© Damian – Fotolia.com

Data protection – use of location data in augmented reality games

Data protection is becoming even more important with the new GDPR. But can it also be sufficiently observed in augmented reality games?

Augmented reality games refer to computer-aided perception in which the real world is mixed with the virtual world.
The games often use mobile devices – such as smartphones or tablets – to mix the view of the real world with digital information and graphics in real time.

Since the launch of the game Pokémon Go in Germany (July 2016), this type of gaming world has experienced a real hype.
However, it is not only players who have taken an interest in the game, but also data protection experts.
However, their verdict is not as positive as that of the often young players.

Consumer advice center warns against data usage in augmented reality games

The consumer advice center warns: In addition to data protection problems with the use and storage of location data, there is also a risk of personal and image rights violations if the player uses the camera function within the augmented reality games.

Game makers receive detailed movement profile

The greatest danger for the makers of augmented reality games is therefore data protection.
Extreme caution is required, especially with regard to position data and geolocalization.
This is because the game only works if the makers can constantly determine where the mobile device is located while the user is playing.

To be successful in a game, the user usually has to let it run as often as possible.
The easiest way to do this is on the way to school, to work or to sport, or even on a shopping trip.
But this is precisely where the danger lies: the player becomes a transparent customer of the game maker, who now has a detailed movement profile.

Often no anonymization due to a clear name requirement

The data collected not only provides information about the routes traveled, but also creates a broad social profile with additional data from other players.
In addition, these profiles are often (as in Pokémon Go, for example) not disguised or anonymized but linked to the player’s real name.
This is because registration with a real name is usually required in order to use the game.
This means that all location data collected in this way is personal.

However, location data (localization via the mobile network) may only be processed for additional services with added value to the extent necessary and within the required period of time in accordance with Section 98 of the German Telecommunications Act (TKG).
But only if it has been anonymized or the player has given the provider of the additional service their consent.

No comprehensive regulation for position data from GPS or WLAN

The provisions of the TKG do not apply to tracking via GPS or WLAN.
This loophole is therefore often used by game manufacturers to collect and store more comprehensive movement data.
This is because the Telemedia Act (TMG), the Federal Data Protection Act (BDSG) and the General Data Protection Regulation (GDPR), which will soon come into force, do not provide any special regulations for the use of location data.
The handling of location data is therefore governed by the general provisions (Section 15 (1) TMG).

However, if the general terms and conditions are too restrictive for the smooth running of the game, user consent can be obtained.
However, care must then be taken to ensure that the declarations of consent used are clear and specific enough and do not contain any surprising clauses.

New data protection regulations in the GDPR

In future, the new GDPR will replace the provisions in Sections 11 et seq. TMG will replace them.
This is because it takes precedence as Union law.
Location data of an identifiable person is also considered personal data in the GDPR (Art. 4 No. 1 GDPR).
However, the GDPR does not provide for more detailed regulations, which is why the lawfulness of processing and storage is governed by the general provisions of Art. 6 GDPR.

The principle of data minimization applies

The legal regulation of the use of location data in German law is often confusing and incomprehensible for consumers.
Game manufacturers are therefore advised to have their data protection regulations checked before launching a game.
In this way, expensive warnings can be avoided.
Particularly in view of the GDPR, which will soon come into force, and the continuing principle of data minimization (Art. 5 para. 1 lit. b GDPR), caution is required.

Augmented reality games can also infringe copyrights

Last but not least, linking the games with photos of various landmarks may infringe copyrights insofar as the recording is not covered by the freedom of panorama (Section 59 UrhG).

In addition, by linking certain real locations with game sequences, the games can lead to players possibly trespassing on other people’s property and thus making themselves liable to prosecution for trespassing.

Contact person

Free newsletter

Matching contributions

Search

Request