Spain - La Liga fined for using phone microphones in anti-piracy initiative

The Spanish data protection authority (the AEPD) has reportedly fined Spain’s top football division, La Liga, €250,000 for an alleged violation of the GDPR.

The App

In an attempt to fight piracy, La Liga’s official live football scores App remotely accessed its 10+ million users’ microphones and geolocation information to determine whether a user is in a bar or public place that is illegally broadcasting live games.

La Liga claimed that the App asks for permission to access users’ location and microphone, and that the data received via the app is no more than an acoustic fingerprint of the broadcast signals in the background, not understandable audio.

La Liga stated the App uses Shazam-like technology to identify whether such identified broadcast signals match paid broadcast signals at the user’s location. This acoustic fingerprint is converted to a hash value that cannot be later reversed to access the original sound.

Breach of the transparency principle

These explanations were not accepted by the AEPD who decided to impose a €250,000 fine on La Liga for the violation of the transparency principle of the GDPR, i.e. the requirement personal data should be processed lawfully, fairly and in a transparent manner in relation to the data subjects (Article 5(1)).

Organisations processing personal data are required to inform individuals in a clear and transparent manner. According to the AEPD, La Liga has failed to provide users with such clear information about how the App recorded the audio of the users.

In a press release, La Liga denied violating data protection law and confirmed that it will appeal the AEPD’s ruling. AEPD has not yet published its decision or made any official announcement on this matter.