Spain: La Liga project (again) breaches data protection laws

source: Agencia EFE, LaLiga, FIFPRO, ElDiario; author: Miguel Ciołczyk Garcia

Spain: La Liga project (again) breaches data protection laws Spain's Data Protection Authority has issued a firm letter warning Primera Division authorities that their planned programme to identify fans' faces is illegal. But why does LaLiga need a system to recognise fans in stadiums?


La Liga wants to fight violence and discrimination

According to a FIFPRO report, violence against footballers has increased in recent years, with more and more players fearing triggers and attacks. It is no different in the Spanish Primera Division, where racism and insults are not uncommon. The league's authorities want to do more than just token gestures and slogans to end the problem.

At the December meeting of the EU Council's Working Group on Sport, LaLiga representatives described their action against hate in football based on education, prevention and response. They went on to emphasise the need, in their view, for the league authorities to be legally empowered to punish acts of hatred, racism, xenophobia or intolerance.

Estadio El Sadar© CA Osasuna | Estadio El Sadar

Noble intention, poor execution

LaLiga has issued a tender for a system that will recognise the faces of fans who commit crimes motivated by prejudice in order to punish them. This prompted a reaction from the Spanish Data Protection Authority (AEPD), which indicated that such software would breach data protection laws.

The letter, signed by Mar España, director of the AEPD, indicates that there must be a high-risk reason for the use of a system analysing biometric data. Before implementing the solution, it must be verified that it meets the assumptions of adequacy, necessity and proportionality of the measures taken, and that the data thus obtained is adequately protected as particularly sensitive information.

The AEPD also suggested the use of less intrusive solutions, and stressed that LaLiga should first consult on the planned measures, check that there is a viable rationale for such a system, and only then call for tenders, not the other way around.

Coliseum© The Hausmeister's Groundhopping | Coliseum

This is not the first such 'mistake'

The Spanish top league authorities have repeatedly faced criticism for their controversial approach to data protection and privacy. In 2019, it came to light that a microphone and location were used to check whether bars frequented by users of the official LaLiga app were broadcasting unlicensed matches.

At the time, LaLiga argued that the app only switched on the microphone for a short while and only checked the audio match broadcast. It did not record anything or listen to the calls, and furthermore the feature was experimental and worked after the user agreed to access the microphone. Despite this, the AEPD believed that the request for consent to access did not comply with the guidelines and fined LaLiga with €250,000, which the league unsuccessfully appealed.

It seems that the introduction of a spectator identification system in stadiums will not happen, at least for the time being. Even so, it is surprising that La Liga is so careless in introducing such far-reaching solutions.

San Mames Barria© Marco Almbauer (cc: public domain) | San Mames Barria