How does the UK regulate data collection by sports apps?
Published 13 August 2014 By: Hayley Lawrence
BACKGROUND TO APPS
When it comes to apps, sports fans are increasingly spoilt for choice. Apps may be developed and marketed to sports fans to promote a product, brand or event; to provide real-time statistics (for example the Sky Sports or BBC sports apps), video streaming or instant replays; to allow entry into a contest; to compete in games with other users; to enable "banter”, with other fans; or to use global positioning system (GPS) technology to send promotional measures based on the user's location.
For example, the Sky Sports Football Score Centre app uses a user's location to suggest the nearest pub where users can watch football on Sky Sports. Sports apps that record users' fitness activities such as cycling and running are becoming increasingly popular. Examples of such apps include strava1, runkeeper2 and mapmyride/mapmyrun 3.
Many sports and exercise apps collect and use personal data from its users, (if a living individual is capable of being identified from the data, then the data will be personal data). Personal data may include names, addresses and photographs but is not limited to such information. In the mobile environment, it would include a unique device identifier such as an IMEI number.
Accumulation of personal data brings with it legal obligations for developers. Data protection is not perhaps the most glamorous of the issues confronting the developers of a new app. Indeed developers are, if anything, likely to resent data protection and privacy issues as an unwelcome intrusion into the serious business of creating a product that will stand out from the crowd.
However, data management on mobile devices is an issue of growing importance for both businesses and the public, as highlighted in the privacy in mobile apps guidance (the ICO Guidance4) by the Information Commissioner's Office5 (the ICO), who is responsible for overseeing data protection compliance in the UK. The ICO Guidance advises app developers how to ensure they remain legally compliant.
HOW THE UK PROTECTS DATA COLLECTION BY APPS
The Data Protection Act 1998
In the UK, data protection is governed largely by the Data Protection Act 19986 (the 1998 Act), which implements a European directive that applies across all 28 EU Member States.
When the 1998 Act came into force, apps were far away in the distant future. New data protection legislation, again originating in the EU, is in the offing but it is very apparent that this is an area where the law has struggled to keep up with technology. Accordingly, the legislative gaps tend to be plugged periodically by non-statutory guidance, like that published in December 2013 by the ICO directed at app developers.
The role of Data ControllersThe 1998 Act requires the "data controller" – the person (including a company) who determines the purposes for which, and the manner for which, any personal data are processed7 – to collect and use personal data in accordance with eight data protection principles. These principles include only using data for the purpose for which the data is collected, keeping data accurate and up to date and keeping data secure.
For example, if a user purchased tickets for a sporting event using an app, the 1998 Act requires that information such as name and address are stored securely. If an app user changed their details these should be updated to ensure that records are accurate, failure to do so may for example lead to tickets being sent to the wrong address.
Get access to this article and all of the expert analysis and commentary at LawInSport
Already a member?
Articles, webinars, conference videos and podcast transcripts
This work was written for and first published on LawInSport.com (unless otherwise stated) and the copyright is owned by LawInSport Ltd. Permission is granted to make digital or hard copies of this work (or part, or abstracts, of it) for personal use provided copies are not made or distributed for profit or commercial advantage, and provided that all copies bear this notice and full citation on the first page (which should include the URL, company name (LawInSport), article title, author name, date of the publication and date of use) of any copies made. Copyright for components of this work owned by parties other than LawInSport must be honoured.
- Tags: Contract Law | Data Protection | Data Protection Act 1998 | European Court of Justice | Football | ICO Guidance | Information Commissioners Office (ICO) | Intellectual Property | United Kingdom (UK)
- #update: The evolution of the twitter ‘#’ disclosure rules
- Do English laws sufficiently protect sports stars from social media abuse?
- Data protection and sport – an uncertain partnership
- How successful were FIFA and its sponsors at protecting their brands during the World Cup?