How does the UK regulate data collection by sports apps?
BACKGROUND TO APPS
When it comes to apps, sports fans are increasingly spoilt for choice. Apps may be developed and marketed to sports fans to promote a product, brand or event; to provide real-time statistics (for example the Sky Sports or BBC sports apps), video streaming or instant replays; to allow entry into a contest; to compete in games with other users; to enable "banter”, with other fans; or to use global positioning system (GPS) technology to send promotional measures based on the user's location.
For example, the Sky Sports Football Score Centre app uses a user's location to suggest the nearest pub where users can watch football on Sky Sports. Sports apps that record users' fitness activities such as cycling and running are becoming increasingly popular. Examples of such apps include strava1, runkeeper2 and mapmyride/mapmyrun 3.
Many sports and exercise apps collect and use personal data from its users, (if a living individual is capable of being identified from the data, then the data will be personal data). Personal data may include names, addresses and photographs but is not limited to such information. In the mobile environment, it would include a unique device identifier such as an IMEI number.
Accumulation of personal data brings with it legal obligations for developers. Data protection is not perhaps the most glamorous of the issues confronting the developers of a new app. Indeed developers are, if anything, likely to resent data protection and privacy issues as an unwelcome intrusion into the serious business of creating a product that will stand out from the crowd.
However, data management on mobile devices is an issue of growing importance for both businesses and the public, as highlighted in the privacy in mobile apps guidance (the ICO Guidance4) by the Information Commissioner's Office5 (the ICO), who is responsible for overseeing data protection compliance in the UK. The ICO Guidance advises app developers how to ensure they remain legally compliant.
HOW THE UK PROTECTS DATA COLLECTION BY APPS
The Data Protection Act 1998
In the UK, data protection is governed largely by the Data Protection Act 19986 (the 1998 Act), which implements a European directive that applies across all 28 EU Member States.
When the 1998 Act came into force, apps were far away in the distant future. New data protection legislation, again originating in the EU, is in the offing but it is very apparent that this is an area where the law has struggled to keep up with technology. Accordingly, the legislative gaps tend to be plugged periodically by non-statutory guidance, like that published in December 2013 by the ICO directed at app developers.
The role of Data ControllersThe 1998 Act requires the "data controller" – the person (including a company) who determines the purposes for which, and the manner for which, any personal data are processed7 – to collect and use personal data in accordance with eight data protection principles. These principles include only using data for the purpose for which the data is collected, keeping data accurate and up to date and keeping data secure.
For example, if a user purchased tickets for a sporting event using an app, the 1998 Act requires that information such as name and address are stored securely. If an app user changed their details these should be updated to ensure that records are accurate, failure to do so may for example lead to tickets being sent to the wrong address.
Continue reading this article...
Already a member? Sign in
Get access to all of the expert analysis and commentary at LawInSport including articles, webinars, conference videos and podcast transcripts. Find out more here.
- Tags: Contract Law | Data Protection | Data Protection Act 1998 | European Court of Justice | Football | ICO Guidance | Information Commissioners Office (ICO) | Intellectual Property | United Kingdom (UK)
- Data protection and sport – an uncertain partnership
- #update: The evolution of the twitter ‘#’ disclosure rules
- Do English laws sufficiently protect sports stars from social media abuse?
- How successful were FIFA and its sponsors at protecting their brands during the World Cup?