With over 50 million downloads already logged on GooglePlay and countless more from the Apple App Store, Pokémon Go is officially a phenomenon. And, as with many cutting-edge consumer technologies, the core game mechanics of Pokémon Go depend on mobile technology and digital consumer identity: Players are logged in using their personal Gmail credentials, and are tracked via GPS as they wander about “catching” magical creatures. Suffice to say that success for mobile gaming — as well as anyone doing business with a digital audience — hinges on the ability to recognize users and collect their data, safely and compliantly. With Pokémon Go, gaming and business collide, exposing great opportunity for companies — but at what price to consumers and their privacy?

Identity Data Capture a Boon for Businesses, Marketers

In Pokémon Go’s case, its use of social profile data (players are currently authenticated through Google, but likely soon through other identity providers like Facebook) and information generated by gameplay creates valuable new avenues for forward-thinking marketers to drive revenue. For example, for $1, businesses can buy virtual “lures” that briefly draw Pokémon Go players to their stores. These businesses can then further capitalize on the game by selling Pokémon Go-themed products. All the while, as players move through the game, their location is tracked by GPS, yielding rich information about their shopping preferences or habits. Niantic Labs, Nintendo’s partner on Pokémon Go, might sell this collected data to marketers looking to uncover consumer preferences, such as frequently visited locations.

One business capitalized on Pokémon Go in a very unique way. Last month, French furniture store But held a competition whereby players that entered one of But’s 200 stores, captured a Pokémon there, and took a photo won a 10 percent discount. The first two to tweet a photo under hashtag “#butattrapeztous” (“But catch them all”) won vouchers worth up to 200 euros. The store’s co-creative director of digital proclaimed the campaign a success, with all but nine of its stores attracting players. In all, it handed out 400 vouchers to potentially new customers, worth about 80,000 euros.

Is the Privacy Tradeoff Worth It?

Despite the fun everyone’s having and businesses’ and marketers’ windfall, Pokémon Go has a hint of a dark side, as it’s not just preference-related data that’s captured. In fact, while on the hunt for Pikachu and Snorlax, Pokémon Go addicts are putting their privacy and online identities at risk in other ways. Email and contacts are collected through their personal Gmail accounts, which not only links personal information with Pokémon Go activity, but also exposes a player’s Google credentials to the app owner. Perhaps even more vexing is the geolocation data that’s collected. Pokémon Go players are tracked wherever they go, bringing an entirely new set of data privacy questions to the table. Even picture-taking while playing can be a risk because the location where a player takes a photo is likely embedded into the photo’s metadata.

Privacy concerns are spiking across the pond in big ways too. Fortune just revealed that German consumer advocates are challenging a handful of clauses in Niantic Labs’ user terms and privacy policy that don’t comply with privacy and consumer protection laws in Germany. Specifically, the clauses give Niantic “the right to pass on user data to third parties at the company’s discretion.” True, social login data is permission-based, but it should only be used by the company it’s shared with. Social networks and other identity providers maintain strict privacy policies that every business must adhere to in order to gain access to user profile data. Ignoring this basic rule means compromising customer trust and relationships. In short, Niantic may need to prepare itself to lose some German players.

If players outside of Germany are worried about the amount and type of data they compromise while playing Pokémon Go, they’re not letting on. They seem to be more upset by the recent update that fixes bugs, enables customizations and, ironically, disables the Pokémon Tracker. In fact, as of this writing, App Store ratings of the game have been removed due to an outpouring of negative reviews in response to the update.

With Great Data Comes Great Responsibility

As players turn a blind eye to privacy concerns in favor of “catching them all,” the responsibility falls to businesses to ensure the transparent, secure and compliant use of consumers’ personal data. Handling the type of data generated by Pokémon Go players requires businesses keep pace with data privacy compliance and social network policies, as consumer data must be secured at rest, in use and in transit.

This requires technologies purpose-built to automate the responsible and secure collection of Pokémon Go players’ personal data ensure a seamless user experience while also protecting digital consumer identities and data. They also ensure businesses avoid non-compliance with a growing list of privacy laws.

Pokémon Go is the tip of the iceberg for mobile gaming. The very near future promises endless new digital diversions for the gamer and a large cache of valuable data. Savvy businesses will turn to modern technologies to collect and use this data responsibly, securely and compliantly — in turn cultivating and maintaining trust among their growing customer base.