LaLiga facing €250k fine for GDPR violations in app used to spy on users
Spanish soccer league LaLiga is facing a fine of €250,000 (approximately $283,000) for GDPR violations resulting from a convoluted wiretap in their smartphone app intended to curb piracy of soccer match broadcasts. The Spanish Agency for Data Protection (La Agencia de Protección de Datos, or AEPD) levied the fine this week due to the league's violation of consent-related clauses in the GDPR, as LaLiga did not properly disclose the nature of the microphone usage.
LaLiga introduced a feature in the official Android app last year that activates the microphone and GPS functions when matches are being played, under the pretense of using the features to identify venues such as bars or restaurants that are broadcasting soccer games illegally.This functionality is not happening surreptitiously, as the app requests access to the microphone and geolocation service—it does not rely on a vulnerability to access these components without explicit permission—as TechRepublic reported a year ago. Despite this, users were not explicitly informed of the intended use of the microphone and geolocation permissions, which is central to the decision by AEPD to levy fines against LaLiga.
According to the ABC report, LaLiga intends to appeal, stating that AEPD "has not made the necessary effort to understand how technology works." (Quote software translated.) Despite this, LaLiga will disable the listening function on June 30, the end of the season.