Pokémon GO: What Legal Pitfalls Await Augmented Reality Games? On July 6, 2016, Pokémon GO launched in the United States to immediate popularity—more than 45 million people downloaded and played the game on their smartphones in its first month. The inescapable media coverage of Pokémon GO introduced many to the concept of “augmented reality games”—or “AR games”—which use technology, such as smartphones, to prompt or direct users to take physical actions. By layering a virtual game universe on top of the real world, these AR games take to a new level more established activities, such as geocaching, in which players use GPS coordinates to track down hidden “treasure” (usually small boxes with little trinkets) or “checking in” online with a physical location.
Pokémon GO works by spawning virtual “Pokémon” (fictional animals with special abilities) at real world locations, which players identify using the game app on their mobile devices. The app also provides the real world locations where players can acquire or replenish virtual game items; can gain points, level up, and improve in status (at virtual “PokéStops”); and can battle (at virtual Pokémon gyms). Players can also add “lures” to PokéStops to attract more Pokémon for a short time—and, because the lures are visible to other players, the lures may also draw other players looking for an abundance of Pokémon. The game selects PokéStops and Pokémon gyms based on known points of interest in communities, but provides an online form for requests to remove certain locations from use as a PokéStop or Pokémon gym, as well as a form to report inappropriate game play. See https://support.pokemongo.
nianticlabs.com/hc/en-us/articles/221968408. While game play is free, in-app purchases are available.
While many have praised AR games’ effect of drawing gamers away from their home computer and TV screens and into live interaction with humans in the real world, not everyone is happy with the consequences. Media reports have focused on two groups of the discontented: those unhappy with the travel of Pokémon GO players to a given physical location (such as police stations, museums, or homeowners’ yards) and Pokémon GO players who have been injured in pursuit of a game objective.
What exposure does Niantic, the game maker, face from these unhappy groups?
Trespass/Nuisance. Private property owners have already filed two putative class action complaints alleging nuisance and trespass violations: Marder v. Niantic (N.D. Cal., filed July 29, 2016) and Docich v. Niantic (N.D. Cal., filed Aug. 10, 2016). These complaints contend that Niantic’s placement of geographical markers on private property causes players to make unwanted incursions onto the land, causing harm, and that Niantic’s proffered solutions—allowing property owners to opt-out from being a game destination and reminding users not to venture onto private property without permission—do not absolve Niantic.
The plaintiffs’ claims seem unlikely to succeed. Tort liability for the acts of third parties is traditionally predicated on the defendant’s creation of an unreasonable risk of harm to the plaintiff. Unlike the foreseeable risk of reckless driving arising from a radio station offering a cash prize and interview to the first driver to catch a disk jockey driving around Los Angeles, the complained-of harm is not a necessary component of the game. Contrast Weirum v. RKO General, Inc., 15 Cal. 3d 40 (1975) (affirming liability against a radio station for contest participants’ reckless driving that killed another driver). Rather, the facts are more like those the Weirum court distinguished, such as harms arising from limited sporting event tickets or “get it while they last” sales. As the court explained, “any haste involved in the purchase of the commodity is an incidental and unavoidable result of the scarcity of the commodity itself. In such situations there is no attempt, as here, to generate a competitive pursuit on public streets, accelerated by repeated importuning by radio to be the very first to arrive at a particular destination.” 15 Cal. 3d at 49; see also Melton v. Boustred, 183 Cal. App. 4th 521 (2010) (sustaining demurrer, summarizing other cases involving alleged liability for third party acts, and rejecting plaintiff’s argument that “a homeowner of common sense would know that a public invitation posted on MySpace to a free party offering music and alcohol was substantially certain to result in an injury”).
Because nuisance and trespass are not “a necessary component” of Pokémon GO, the putative class action plaintiffs will have difficulty pleading and establishing that Niantic “engaged in active conduct that increased the risk of harm to plaintiffs,” which is necessary to impose “a legal duty … to prevent the harm inflicted by unknown third persons.” Melton, 183 Cal. App. 4th at 535.
Negligence/Failure to Warn. Niantic is also unlikely to be held liable for injuries players sustain as a result of their real world activities following a Pokémon GO’s map or playing late at night (when some of the best Pokémon appear for capture) in dangerous areas. Courts have historically been loathe to find a duty to protect all recipients of information from the potentially harmful consequences of relying on generally published information, even when the readers subscribed to the publication. E.g., First Equity Corp. of Florida v. Standard & Poor’s Corp., 869 F.2d 175 (2d Cir. 1989) (summarizing New York and Florida precedent and affirming dismissal of claims, explaining: “The publication at issue is a source of information disseminated to a wide public. The class of potential plaintiffs is multitudinous. Even the most careful preparation will not avoid all errors.”). The same holds true for interactive information. For example, a court dismissed claims against Google filed by a Google Maps user who was struck by a car while following Google Maps’ walking directions on a heavily trafficked rural highway. Rosenberg v. Harwood, No. 100916536, 2011 WL 3153314 (Utah Dist. Ct. May 27, 2011). While recognizing that Google may have foreseen some harm, the court concluded that the actual likelihood of injury was relatively low, the relationship between Google and the plaintiff was somewhat attenuated, and policy considerations weighed strongly against imposing the suggested duties on Google because of the heavy burdens associated with such a duty.
