People have been lingering outside Boon Sheridan’s house all through the night. The designer lives in an old church in Massachusetts that has been designated a “gym” in the new smartphone game Pokémon Go. Because the game requires players to visit places in the real world, Sheridan now has to put up with people regularly stopping outside his building to play.
It has got to the point where he has started wondering if there is anything the law can do in situations like this. He wrote on Twitter: “Do I even have rights when it comes to a virtual location imposed on me? Businesses have expectations, but this is my home.” This problem of virtual activities impinging on physical spaces in only likely to grow with the increasing popularity of the augmented reality used in games such as Pokémon Go to overlay digital landscapes on real ones. But there may be a way to deal with this before it becomes a serious legal problem for more people.
It opens up new avenues of rights and privacy. Clearly someone used an ancient (40+ year old ) database to still consider this a church.
— Boon Sheridan (@boonerang) July 10, 2016
Pokémon Go encourages players to interact with their actual environment by using realistic maps of their surroundings as part of the game. Certain landmarks, monuments and public buildings are tagged as “stops”, where players can collect items, and some public spaces including churches, parks and businesses are tagged as “gyms”, where users can battle each other.
It is the tagging element that has prompted a few interesting legal questions about the role of augmented reality. The game’s developer, Niantic, is using a combination of data from Google Maps and user-generated tags collected from an earlier game called Ingress. This data is used to identify real-life spots as either a stop or a gym. But what happens when the data mistakenly identifies a house as a public space, as happened to Sheridan?
As it turns out, Niantic offers people the chance to highlight problems with a location. And in the grand scheme of things, whether a person’s house is mis-tagged in a game does not seem like something worthy of new laws, particularly when the developer offers to correct any errors. But Pokémon Go is just the beginning. The game has proven the potential of augmented reality to appeal to a very large audience, so we can expect many other applications of the technology to come our way.
The wild success of location-based gaming may bring about a horde of imitators, so expect a new generation of augmented reality gaming to hit the app stores soon. And the technology’s potential also goes beyond gaming so we can expect more mainstream applications of geo-tagging and location-based interaction, especially with the growth of wearable technology such as fitness trackers. You can imagine that soon we will have a world in which ever house, every car, even every person could come with an added virtual tag full of data. The potential for innovation in this area is staggering.
But what if your house is tagged in a global database without your permission and you value your privacy so do not want any passersby to know that you live there? Or what if a commercially-sensitive database identifies your business with incorrect data and you cannot reach the developer or they refuse to amend it? People looking for businesses in your area may miss you and go to a competitor that is correctly listed. Even more worrying, what if your house was previously occupied by a sex offender and is tagged in an outdated database with that information?
The problems would go far beyond what is happening with Sheridan’s house. These cases could have real negative effects on people’s lives, privacy, or business prospects.
The potential for trouble will be worse with the launch of apps that allow users to tag public or private buildings themselves. Why will abusers and trolls bother spray-painting a house, when they can geo-tag it maliciously? Paint washes away, but data may be more difficult to erase.
My proposal is to extend data protection legislation to virtual spaces. At the moment, data protection is strictly personal as it relates to any information about a specific person, known as a data subject. The data subject has a variety of rights, such as having the right to access their data and rectify and erase anything that is inaccurate or excessive.
Under my proposal, the data subject’s rights would remain as they are, but the law would contain a new definition, that of the data object. This relates to data about a specific location. The rights of data objects would be considerably more limited than those of a data subject. But classifying them like this would take advantage of the data-protection mechanisms that already exist for when someone is intrinsically linked to a location.
In other words, just tagging a location on an augmented reality database wouldn’t violate the data protection. But mis-tagging a location as a public space in a way that could impinge on people’s enjoyment of that location could trigger action by the regulator to have the tag amended, removed or even erased. This would be especially useful for private spaces such as Sheridan’s house. If the app developer fails to make a change to the data, the property owner could make a request to the data protection authority, who would then force developers to change the data – or face fines.
There are limits to this proposal. Such a regime would only apply to companies based in the same country as the data protection regulator. So, for example, European countries wouldn’t be able to force Niantic to make changes to Pokémon Go’s tags, because the company is based in the US. There would also need to be strict restrictions on exactly what counts a data object and what is worth amending or deleting, otherwise the system could be abused.
But one thing is already certain: Pokémon Go is just the beginning of a new world of location-based data applications, and we need to find better ways to protect our digital rights in that space.