Pokémon Go is a wildly successful augmented reality game that encourages players to interact with their environment by using realistic maps of their surroundings as part of the game. Certain landmarks, monuments and public buildings are tagged as “stops”, where players can collect items, and some public spaces including churches, parks and businesses are tagged as “gyms”, where users can battle each other. It is the tagging element that has prompted a few interesting legal questions about the role of augmented reality. What happens when the data mistakenly identifies a house as a public space? Niantic is already being sued in the United States under the Tort of nuisance because it allegedly encourages users to trespass real properties.
Pokémon Go is just the beginning. The game has proven the potential of augmented reality to appeal to a very large audience, so we can expect many other applications of the technology to come our way, and we can expect a new generation of augmented reality games and applications to be launched soon. In particular, the combination of augmented reality, geo-tagging and location-based interaction has huge privacy implications.
For example, what if your house is tagged in a global database without your permission and you value your privacy so do not want any passersby to know that you live there? Or what if a commercially-sensitive database identifies your business with incorrect data and you cannot reach the developer or they refuse to amend it? People looking for businesses in your area may miss you and go to a competitor that is correctly listed. Even more worrying, what if your house was previously occupied by a sex offender and is tagged in an outdated database with that information.
The potential for trouble will be worse with the launch of apps that allow users to tag public or private buildings themselves. Why will abusers and trolls bother spray-painting a house, when they can geo-tag it maliciously? Paint washes away, but data may be more difficult to erase.
This talk will be about a proposal to extend data protection legislation to virtual spaces. At the moment, data protection is strictly personal as it relates to any information about a specific person, known as a data subject. The data subject has a variety of rights, such as having the right to access their data and rectify and erase anything that is inaccurate or excessive. Under my proposal, the data subject’s rights would remain as they are, but the law would contain a new definition, that of the data object. This relates to data about a specific place or location. People would be able to object to the use of a data object in a manner that affects their data protection rights.