As people wander around with their smartphones out (but don’t drive) playing Pokemon Go, some people have concerns about the data that the game collects. After all, it’s installed on our smartphones, which are full of very personal information, and gathers information about real-world locations that we visit. That combination of information could be dangerous in the wrong hands, and Senator Al Franken of Minnesota is here to make sure users of new technology stay safe, just as he did when the Oculus Rift was released.

Augmented-reality games like Pokemon Go aren’t actually new, but it’s the first time that this type of game has been released to the masses, including kids. In the letter, the Senator calls the game’s 7.5 million downloads to date “impressive,” and it is, but the game also raises questions about privacy and data safety along with questions about the nature of reality.

“I am concerned about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users’ personal information without their appropriate consent,” Franken wrote in the letter. [PDF]

Where things get fuzzy is in the game’s privacy policy. The game can have access to just about all of the data in a customer’s Google account, and in iOS, doesn’t provide an opportunity to opt out when first beginning to play. That data is shared with outside companies, some of which aren’t named, and would be transferred to new owners if Niantic is sold or merges with another company. Yet the game also has a rating that indicates it’s appropriate for children.

Franken has seven questions for Niantic about its collection of data, asking for more details on privacy policy items and why they’re necessary for catching cartoon monsters. For example, the game can collect information from the phone, and also information from electronic beacons in the real world: how is that information used by the company?

The senator also asks what we’re all thinking: if users are able to opt out of some of the extensive data collection, why not make it opt-in to begin with? How does the company handle the data it collects from children, while getting consent from their parents?

Most importantly, Niantic revealed that it inadvertently had full access to iOS-using players’ Google accounts, including their e-mails, during the week that it became a nationwide craze. Franken has asked the company for an update on a fix to the problem, and pointedly asked the company to confirm whether it ever accessed or used any of that information. (The company says that a version of the game released today fixes it.)

Sen. Franken Presses Makers of “Pokemon GO” Smartphone App Over Privacy Concerns [U.S. Senate] (Thanks, Chris!)

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.