Is La Liga’s slap on the wrist a win for piracy?
By Daniel Brown, Lead Data Strategist @ PTI Consulting
When two wrongs don’t make a right! A fine has been given to the Spanish top football division La Liga. The reason? Snooping on users with inbuilt app technology primarily built to stop piracy.
Piracy is a challenge that sits across every major sporting league and in an attempt to protect themselves, they have unfortunately landed themselves with this substantial fine. However, is the word unfortunate right? Maybe they should have been transparent with the implications of technology and the complexity of data. Instead, through not having tight terms and conditions and privacy policies in place reputational damage has occurred without having solved the original problem.
Is this now the tipping point for sport, apps, data and compliance? We are a year into GDPR and there have not been that many fines of note in this sector. We could now see it spiral in both directions; with individuals who are doing something illegal in the form of piracy coming back at you with regards to your own snooping alongside members of the public feeling empowered to own their data and becoming more aware of its uses.
It’s all very interesting and it opens the door to look at the sports and entertainment world. Who will be able to stop piracy without breaking the new data protection laws? Hint – you better have your policies in place to enable the investigation to be done without comeback.
The answer is to be as clear as you can for anything you are asking fans to sign up for. Whether it is an app, a single ticket or a season ticket…you need to be very upfront in terms of what’s happening with the customer data. We are all aware of the big tech companies and the net they cast…so it is a very hot topic, and it’s a hot topic for the consumer. Making sure that your privacy policy is nailed on and very clear in terms of what you are doing and what you are signing up to. It comes down to two simple words;
- Accountability – who is going to be the controller, processor and/or sub-processors and how may this data be used?
- Visibility – how can you change your preferences, understand what is happening in detail and is it understandable in consumer language, not in that of the articles of GDPR which means little to the masses. You have to strike that correct balance between legal protection for your company and understandable transparency for the consumer
One of the interesting perspectives in this case, could be if they hadn’t of had this fine, La Liga would have been held up as a champion for anti-piracy, trying to keep illegal activity out of the sport and act as a bit of a shining beacon? Arguably yes – as many rightsholders are looking at the area. However, I think that La Liga will be conservative and switch off that part of the app ability and act quickly to make sure fans are aware of what they are doing.
My top 3 tips for data collection
Be transparent!
Data is anything you are collecting and must have a positive opt-in. You have to be clear up front what you’re doing and why. So, be clear up front, get the positive opt-in, say what you’re doing it in terms of the benefit to the fan, to enhance their journey and you then start to build that trust.
Not all consumers are lawyers!
Your privacy policy must be clear and understandable. Avoid going down the route of “we’ve got a privacy policy and its legally binding.” How many of your fans are lawyers who can read a complex privacy policy? Be clear in your privacy policy what you’re doing with the ability to make changes, pointing out where you can do that, and don’t do down the legal jargon route.
Process makes perfect!
Ensure that your process and back end systems deal with the data you collect in the optimal way. A recent example we’ve been involved in saw a fan of a Premier League client request all information on the data they held for him as an individual. The club had all the correct procedures in place in terms of communicating back, in terms of giving the information that’s been collected, the dates, the timestamps etc. This ensures trust is built between the club and the fan and holds up to an independent assessment should this come.
With GDPR, just having a privacy policy isn’t enough. It’s being able to react positively when something happens and you have the correct procedures in place, which means that technologically you have the correct time stamps of what has been collected. GDPR doesn’t stop just at the privacy policy it’s how you have everything set up in the back end, to deal with complaints, to deal with questions and technologically have it in a place so that you can log all of this and then have the robust procedure and communication process.