Red Card! The Spanish Data Protection Authority has issued LaLiga a 250,000 EUR fine for using its mobile app to detect bars illegally broadcasting soccer matches, without duly disclosing this data processing activity in violation of GDPR.
When installing the application and receiving user approval, LaLiga remotely activated the microphone of any user’s mobile phone in order to detect, through the analysis of ambient sound, whether the user is in a bar broadcasting the match without paying the required fee. It also collected exact location.
AEPD deemed an initial notice and consent insufficient. Instead, holding that LaLiga must notify the user every time it activates this data collection, for example, by means of an icon that indicates that the app has activated the microphone itself to track the ambient sound.
The user should also be able to revoke their consent each time. LaLiga was given a month to to correct these deficiencies in the app. It has declared that it will appeal this decision. LaLiga contends that no personal data is processed, but rather just the sound signature of the broadcast.