In addition, to the extent an injury results from a player’s use of a “lure” to attract other players, Niantic may also have a defense under the Communications Decency Act because a third party, not Niantic, is the publisher of the allegedly harmful content. See, e.g., Doe v. MySpace Inc., 2008 WL 2068064 (5th Cir. May 16, 2008) (dismissing negligence claims against MySpace predicated on sexual assault of MySpace user by another user); Gibson v. Craigslist, Inc., No. 08 Civ. 7735 (RMB), 2009 U.S. Dist. LEXIS 53246 (S.D.N.Y. 2009) (dismissing claim against Craigslist for third-party posted ad for gun that was used to shoot plaintiff).
Location Privacy. Because AR games are based around real-life conduct, they necessarily track users’ physical locations and may broadcast them to other players. Such location data has been the center of an evolving privacy law debate for many years. Last year, the Federal Trade Commission, which has established itself as the chief regulator for internet privacy, issued a lengthy report setting forth best data privacy practices. See Federal Trade Commission, “Internet of Things: Privacy & Security in a Connected World” (January 2015), available at https://www.ftc.gov/system/files/documents/
reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf. The FTC report recommends, among other things, that smartphone apps developers apply data minimization practices in order to protect consumer privacy. These practices include limiting the collection of data to that which is truly necessary to the service, obtaining user consent to collect that data, encrypting that data, limiting the length of time for its retention, and anonymizing it as associated with any particular user. Pokémon Go’s privacy policy sets forth its location data collection and sharing practices, including that it will aggregate and anonymize any location data shared with third parties. See Niantic Labs, Pokémon Go Privacy Policy, (July 1, 2016), available at https://www.nianticlabs.com/privacy/pokemongo/en. It thus seems to be complying with best privacy practices.
Future app developers who unveil similar games or features to Pokémon Go should ensure before launch that their privacy policies are robust and their location data is secure. Location data leakage, either through technological bugs or liberal data sharing policies, bears a significant risk of privacy class-action lawsuits. Just this past September, a Massachusetts district court allowed a privacy case to move forward which alleged that a smartphone news application had shared its users’ location data with third parties without consent. See Yershov v. Gannet Satellite Info. Network, Inc., No. 14-CV-13112, 2016 WL 4607868, at *2 (D. Mass. Sept. 2, 2016). Citing the Supreme Court’s recent privacy law decision in Spokeo v. Robins, 136 S. Ct. 1540, 1549 (2016), Yershov explained that “an individual’s right to privacy, both as to certain personal information and private locations, has long been regarded as providing a basis for a lawsuit in English or American courts. Also in September, a California district court allowed a smartphone privacy case to proceed to trial, explaining that smartphone applications’ “community norms of privacy” “are very much in flux.” Opperman v. Path, Inc., No. 13-CV-00453, 2016 WL 4719263, at *11 (N.D. Cal. Sept. 8, 2016) (privacy claims based on application’s unauthorized upload and sharing of address book data were not appropriate for summary judgment).
Reflecting this recognized “flux” in the law, many location privacy claims have been dismissed outright for failure to state a claim. See, e.g., In re Google Android Consumer Privacy Litig., No. 11-MD-02264, 2013 WL 1283236, at *14 (N.D. Cal. Mar. 26, 2013) (dismissing all substantive claims for privacy violations based on Google’s alleged unauthorized tracking of user location data and failure to de-anonymize that data); In re iPhone Application Litig., 844 F. Supp. 2d 1040, 1078 (N.D. Cal. 2012) (dismissing Stored Communications Act claim alleging that Apple’s smartphones had transmitted location data even after users affirmatively revoked permission to do so, but allowing two state law claims to proceed). Given the evolving state of the law, however, AR developers seeking to capitalize on Pokémon Go’s success should take care to adopt best practices to insulate themselves from privacy claims.
* * *
Although augmented reality games must continue to be sensitive to possible real world effects, as a practical matter, the current state of tort law poses a challenge to anyone attempting to impose liability on game developers for third-party actions in games such as Pokémon GO because of the difficulty of demonstrating specific knowledge of a likely harm or an unusual special relationship between Niantic and the plaintiff.