Pokémon Go’s data collection is a great opportunity for thinking about risk assessment

Pokémon Go is a very popular location-based smartphone game. Ever since its release, Pokémon Go has been criticized for the way it collects users’ location data. This criticism is understandable: We intuitively feel uneasy about some third party knowing things about us — especially when it comes to our precise location at any given time. However, when regarded less emotionally and more analytically with the help of the principle of charity, your assessment of the probability that Pokémon Go’s data collection is used for nefarious purposes will probably change.

Full disclosure: I have not yet played Pokémon Go. Not because I don’t want to try it, but because I’m afraid I would enjoy it enormously, and spend more time on it than I should. However, reading, hearing and seeing about Pokémon Go does, in a way, put a smile on my face. All kinds of people are unapologetically playing Pokémon Go in public and apparently having a lot of fun doing so. What’s not to like about that? Besides this feel-good factor, the nature of Pokémon Go as a game is very interesting to me. It’s a location-based game, meaning that it is using your real-time location as information within the game. Your game character is actually walking on a map of the place where you yourself are at the moment, and your character’s movement corresponds to your own movement. Added to this is a strong visual element of augmented reality: When you are catching Pokémon, you see them on your smartphone, imposed on the regular image of your surrounding as captured by your phone’s camera.

This is what the agumented reality mode of Pokémon Go looks like — it’s a little bit like Charmander was really standing there on the lawn.

Pokémon Go, then, is a lot of fun to a lot of people, and, while not revolutionary (Pokémon Go is not the first location-based game of its kind), it is technologically interesting, because it blends a virtual world with reality and, in doing so, appeals to many people. Of course, we are currently undergoing a little bit of a Pokémon Go hype, fueled in large parts by a media hype (a form of self-reinforcing news wave [1, 2]), so it’s uncertain how sustainable the game’s popularity is. Be that as it may, the amount of interest that Pokémon Go has generated is noteworthy, not least because it is a location-based game and playing it requires players to physically move around. The rapid rise in the game’s popularity has not remained without criticism and concern. There are many opinions of what might be problematic about Pokémon Go, and many of them verge on the irrational, such as, for example, fears that the Pokémon in Pokémon Go are “cyber demons” [3]. Within this pool of negative opinions, however, there are some lines of concerned and critical reasoning that are of some general relevance. More precisely, there are three aspects of Pokémon Go that are deemed problematic:

  • Pokémon Go is addictive, like a drug. It seems like a little bit of a cultural constant that whenever something becomes very popular in a short amount of time, we describe the object, item, product in question as “addictive”. That is precisely what has begun happening with Pokémon Go as well [4, 5]. There is such a thing as behavioral addiction; a form of compulsive reward-seeking behavior that does not involve the use of drugs [6]. The best example of this is probably pathological gambling [7]: A lot of people gamble regularly, and some of them do so in a compulsive manner, resulting in all sorts of problems, financial and otherwise. However, there is a tendency to overpathologize everyday behavior as behavioral addiction [8]. Obviously, Pokémon Go is as popular as it is right now at least in part due to its gratification mechanisms — finding items and Pokémon in the game and collecting them, leveling your character up, and so forth are all effective incentives to make users keep playing. In other words: Pokémon Go succeeds as a game. But there is a difference between our everyday use of the word “addictive” and its clinical meaning. If you have a Netflix account and you binge watch a whole season of a show in a weekend, you can call the show “addictive”, but that does not automatically mean that you are suffering from a disorder of your brain’s reward system. So, for the time being, it is probably safe to say that Pokémon Go is “addictive” (it triggers our reward system well), but we cannot yet say whether it is truly addictive in a clinical sense.
  • Pokémon Go can be a safety hazard. This criticism is leveled at Pokémon Go itself, but also at some of its more careless players. There have already been reports of players who have hurt themselves because they were paying too little attention to their surroundings while playing the game [9]. The hazard of accidents through inattention is very real, I believe. For example, it is already well-known that using a (smart)phone while driving for the purpose of texting or related activities (looking at and interacting with the phone) greatly increases the probability of causing a crash [10], and there is no reason why distracted driving should not extend to smartphone games. It is also possible that the general accident risk, be it as a vehicle driver or a pedestrian, is even greater with games such as Pokémon Go than with, say, texting, because games can be more immersive. This question should be put to empirical scrutiny — we need data to find out how much the probability for accidents increases because of inattention while playing Pokémon Go.
  • Pokémon Go collects user data. Pokémon Go is a location-based online game, and as such, it both sends players data and receives data from players. In and of itself, this is not unusual; after all, that’s the principle behind the game. However, upon Pokémon Go’s release, the permissions that the iOS version of the game (the version for iPhones and iPads) asked for were met with bemusement, and the developer of the game, Niantic, has issued an update which limited the game’s permissions [11], stating that the original privacy settings were an error. However, beyond this apparent error, a general unease about the data collection of Pokémon Go has remained, and speculation about what exactly is happening to your location data abounds, fueled by the assumption that users’ location data is valuable in one way or the other [12].

