value insights

Pokemon Go craze: A harbinger of the augmented enterprise?- Valutrics

What about privacy?

The new technology is not without its dark side.

“The Pokemon Go craze is a tale of two cities; it shines a light on how cool augmented reality can be. It casts an even darker shadow on the issues of personal and workplace privacy and security,” said Bob Egan, chief research officer at Seraphim Group LLC in Falmouth, Mass.

The fine print of Pokemon Go’s privacy policy, which details what the app and its maker, Niantic, can do with the broad swath of data it collects from its users, including profile data, device identifiers and location data, should raise alarm bells, he said. One of the things Niantic can do is share this data with government or law enforcement officials, as well as third parties, he said. This week, Sen. Al Franken (D-Minn.) wrote to the developer of the game, expressing concern over the game’s “unnecessary” data collection without users’ knowledge.

Adrian Sanabria, senior security analyst at 451 Research, puts a lot of the onus for transparency on developers to spell out what data they collect, how they store it and what they do with it.

“It shouldn’t take a security researcher to do this — I should be able to answer [these questions] by looking at the details of the app on my phone,” he said.

But users have to learn to do their part, too, he said, though he’s not optimistic that will happen anytime soon.

“The attraction of new technology will win every time over proper due diligence. Whether it is 2008 and iPhones are invading the enterprise, or 2018 and Microsoft’s HoloLens, this stuff will show up before we fully know the impact on privacy,” Sanabria said.

Meantime, he suggested companies making money off augmented reality apps, or developing them for their employees, need to start thinking about how they will handle data privacy issues. Europe’s General Data Protection Regulation, for instance, increases the responsibilities of companies handling personal data in any way, giving consumers stronger powers over their data, and imposes greater restrictions on data flow across international borders.

“Legislation like GDPR … can help put this knowledge into consumers’ and enterprises’ hands,” Sanabria said.