We can change how data is regulated

We’re advocating for the law to recognise that harms don’t just fall on individuals

Data protection regulations such as GDPR should address more than privacy, including wider harms from non-personal data

Harms to our
communities

Harms to our
democracies

Harms to our
environment

In 2016, Niantic Labs released Pokémon Go, an augmented reality smartphone game that attracted millions of users worldwide. This game allows users to “catch” Pokémons through their mobile cameras in different geographic locations that often correspond to prominent places. This paper analyzes the distribution of PokéStops, Pokémon gyms, and spawnpoints in selected urban areas of South Florida and Boston. It identifies which socioeconomic variables and land-use categories affect the density of PokéStops, and how PokéStops and gyms cluster relative to each other. Using nearest neighbor analysis, this paper assesses also how actual PokéStop locations are reflected in Yelp’s “PokéStop nearby” attribute. Results show that black and Hispanic neighborhoods are disadvantaged when it comes to crowd-sourced data coverage, that PokéStops occur more frequently in commercial, recreational and touristic sites and around universities, and that PokéStops tend to cluster around gyms. The latter suggests that these point sets were generated by a similar location selection process. To mitigate geographically linked biases, future versions of augmented reality and geo-games should aim to make them equally accessible in all areas, for example by placing extra resources, such as points of interest, in neighborhoods that are currently underrepresented in data coverage.

quote
quote

The growth of data publicly available on the internet has been a boon for biological science and conservation. But it is also being used by poachers and dishonest collectors to locate rare plants and animals and sell them illegally for a hefty price.

We’re arguing for regulation to require organisations to take these wider considerations into account

The law should build on the legitimate interest balancing test, and encourage organisations to look at a wide range of interests

Organisational
interests

Privacy of
data subjects

Group
harms

Public
good

Environmental
impact

quote
quote

There are three elements to the legitimate interests basis. It helps to think of this as a three-part test. You need to:

  • identify a legitimate interest;
  • show that the processing is necessary to achieve it; and
  • balance it against the individual’s interests, rights and freedoms.

The legitimate interests can be your own interests or the interests of third parties. They can include commercial interests, individual interests or broader societal benefits.

We’re campaigning for regulation to require participation when organisations balance different rights and interests

Organisations are not trusted to make these decisions alone – they need to demonstrate legitimacy

Transparency
of the decision

Transparency
of the rationale

Including
those affected

We’re pressing for the law to enable and encourage organisations to engage their communities in all data decisions

Organisations need to have permission to use collective approaches to make decisions about data, while continuing to protect us and our rights