Of those three concerns about Pokémon Go, the last one about data collection seems the most relevant to me. Not that potential compulsive behavior and a potential increase in accidents were irrelevant problems, but they are quite “obtrusive” ones: Obviously, those things matter, because they are obivously undesirable and have very immediate negative outcomes. The question of data collection and use of collected data, in contrast, is a much more “latent” potential problem — there is no immediate, or immediately noticeable, consequence to letting a third party collect your location data, since data collection is something that happens en passant within the game. And that is precisely why the question of data collection within Pokémon Go matters: Because it is not at all obvious what exactly the collection of user data within Pokémon Go entails, it is necessary think about this question as systematically as possible.

Collecting user (location) data doesn’t feel right

The notion that there is something like privacy, and that the private is different from the public, is probably as old as Western civilization [13, 14]. Accordingly, it is almost self-evident to us that there is something like privacy, in the sense that not everyone has the right to know things about us that we might not be willing to share. If someone does access information about us that we deem private, we feel our privacy to be invaded, if not violated.

In our Internet-connected times, the notion of privacy is under continued duress, for at least two reasons. First, we are all too aware that public as well as private entities are rather interested in collecting digital data from us, not least since the revelations by Edward Snowden about various covert government surveillance programs. However, private companies also collect large amounts of user data in order to monetize them, primarily through advertising [15]. Second, and somewhat paradoxically, even though we usually cherish privacy and are wary of third parties who have an interest in eroding it, we ourselves are very keen on making ostensibly private things public, because we receive some form of benefit or gratification in the process. For example, you probably have several social media accounts, on platforms such as Facebook, Twitter, Snapchat, Instagram, and so forth. All of these platforms offer, in my opinion, tremendous services, and they do so free of charge. But, of course, those services are not really free — we pay with our data.

In that sense, even though we value our privacy, we are readily exposing private information online, in a twofold manner: Via social media, we offer private and sometimes intimate insights into our lives; additionally, the services we use systematically extract data that can be used by the companies running those platforms. That is not to say that companies only use our data to make money; of course, they also use data to improve their services. But private businesses have to make money, and the monetization of user data is the obvious way of doing that if the service in question is free of charge.

Our attitude towards privacy, then, is somewhat ambivalent, perhaps even contradictory. On the one hand, we do care about privacy in general and data privacy in particular [16]. On the other hand, we seem ready to trade in privacy for comfort and services [17]. How does this relate to Pokémon Go?

Pokémon Go collects user location data [18]:

The App is a location based game. We collect and store information about your (or your authorized child’s) location when you (or your authorized child) use our App and take game actions that use the location services made available through your (or your authorized child’s) device’s mobile operating system, which makes use of cell/mobile tower triangulation, wifi triangulation, and/or GPS.

Anyone who install Pokémon Go automatically accepts this privacy policy. However, few people really read privacy policies, not least because that would be too costly in terms of time investment [19], and also because we humans usually suffer from the so-called “status quo” bias [20] (we tend to stick with default options, and in legal terms, we tend to “blindly” accept what we are offered). Many Pokémon Go players, then, probably installed the game without being fully aware what kind of data about them is collected, and upon learning about Pokémon Go’s data collection policy, some players might feel queasy about it — they did technically accept the data collection as a trade-off for the game experience, but they might not have done so deliberately.

