We’re advocating for the law to recognise that harms don’t just fall on individuals
Data protection regulations such as GDPR should address more than privacy, including wider harms from non-personal data
Harms to our
Harms to our
Harms to our
In 2016, Niantic Labs released Pokémon Go, an augmented reality smartphone game that attracted millions of users worldwide. This game allows users to “catch” Pokémons through their mobile cameras in different geographic locations that often correspond to prominent places. This paper analyzes the distribution of PokéStops, Pokémon gyms, and spawnpoints in selected urban areas of South Florida and Boston. It identifies which socioeconomic variables and land-use categories affect the density of PokéStops, and how PokéStops and gyms cluster relative to each other. Using nearest neighbor analysis, this paper assesses also how actual PokéStop locations are reflected in Yelp’s “PokéStop nearby” attribute. Results show that black and Hispanic neighborhoods are disadvantaged when it comes to crowd-sourced data coverage, that PokéStops occur more frequently in commercial, recreational and touristic sites and around universities, and that PokéStops tend to cluster around gyms. The latter suggests that these point sets were generated by a similar location selection process. To mitigate geographically linked biases, future versions of augmented reality and geo-games should aim to make them equally accessible in all areas, for example by placing extra resources, such as points of interest, in neighborhoods that are currently underrepresented in data coverage.
The growth of data publicly available on the internet has been a boon for biological science and conservation. But it is also being used by poachers and dishonest collectors to locate rare plants and animals and sell them illegally for a hefty price.
We’re arguing for regulation to require organisations to take these wider considerations into account
The law should require risk assessments and the legitimate interest balancing test to consider at a wide range of interests
There are three elements to the legitimate interests basis. It helps to think of this as a three-part test. You need to:
- identify a legitimate interest;
- show that the processing is necessary to achieve it; and
- balance it against the individual’s interests, rights and freedoms.
The legitimate interests can be your own interests or the interests of third parties. They can include commercial interests, individual interests or broader societal benefits.
We’re campaigning for regulation to require participation when organisations balance different rights and interests
Organisations are not trusted to make these decisions alone – they need to demonstrate legitimacy
of the decision
of the rationale
We’re pressing for the law to enable and encourage organisations to engage their communities in all data decisions
Organisations need to have permission to use collective approaches to make decisions about data, while continuing to protect us and our rights
Over the next year the UK government will be looking at how it replaces GDPR following Brexit, through the Data Protection and Digital Information Bill. At the same time all the major political parties will be developing their manifestos in the run up to the next General Election, scheduled for 2024 if not before.
We think this means there is a unique opportunity to influence the democratic and participatory governance of data, to ensure it works for us all, as part of the UK’s post-GDPR future.