The reports of Pokémon Go’s rampant data harvesting were dismissed last week, and the game’s millions of users returned to making the augmented reality app the global phenomenon it continues to be. However, the concerns that sparked the controversy still exist: almost no one reads or even understands the terms and conditions for the apps we download or products we buy, so we don’t know exactly what information we’re giving away, or how it will be used, protected, and eventually sold.
Dr. Avner Levin, Director at the Privacy & Cyber Crime Institute and professor at Ryerson University’s Law Research Centre, believes that this system has been designed on purpose, to give companies more legal freedoms to profit off of our information. The FADER spoke with him over the phone to discuss the perils of a society built around science and technology with a populace that has no comprehension of it.
What did you make of the controversy?
This is not one that I got too excited about, to tell you the truth. I felt Pokémon’s developers, Niantic, they were fairly upfront with what’s happening with the information. I have more of a concern when the information is collected and it’s not stated in their policy. In this case that didn’t appear to be happening. The fundamental problem I have with all of this is the whole system of signing up, and accepting the terms. This should be changed, or we should at least be given more options.
Germany has certain guidelines to ensure terms and conditions can be read by the average person. Should other countries follow suit?
Simplified language is just one part of it. Interactivity is another. So for example, notices pop up and ask you if you want your information to go in a certain direction or not. I would say the third thing should be information-free experience. You know how you can download a game that’s free, and you pay 99 cents or whatever to remove ads? I actually think that this should be done for applications collecting your personal information. I’d like to see companies forced to offer privacy protected versions for a fee. It would be interesting to see how much people really care about privacy. Will they pay a dollar, maybe five dollars, and buy a Pokémon game where nothing happens with their information. It’s not sold to anyone, it’s not disclosed to anyone, it’s not analyzed by anyone, it’s just used for the purposes of the game itself, but it doesn’t go beyond that.
From the perspective of privacy and information protection, it’s all about giving the individual control and a real choice about what they do. To me, that seems like a meaningful choice. If you don’t care, if you don’t want to pay for that, fine, but at least they’ve been given a meaningful choice.
I think choice is important, but I also think there’s a tendency in most people, including myself, who are willing to trade an unknown degree of our privacy for small amount of convenience. Perhaps because the implications of that transaction don’t feel very real.
The system that we have now is not designed to give you control of your own information. It’s designed to give companies the legal ability to maneuver and do whatever they want to do commercially with your information. The process of clicking “I Accept” to all these conditions that we have now is not user friendly, it’s company friendly. That’s a subversion of the original intention of the information protection regime. If they presented the information to you with more transparency, more examples, interactivity along the way, so that you know at key decision points exactly what you want to do with your information, people would react very differently. But if it’s presented as an obstacle that you just have to click through it to get what you want to do, then of course people will just click “I Accept.” That’s empirical, there’s a lot of research out there that shows people do not read these things so they can get to what they need.
“As much legitimate interest as there is in the issues of something like Pokémon Go, there’s even more illegitimate interest in ‘How can we hack this game’s very rich dataset?’”
What’s the worst case scenario you see five or ten years down the road if nothing changes?
When we talk about this in the privacy circles, we feel like the worst case scenario’s already happened, in the sense that the process of agreeing to these terms and conditions are a charade. I think in five or ten years from now we won’t be having these conversations about clicking “I Agree” or “I Do Not Agree,” they’ll be meaningless. We won’t ask that. Instead we might have some kind of regime in place that’s just trying to discipline businesses for specific misuses of information. For example. your social media information might be used for an employment decision or an admission into college or university. And those are the things we’ll try to police, but everything else, specifically commercial purposes, will likely be fair game.
What’s something people can do everyday to make more informed decisions before downloading apps, or signing up for these services, or even buying hardware?
To manage their privacy, people should not be providing the most accurate information to these companies. Putting in a different name, different gender, different date of birth. Remember, all of your information is going into a database. The next thing you know, it’s hacked. As much legitimate interest as there is in the issues of something like Pokémon Go, there’s even more illegitimate interest in “How can we hack this game’s very rich dataset?” So there are very good reasons for people not to provide the most accurate information about themselves. Companies don’t like that and they put things about it in their terms and conditions, because fake information doesn’t have the same commercial value.
If the companies aren’t being transparent with what they’re doing with the data, the consumer isn’t obligated to be accurate with what they provide.