Skip to main content

How does the UK regulate data collection by sports apps?

Friday, 15 August 2014 By Hayley Lawrence
Mobile apps are increasingly being used by sports clubs and companies to engage with fans, clients and stakeholders. However, the data collected by apps needs to be handled carefully. The Information Commission recently issued guidance to ensure mobile app developers and operators stay legally compliant. Hayley Lawrence explains.


Sports apps

When it comes to apps, sports fans are increasingly spoilt for choice. Apps may be developed and marketed to sports fans to promote a product, brand or event; to provide real-time statistics (for example the Sky Sports or BBC sports apps), video streaming or instant replays; to allow entry into a contest; to compete in games with other users; to enable "banter”, with other fans; or to use global positioning system (GPS) technology to send promotional measures based on the user's location.

For example, the Sky Sports Football Score Centre app uses a user's location to suggest the nearest pub where users can watch football on Sky Sports. Sports apps that record users' fitness activities such as cycling and running are becoming increasingly popular. Examples of such apps include strava1, runkeeper2 and mapmyride/mapmyrun 3.

Data Collection

Many sports and exercise apps collect and use personal data from its users, (if a living individual is capable of being identified from the data, then the data will be personal data). Personal data may include names, addresses and photographs but is not limited to such information. In the mobile environment, it would include a unique device identifier such as an IMEI number.

Accumulation of personal data brings with it legal obligations for developers. Data protection is not perhaps the most glamorous of the issues confronting the developers of a new app. Indeed developers are, if anything, likely to resent data protection and privacy issues as an unwelcome intrusion into the serious business of creating a product that will stand out from the crowd.

However, data management on mobile devices is an issue of growing importance for both businesses and the public, as highlighted in the privacy in mobile apps guidance (the ICO Guidance4) by the Information Commissioner's Office5 (the ICO), who is responsible for overseeing data protection compliance in the UK. The ICO Guidance advises app developers how to ensure they remain legally compliant.


The Data Protection Act 1998

In the UK, data protection is governed largely by the Data Protection Act 19986 (the 1998 Act), which implements a European directive that applies across all 28 EU Member States.

When the 1998 Act came into force, apps were far away in the distant future. New data protection legislation, again originating in the EU, is in the offing but it is very apparent that this is an area where the law has struggled to keep up with technology. Accordingly, the legislative gaps tend to be plugged periodically by non-statutory guidance, like that published in December 2013 by the ICO directed at app developers.

The role of Data Controllers

The 1998 Act requires the "data controller" – the person (including a company) who determines the purposes for which, and the manner for which, any personal data are processed7 – to collect and use personal data in accordance with eight data protection principles. These principles include only using data for the purpose for which the data is collected, keeping data accurate and up to date and keeping data secure.

For example, if a user purchased tickets for a sporting event using an app, the 1998 Act requires that information such as name and address are stored securely. If an app user changed their details these should be updated to ensure that records are accurate, failure to do so may for example lead to tickets being sent to the wrong address.

To continue reading or watching login or register here

Already a member? Sign in

Get access to all of the expert analysis and commentary at LawInSport including articles, webinars, conference videos and podcast transcripts.  Find out more here.

Related Articles

Written by

Hayley Lawrence

Hayley Lawrence

Hayley works in the Regulatory & Compliance Group at law firm Walker Morris LLP.  She advises clients on a range of regulatory matters including: financial services, anti-bribery and corruption, data protection and health and safety. Hayley regularly liaises with regulators on behalf of clients, including the Office of Fair Trading, the Financial Conduct Authority (FCA), the Health and Safety Execute (HSE) and the Information Commissioner's Office.

Leave a comment

Please login to leave a comment.

Upcoming Events