La Liga has been fined 250,000 euros for violating the Spanish Data Protection Agency (AEPD) and the European General Data Protection Regulation (GDPR).
La Liga was found to be using their mobile app to detect the bars that screen football matches without paying. When downloading the app, La Liga activates the microphone of any user’s mobile so that it can detect sounds that bars emits if a private signal is used.
The AEPD deems that La Liga’s warning to users of this procedure was opaque, as recording the user’s environment amounts to a collection of personal data. Due to the nature of mobile devices, often users are unable to remember if they have consented to the device collecting surrounding data.
Therefore it is necessary that the app notifies the user and provides additional information every time the collection of data is activated.
Additionally the AEPD believes that La Liga has violated Article 7.3 of the GDPR, which requires users the ability to withdraw their consent at any time.
La Liga has denied all allegations about infringement of data protection standards, and claims that the technology and procedures used to obtain users’ consent appear in the app and thus compliancy exists.
La Liga said:
“We deeply disagree with the interpretation that AEPD has made of this technology so far.
“…and we sincerely believe that it [AEPD] has not made the necessary effort to understand how it works.”
The AEPD has given La Liga a month to correct the issues on the app. The AEPD has suggested the introduction of an icon to indicates the app has activated the microphone. However, the soccer league responded that the icon “could be misleading” and even cause fear to the users.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.