Consumer advocates in Germany have threatened Niantic Labs, the company that runs the hit augmented-reality game Pokémon Go, with a lawsuit if it doesn’t make the mobile app’s terms more privacy-friendly.
The Federation of German Consumer Organizations (VZBV) said on Wednesday that Niantic would need to change 15 of the clauses in its user terms and privacy policy, in order to comply with German privacy and consumer protection law.
If Niantic does not change those terms in Germany by August 9, the VZBV said it would sue it. It sent an official legal warning to Niantic on Tuesday evening, according to Heiko Dünkel, the VZBV legal policy officer who wrote the notice.
Get Data Sheet, Fortune’s technology newsletter.
The federation’s main problem with Pokémon Go‘s terms and conditions is that they give Niantic the right to pass on user data to third parties at the company’s discretion. As the game inherently involves a lot of location tracking and can connect with users’ Google (GOOG) accounts, the VZBV is worried that the data involved could be quite sensitive.
The VZBV also highlighted various flaws in Niantic’s T&Cs that are regular bugbears for German data protection enforcers. For example, the company can amend the terms at any time or discontinue the service without user consent. The language of the policies is also hard for regular people to understand.
“We think is there is not a high enough level of consent in the use of data—these extended rights of giving users’ data away to third parties in circumstances, which are not sufficiently described,” Dünkel told Fortune.
If users have any disputes with the game provider, the terms also state that they have to go to arbitration in California, which is not a practical option for people in Europe. According to the VZBV, that’s not acceptable because people in Germany are within the jurisdiction of German and European consumer protection law.
Germany has always had very enthusiastic defenders of data privacy—it literally invented the field of data protection law—but it’s not the only country where people are concerned about Pokémon Go.
Last week, U.S. senator Al Franken also asked Niantic to better explain how it collects and uses players’ data, and with whom it might share that data. Like the VZBV, Franken said he was worried that Niantic was not getting “appropriate consent” from its users.
If Niantic does not amend its terms as ordered, Dünkel said, the VZBV will likely apply for a cease-and-desist order against it.
For more on Pokémon Go, watch our video.
So why is the federation going after this game? After all, many apps, particularly those coming out the U.S., have similar terms and conditions.
Dünkel noted that the VZBV has also gone after the alleged transgressions of Google and Facebook (FB). However, he acknowledged that the high profile of the Pokémon Go, along with its large numbers of users, made it an attractive target.
“Because there’s a lot of public attention, we can better place our concerns about these apps in the public space,” Dünkel said. “We have limited resources. There are only four people here doing these kinds of legal warnings and procedures, so we have to carefully think of which companies we choose.”
Niantic Labs, which spun out from Google last year and produces the game in partnership with The Pokémon Company, had not responded to a request for comment at the time of writing.