Consequently, it’s understandable that it might feel “weird” that a company is collecting your location data while you are playing Pokémon Go. But does such a data collection mean that the developer of Pokémon Go, Niantic, intends to use user location data for some nefarious purposes that are not disclosed in its privacy policy?

In order to answer that question, we cannot rely on gut feelings or intuition, but we must try to assess the situation somewhat rationally.

A most useful tool: The principle of charity

If we boil our Pokémon Go problem down to a single truth claim, it could be something like this:

  • The developers of Pokémon Go are collecting user data for nefarious purposes.

Let “nefarious purpose” here mean any purpose that is not disclosed in Niantic’s privacy policy [18]. Now, we are obviously in a situation of uncertainty — we don’t know for sure whether the truth claim above (you can also call it “hypothesis”) is true or not. You probably have some intuition about the truth claim, but it’s not easy making that intuition explicit.

In situations of high uncertainty coupled with emotional baggage, it can be very helpful to make use of some tools that help us see things from multiple angles. One such tool is the principle of charity. The principle of charity is not defined in a singular and universal fashion. Personally, I am fond of of the following definition [21]:

The maxim of translation […] is that assertions startingly false on the face of them are likely to turn on hidden differences of language.

The definition above is somewhat technical, and it doesn’t even explicitly mention “principle of charity”. However brief the definition may be, though, it is very much on point: There are situations in which you might interpret some information very negatively and be very certain of your point of view. However, there is no guarantee that your interpretation of the information presented to you is actually true. Instead, it is possible that there is some problem of translation: The information presented to you might not be actually as obviously false as you deem it, but rather, you might be misunderstanding the information because the language of the information’s creator does not correspond well enough to your own language. In a technical sense, then, the principle of charity states that some other person’s beliefs might not be as obviously false or epistemically irrational as it seems to you. In a generalized sense, the principle of charity can be understood as a mental exercise with the goal of reducing cognitive biases.

Let us, for a moment, go back to the truth claim of interest:

  • The developers of Pokémon Go are collecting user data for nefarious purposes.

I would probably evaluate the truth claim in a non-charitable manner as follows:

  • Niantic, the developer of Pokémon Go, used to be fully owned by Google, and Google is known for monetizing user data.
  • Pokémon Go can be download and played free of charge. If users don’t pay for the game, then they are paying with their data.
  • The privacy policy by Niantic is written in “legalese”; normal humans can hardly understand what it all means.
  • The whole Pokémon Go hype seems suspicious; almost as if the whole point was to get as many people as possible to share as much data as possible as fast as possible.
  • You just can’t trust any of these tech companies these days, because all they want is your data. Better to err on the side of caution.

In a non-charitable, perhaps emotionally driven evaluation of that truth claim, I would personally ascribe this truth claim a high probability of being true — something like 0.9, or 90%. That is a high probability, but I don’t think it’s unrealistically high. I have tried not to exaggerate the above interpretation of the situation; that is actually how I myself would look at the whole situation given my gut feeling and general concern when it comes to data collection.

Now, let’s try and assess the situation from a charitable point of view:

  • Pokémon Go is a so-called “freemium” game. It is free to play, but players can buy items in-game. This is an established revenue model for online games [22]. Therefore, selling user data is not the only way Niantic can make money with Pokémon Go.
  • The collection of user data is an integral part of the gameplay experience of Pokémon Go; without such data collection, it would not be possible for multiple players to play with each other in Pokémon Go.
  • I trust that Niantic is telling the whole truth in its privacy policy.
  • I don’t have any empirical evidence that Niantic is using user location data for nefarious purposes.

Again, I don’t believe that this charitable interpretation is exaggerated or unrealistic. Rather, it is simply an attempt at assessing the truth claim from a charitable point of view. Given this line of evaluation, I would estimate that the probability of the truth of the truth claim in question —the developers of Pokémon Go are collecting user data for nefarious purposes—is around 0.1, or 10%.

