Of all the public debates that Spanish soccer’s La Liga has been getting itself into lately, few would have guessed that a row over the intricacies of data protection laws might be next on the agenda.
And yet, here we are.
A few months ago, in the latter half of March, a La Liga press release dropped into SportsPro’s in-tray. The announcement heralded the first guilty verdicts to be brought against public establishments that had dared to illegally broadcast live games featuring the likes of Real Madrid and Barcelona. In total, more than 600 locations were to have legal proceedings opened against them.
The story didn’t quite make it through the SportsPro daily news auditions, but it certainly didn’t go unnoticed. After all, La Liga had only a month earlier shut down three illegal IPTV platforms in Brazil, which between them had attracted more than 1.5 million visits per month and over 8,000 subscribers. Spain’s top flight is also one of many to have feeds of its games stolen by Saudi-backed pirate broadcaster BeoutQ.
In that context, La Liga’s announcement was an excuse to celebrate a rare triumph in sport’s epic battle against the sprawling threat of piracy; a victory for good over evil in the never-ending tussle to preserve the sanctity of broadcast deals around the world. Right?
Wrong - at least according to Spain’s data protection agency (AEPD). Last week the story came full circle as the national watchdog slapped La Liga with a €250,000 fine – approximately US$280,000 – for violating a number of EU laws on transparency and data privacy.
The reason? La Liga’s official app – downloaded by more than four million people to keep track of game results and stats - had apparently been using a Shazam-like feature to do some snooping of its own. The AEPD ruled that the platform was utilising smartphone microphones and location services to – remember that press release I mentioned - detect bars illegally streaming games. On top of the fine, La Liga has been ordered to take the app down by the end of the month.
At a time when paranoia leads many to believe that companies like Facebook are eavesdropping on their conversations, the image of Javier Tebas and co camped out in a van full of audio monitors and listening in on lager-fuelled secrets was always likely to cause some concern.
However, while the temptation has been to suggest that La Liga is spying on its fans, the act of listening is not exactly why it is being held accountable. Instead, the league was penalised for not waving big red virtual flags to adequately alert its app users to what the platform had been designed to do.
And, through its Santander-branded specs, La Liga claims it is the first high-profile sports league to fall victim – and I use that word on purpose – to the finer details of GDPR since the regulations were rolled out last year.
In response to its punishment, La Liga argued that the app does in fact ask the user to gain access to their phone’s microphone and location, adding that the fine print does explain that in doing so fans are consenting to the league leveraging their devices to detect fraudulent behaviour.
La Liga also contends that the technology does not listen out for actual conversations, but only for a specific 'acoustic fingerprint' linked to live broadcasts.
‘We profoundly disagree with this decision, consider the fine that has been imposed unfair, and believe the AEPD hasn’t made enough effort to understand how this technology works,’ the league insisted in a statement. ‘As a result, we will challenge the decision to show that we have always acted legally and responsibly.
‘La Liga would not be acting diligently if it did not use all means at its disposal to fight against piracy. This is a major undertaking given the scale of fraud in the market, which is estimated to cost around €400 million a year.’
Here, then, lies the motivation. A €250,000 fine is a mere drop in the ocean compared to the amount La Liga claims to lose annually because of illegal streaming, which any rights holder will tell you now poses as big a threat as any to their revenues. They too will be watching on with interest to see if the Spanish league’s punishment is upheld.
Sports organisations will undoubtedly now be advised to tread more carefully, but there are grounds to suggest that regulators ought to be doing more to support rights holders in what must increasingly feel like a losing battle – especially when broadcasters like BeIN Sports, one of the principally affected parties in the BeoutQ scandal, is having to lay off staff because of piracy-shaped dents in its profits.
While Article 5.1 of the GDPR might still have La Liga and its marketing executives scratching their heads, what is more apparent is that the organisation will not be deterred by this slap on the wrist. Amidst warnings that pirate operations are becoming more sophisticated than ever, the Spanish body now runs its own anti-piracy department and has previously enlisted Google, Facebook and Twitter to aid its efforts.
In fact, in amongst all this, it might not be too offensive to suggest that had La Liga not been pulled up by the AEPD then it would probably be putting itself forward in some sort of innovation category at next year’s BT Sport Industry Awards.
What this episode has really highlighted, though, is an unlikely confrontation between data protection and piracy in sports – a complex new struggle between the right to privacy and that of intellectual property, between pirates and spies. What will worry La Liga and its peers is that the former look like they are being allowed to sail away from those trying to catch them.