News / Spanish La Liga fined €250,000 under GDPR for using app to spy on fans
Spanish La Liga fined €250,000 under GDPR for using app to spy on fans
12 June 2019 |
The Spanish Data Protection Agency (AEPD) has fined the Spanish football league La Liga 250,000 euros (£222,532) for using its official Android app to listen to users' surroundings when the latter played live football matches on the app.
The huge fine has been imposed by the Spanish Data Protection Agency (Agencia Española de Protección de Datos) under the General Data Protection Regulation that authorises data protection authorities to impose a maximum fine of €20 million, or 4% annual global turnover to erring organisations.
According to AEPD, the exemplary fine has been issued to Spanish La Liga as the latter used its Android app to listen to users' surroundings during matches without properly educating users about the feature that required access to microphones and GPS on their devices.
Even though the official La Liga app request users to authorise its access to microphone and location, AEPD noted that the app did not inform users that the app activated microphones during live games for the purpose of combating piracy. AEPD has also advised La Liga to introduce new mechanisms to better inform users about how its app functions and for what purposes the app needs access to device functionalities.
La Liga terms AEPD's decision unjust and unfounded
"La Liga disagrees profoundly with this decision, rejects the penalty imposed as unjust, unfounded and disproportionate and considers that the AEPD has not made the necessary efforts to understand how the technology works. As a result, it will judicially challenge the resolution to demonstrate that its action has always been in accordance with law and responsibility," said La Liga in a statement in response to the fine issued to it by AEPD.
The football league said that in order for the feature, that requires microphone and GPS access, to work, a smartphone user needs to expressly authorise the app on two occasions and even if the user does not provide authorisation, she can continue to use the app and all its features without any limitations.
The app feature that has drawn the ire of AEPD is one that allows La Liga to listen to users' surroundings and use device location to geo-locate a particular user during live matches. This way, the app can detect the location of restaurants and bars that broadcast live football matches illegally.
According to La Liga, the feature was introduced so that it could determine the location of restaurants, bars and other public places that illegally broadcast live football matches and thereby inflict losses of approximately 400 million euros per year to La Liga by flouting audiovisual rights.
La Liga app doesn't record human conversations
"The technology used is designed to generate only a specific sound footprint (acoustic fingerprint). This fingerprint only contains 0.75% of the information, discarding the remaining 99.25%, so it is technically impossible to interpret the voice or human conversations. This footprint is transformed into an alphanumeric code (hash) that is not reversible to the original sound, La Liga said.
It added that an independent expert report has confirmed that the technology "does not allow La Liga to know the content of any conversation or identify potential speakers" and that the fraud control mechanism "does not store the information captured from the mobile microphone" and "the information captured by the mobile's microphone is subjected to a complex transformation process whose result is irreversible".
"The AEPD orders LaLiga to introduce mechanisms that reinforce the user's knowledge of the moment in which this functionality is in use. In this sense, the application of the modifications indicated by the AEPD no longer applies because this functionality will no longer be used by the end of this season (June 30), as was initially foreseen.
"LaLiga will continue to test and implement new technologies and innovations that allow us to improve the experience of our fans and, of course, fight against this very serious scourge that is piracy," it added.
Latest posts by Jay Jay (see all)
- HMD Global shifts its data centre from Singapore to Europe - 18th June 2019
- Danish DPA fines IDdesign £180,000 for illegally storing personal data of 385,000 customers - 17th June 2019
- Mermaids UK apologises for suffering “historical data breach” - 17th June 2019
- Home Secretary signs US’ extradition request for Julian Assange - 14th June 2019
- MI5 transgressed Investigatory Powers Act while handling citizen data - 14th June 2019