Overall, then, I have arrived at two starkly differing conclusions. When I am being non-charitable, I believe a nefarious purpose for user data is very probable, with a probability of 0.9, or 90%. When I am being charitable, however, my assessment has pretty much flipped, and I believe that the probability of nefarious purposes is very low, at a mere 0.1, or 10%.

Conclusion: Risk perception is biased, and the principle of charity can help

What is the purpose of the little exercise above? I hope it demonstrates with at least some degree of success that risk assessment of the possibility that Pokémon Go collects user location data for nefarious purposes is much more difficult than it appears prima facie. Second, and most importantly, the contrast between the charitable and the non-charitable interpretation of the situation reveals that something somewhere isn’t quite right, because the two conclusions are vastly different. If we were to analyze the available data objectively and free of biases, then it shouldn’t matter whether we are being charitable or not, because evidence should be perfectly objective. But, obviously, we are not free of biases, but very much guided by them. A non-charitable interpretation is usually an irrational one, because it oftentimes boils down to an exercise in confirmation bias [23]. Engaging in the thought process that is the principle of charity is no panacea against confirmation bias, but it is a potent tool to force yourself to consider something that we don’t like considering — you might be wrong.

The principle of charity is not, of course, a tool that can only be applied to Pokémon Go. It is a tool that can and should be applied in the evaluation of any truth claims. It is, I believe, of great use not least in the area of risk assessment. Assessing risks is notoriously difficult, because our perception of risks is ridden with biases [24]. In situations where we need to assess risks, but are prone to errors in thinking and lack the resources to engage in a full-blown technical, quantified, objective risk assessment, the principle of charity can be a great heuristic to absorb the brunt of our biases and make our risk perception approximate a more objective risk assessment.

What, exactly, does this mean? If we briefly go back to the Pokémon Go example, you will recall that we have arrived at two vastly different conclusions about the probability that user location data are used for nefarious purposes, probabilities of 0.9 and 0.1. In a very simple manner, you could, in a next step, regard both conclusions as having equal weight (and thus, you are not regarding the charitable conclusion as being superior, which it very well might be), and ultimately simply combine both conclusions and arrive at (0.9 + 0.1)/2 = 0.5 as your average probability that user collected data are used for nefarious purposes. With this slight and simple step, you have actively quantified the “corrective force” of your charitable interpretation — even though the probability of 0.5 might not yet be perfectly representative of reality, it’s probably closer to reality than the non-charitable, biased value of 0.9.


[1] Vasterman, Peter L.M. 2005. “Media-Hype: Self-Reinforcing News Waves, Journalistic Standards and the Construction of Social Problems.” European Journal of Communication 20 (4): 508–530.

[2] Wien, Charlotte, and Christian Elmelund-Præstekær. 2009. “An Anatomy of Media Hypes: Developing a Model for the Dynamics and Structure of Intense Media Coverage of Single Issues.” European Journal of Communication 24 (2): 183–201.

[3] Nunez, Michael. 2016. “ISIS Will Use Pokémon Go to Murder Innocent Christians and Spawn Demons (Says Radio Host Pastor).” Gizmodo. Accessed July 19. http://gizmodo.com/isis-will-use-pokemon-go-to-murder-innocent-christians-1783680507.

[4] Chamary, J. V. 2016. “Science Explains Why You’re Addicted To Pokémon GO.” Forbes. Accessed July 19. http://www.forbes.com/sites/jvchamary/2016/07/12/science-collecting-pokemon/.

[5] Langley, Travis. 2016. “Is Pokémon GO a Virtual Drug?” Psychology Today. Accessed July 19. https://www.psychologytoday.com/blog/beyond-heroes-and-villains/201607/is-pok-mon-go-virtual-drug.

[6] Grant, Jon E., Marc N. Potenza, Aviv Weinstein, and David A. Gorelick. 2010. “Introduction to Behavioral Addictions.” The American Journal of Drug and Alcohol Abuse 36 (5): 233–41. doi:10.3109/00952990.2010.491884.

[7] Potenza, Marc N. 2008. “The Neurobiology of Pathological Gambling and Drug Addiction: An Overview and New Findings.” Philosophical Transactions of the Royal Society B: Biological Sciences 363 (1507): 3181–89. doi:10.1098/rstb.2008.0100.

