Spain: Soccer App spies on Fans
The app of the spanish soccer league “La Liga” is not GDPR ready. This was the conclusion of the Spanish data protection authority. The app accesses position data and the microphone of the mobile phone. The user was asked for permission about this, when using the app for the first time, but the data protection authority decided this is not enough. It criticized, that the usage of the data was not clear enough transmitted to the users.
The organisers of the Spanish League published the App. They claim, that it is possible to deny the App access to the microphone and the position. The App also continues to function normally after doing so.
The App recieved these features, to detect illegal public viewings of soccer matches. It would access the microphone and listen for the sounds of an soccer broadcast. If it decided, that a soccer match was playing, it then access’ the position of the Smartphone and connects to the servers, which checks, if the soccer match has been viewed in a bar or restaurant, and if the establishment had the permission show it.
The organisers assured, that the App was only sending small samples, from which conversations could not be spied upon. They have since removed the feature. The data protection agency fined them € 250.000,-
La Liga has announced to protest against this fine.
Sources: heise.de (German)
Do you need further information about how to inform people about your data processing? Our GDPR experts will be pleased to advise you.
Art des Verstoßes:
violated duty to inform
Waren sensible Daten betroffen?:
Violation of GDPR Paragraph:
5. Principles relating to personal data processing
6. Lawfulness of processing
7. Conditions for consent