The gaming phenomenon Pokémon Go smashed mobile phone “app” download records this summer based on its innovative blend of reality and digital Pokémon monsters that players could collect by walking around in (mostly) public spaces. But, as is typical with terms of service contracts, most of the more than 100 million people who downloaded the game probably missed an unusual term in the standard Pokémon Go agreement.
Specifically, in addition to the usual boilerplate, the Pokémon Go terms of service included an unprecedented statement informing users “it is your responsibility to maintain such health, liability, hazard, personal injury, medical, life, and other insurance policies as you deem reasonably necessary for any injuries that you may incur” while playing the game. The inclusion of this novel term indicates that lawyers for Niantic, the company that developed Pokémon Go, were well-aware that this unique game also created unique risks.
Pokémon Go is only the latest and most visible entry into the emerging technological space of augmented reality (AR). AR technologies overlay digital information – such as animated Charmanders and Wartortles, in the case of Pokémon Go – over the real world. Although the Pokémon Go craze demonstrated that a huge market exists for AR games, the technology also has myriad educational, technical, and marketing uses. Numerous insurers are experimenting with AR, for example, to assist their customers in reporting claims in real-time. Indeed, one of this article’s authors uses an app from his auto insurer that purports to track the safety of his driving (worrisome?).
The explosion in this synthesizing of the real and digital worlds also brings a potential explosion in risks. Many of these simply amplify the likelihood of existing and well-known liabilities. For example, because Pokémon Go encourages players to explore public spaces and even “public” businesses to find new digital creatures, several players of the game have experienced or caused well-publicized misfortunes. A pair of players in California, for example, walked off a cliff while engrossed in the app. In North Carolina, a teenager was reportedly shot and killed when he attempted to break into a private residence after the Pokémon Go app signaled that a rare creature was lurking inside. There were also news reports of thieves lurking in known Pokémon creature “haunts,” indicating that business owners (or even homeowners) should consider expanded premises liability coverage.
These and many other similar incidents are just new versions of the many risks associated with our epidemic of mobile phone addiction and distraction. As a result, they are most likely covered by standard Commercial General Liability (“CGL”) policy provisions that address normal and foreseeable negligence, trespass, and premises liability scenarios. However, that is just the tip of the iceberg. AR technologies do not just distract users. They also open a pipeline of data between users and a host of companies and services processing the data, which could create major privacy concerns and data security headaches for companies. Although most large employers now have (or should have) vigorous data protection regimes in place, these measures may not account for the risks of AR games or programs. In its initial version, for example, Pokémon Go required players to allow the app to access to Gmail and Google Drive accounts. Anyone who downloaded the app on a mobile device that was used for work, therefore, inadvertently provided unknown third parties with virtually unrestricted access to sensitive information.
Further, many AR applications have the potential to remain “on” at all times, thus raising the risk that confidential corporate data or protected intellectual property could be recorded and transmitted inadvertently. The perpetually-under-development Google Glass headset, for example, consists of a wearable camera and display designed to appear as eyeglasses. An employee who wore such a headset to work, therefore, could inadvertently record every meeting attended, document reviewed, and email drafted, no matter how confidential or sensitive.
The implications of such ubiquitous data collection are dizzying. Not only do AR devices and technologies provide a ripe target for hackers searching for new ways to exploit companies’ vulnerabilities, they also significantly complicate the traditional protections afforded to IP and confidential information.
American constitutional and tort law generally holds that individuals have no reasonable expectation of privacy, for example, in information they convey to a third party. Thus, data collected via an AR device or app that was transmitted to the hosting company could arguably lose any protection afforded by “general” law.
On the other hand, individuals using AR to record their surroundings could face inadvertent liability for copyright or trademark infringement. Because AR devices and apps can record literally everything in sight, they could easily transmit copyright- or trademark-protected designs and images, which could then be reproduced in other mediums. The law has barely even begun to address the liabilities that could arise from this kind of copying and reproduction.
Although many of the AR-related risks cannot be quantified at this time, brokers should at the very least ensure that their clients are aware of the physical and data-security risks that arise from the use of AR. Further, the popularity of Pokémon Go should provide a good starting point for conversations on the appropriate coverage and policy limits under existing CGL policies for businesses that are open to the public. It was not for nothing that Pokémon Go may have been the first app to remind its users to check their coverage. It certainly will not be the last.