s Online Privacy Protection Act (COPPA). As such, companies must address several key issues to ensure compliance with privacy regulations and maintain public trust:

1. Transparency: Companies should clearly disclose how geolocation data is collected, processed and used. For example, concise and accessible privacy policies tailored to both parents and children can help end users better understand how the company is leveraging the data collected through the use of the app and foster better understanding and trust.
2. Consent: In many cases, companies should obtain explicit parental consent before collecting or processing data from children. This step is crucial to comply with regulations in the United States and similar laws globally. For example, COPPA not only mandates that a company obtain verifiable parental consent before collecting personal information from minors, but also requires that the parent is given the opportunity to prohibit the company from disclosing that information to third parties (unless disclosure is integral to the site or service, in which case, this must be made clear to parents).
3. Opt-Out Mechanisms: Companies should give parents the opportunity to prevent further use or online collection of a child’s personal information. Providing users, especially parents, with the ability to opt out of data collection or usage for AI development ensures greater control over personal information.
4. Protections and Guardrails: Companies should implement safeguards to prevent misuse or unauthorized access to children’s data. This includes anonymizing datasets, restricting data sharing and adhering to data minimization principles. Companies should also have mechanisms in place to allow parents access to their child’s personal information to review and/or have the information deleted.

As companies increasingly leverage tracking technologies, such as geolocation data or online behavior, to enhance their AI models, it is imperative to address privacy concerns proactively. Sensitive data, particularly information related to children, must be handled with care to comply with regulatory requirements and uphold ethical standards.

Niantic’s use of “Pokémon Go” data serves as a compelling example of how innovative applications of real-world data can drive advancements in AI. However, it also emphasizes the need for organizations to prioritize transparency, consent and robust data protection. By doing so, businesses can unlock the potential of cutting-edge technology while safeguarding user trust and meeting their legal obligations.