[8] “Are We Overpathologizing Everyday Life? A Tenable Blueprint for Behavioral Addiction Research.” 2015. Journal of Behavioral Addictions 4 (3): 119–23. doi:10.1556/2006.4.2015.009.

[9] Tuttle, Brad. 2016. “10 Unimaginable Things Happening Because of ‘Pokémon Go.’” Time, July 18. http://time.com/money/4410946/pokemon-go-accidents-bar-crawls-dating/.

[10] Klauer, Sheila G., Feng Guo, Bruce G. Simons-Morton, Marie Claude Ouimet, Suzanne E. Lee, and Thomas A. Dingus. 2014. “Distracted Driving and Risk of Road Crashes among Novice and Experienced Drivers.” New England Journal of Medicine 370 (1): 54–59. doi:10.1056/NEJMsa1204142.

[11] Barrett, Brian. 2016. “Update Your Pokémon Go App Now to Fix That Privacy Mess.” WIRED. July 12. https://www.wired.com/2016/07/update-pokemon-go-app-now-fix-privacy-mess/.

[12] Divine, John. 2016. “Pokemon Go: Collecting All the Data?” US News & World Report. Accessed July 19. http://money.usnews.com/investing/articles/2016-07-13/pokemon-go-collecting-all-the-data.

[13] Horwitz, Morton J. 1982. “The History of the Public/Private Distinction.” University of Pennsylvania Law Review 130 (6): 1423–28. doi:10.2307/3311976.

[14] Howard, Dana. 2014. “Public–Private Distinction.” In The Encyclopedia of Political Thought. John Wiley & Sons, Ltd. http://onlinelibrary.wiley.com/doi/10.1002/9781118474396.wbept0849/abstract.

[15] The Economist. 2014. “Getting to Know You,” September 13. http://www.economist.com/news/special-report/21615871-everything-people-do-online-avidly-followed-advertisers-and-third-party.

[16] Madden, Mary, and Lee Rainie. 2015. “Americans’ Attitudes About Privacy, Security and Surveillance.” Pew Research Center: Internet, Science & Tech. May 20. http://www.pewinternet.org/2015/05/20/americans-attitudes-about-privacy-security-and-surveillance/.

[17] Rainie, Lee, and Maeve Duggan. 2016. “Privacy and Information Sharing.” Pew Research Center: Internet, Science & Tech. January 14. http://www.pewinternet.org/2016/01/14/privacy-and-information-sharing/.

[18] “Pokémon GO Privacy Policy.” 2016. Accessed July 19. https://www.nianticlabs.com/privacy/pokemongo/en/.

[19] Madrigal, Alexis C. 2012. “Reading the Privacy Policies You Encounter in a Year Would Take 76 Work Days.” The Atlantic, March 1. http://www.theatlantic.com/technology/archive/2012/03/reading-the-privacy-policies-you-encounter-in-a-year-would-take-76-work-days/253851/.

[20] Samuelson, William, and Richard Zeckhauser. 1988. “Status Quo Bias in Decision Making.” Journal of Risk and Uncertainty 1 (1): 7–59. doi:10.1007/BF00055564.

[21] Quine, Willard Van Orman. 1964. Word and Object. MIT Press.

[22] Evans, Elizabeth. 2015. “The Economics of Free Freemium Games, Branding and the Impatience Economy.” Convergence: The International Journal of Research into New Media Technologies, February, 1354856514567052. doi:10.1177/1354856514567052.

[23] Nickerson, Raymond S. 1998. “Confirmation Bias: A Ubiquitous Phenomenon in Many Guises.” Review of General Psychology 2 (2): 175–220. doi:10.1037/1089-2680.2.2.175.

[24] Kasperson, Roger E., Ortwin Renn, Paul Slovic, Halina S. Brown, Jacques Emel, Robert Goble, Jeanne X. Kasperson, and Samuel Ratick. 1988. “The Social Amplification of Risk: A Conceptual Framework.” Risk Analysis 8 (2): 177–187.