VGS corporate lawyers
London

+44 2039665531

Milan

+39 0250043613

  • Home
  • Who we are
  • Practice Areas
    • Company law
      • Setting up a company in Italy
      • Corporate governance
      • Bankruptcy
    • Debt Recovery & Credit Collection
    • Arbitration and Mediation
    • Contracts
      • Acquisition Finance
    • White collar crimes
    • Data protection and GDPR
    • Professional Negligence
      • Medical Malpractice
  • People
    • Avv. Valentina Giarrusso
    • Avv. Flavia Di Pilla
    • Avv. Silvia Pellegrini
    • Avv. Giuseppe Ganci
    • Avv. Valentina Improta
    • Dr. Fabrizio Di Patti
    • Avv. Salvatore Fasciana
    • Dr. Yasine Ajlane
  • News & Blog

General Data Protection Regulation Fines and Penalties – Spain

  • by VGS' Editorial Board
  • 13 June 2019
  • Comments (0)

One year after GDPR entered into force, it is possible to observe the first penalties and fines imposed by different Data Protection Authorities to several undertakings and institutions. This brief analysis is useful to provide insights and clarifications over possible misapplications of GDPR and related consequences. 

Country: Spain | Industry: Sport/Entertainment | Company/Institution: La Liga | Non-Compliance: Failure to recognise data subject’s right to withdraw his/her consent.

 An interesting decision released by the Spanish Data Protection Authority (“AEPD”) involves La Liga and its efforts to fight television rights piracy. Then, the Spanish authority has fined the football league La Liga €250.000 for alleged violations of General Data Protection Regulation. 

Spanish league has allegedly infringed basic principles of transparency by realising a mobile application used to see live football matches. However, despite the normal use of such application seems lawful and compliant with local and European privacy laws, the app has been used for different purposes. In fact, during app installation, La Liga has retained the possibility to – remotely – activate a hidden feature with the purpose of tracking bars that unlawfully broadcast football matches. In particular, La Liga could activate device microphones of 4 million users with the purpose of tracking potential pirated signals. Furthermore, according to the Spanish authority, La Liga did not include sufficient informative measure to make users aware about the operation of such feature. 

Art. 7, paragraph 3 of GDPR states data subject’s right to withdraw the consent at any time. Moreover, it continues affirming that consent withdrawal shall not affect the lawfulness of data processing. Again, prior to giving any consent, data subject shall be informed thereof. Finally, the article states that withdrawing the consent shall be easy as to give it. 

The “spy” feature of the app requires data subject’s previous consent. After that, La Liga could remotely activate the microphone with the purpose of detecting pirate signals of Spanish football league. However, as La Liga spokesperson affirmed: “Such signal is converted in a binary code that ascertains whether or not the source code is compatible with the original signal”. Then under these circumstances, there would not be the risk that data subject privacy has been infringed. For this reason, La Liga has decided to promote appeal against Privacy Spanish Authority. 

In such scenario, it appears important to notice what lawful basis for processing has been used by La Liga. In fact, generally speaking, consent is the most common legal base for processing personal data. Then, in this case, it seems likely that by withdrawing the consent you may affect the lawfulness of data processing. Moreover, it might be possible to consider La Liga attempt to protect broadcasting rights for Spanish League as legitimate interest for processing personal data. 

Source: Eldiario.es

  • Data Protection
  • GDPR
  • Share:
Previous Article: The insolvent entrepreneur and criminal liability
Next Article Payment of company directors

Practice Areas

  • Company law
    • Bankruptcy
  • Debt Recovery & Credit Collection
  • Arbitration and Mediation
  • Contracts
    • Acquisition Finance
  • White collar crimes
  • Data protection and GDPR
  • Professional Negligence
    • Medical Malpractice

Free Consultation

    Tags

    ADR Airbnb Arbitration Auditing Brexit Company Law Company Shares Consent Contracts Cookies Copyright Coronavirus Data DataProcessing Data Protection DPO European Union Eviction Free Title GDPR HealtData HouseHold Agreements Italian Bankruptcy Law Italian Business Italian Company Law Italian Corporate Law Italian Criminal Law Italian Debt Recovery Italian Entry Visa Italian Incorporation Italian Intellectual Property Law Italian Legal Advice Italian Privacy Italian Tax Legal guide MedialTreatment Mediation Partnership Patient Personal Data Privacy Processing Research Warranty White Collar Crimes

    Social Links

    • Facebook
    • Instagram
    • LinkedIn

    See also:

    VGS Lawyers

    VGS - Family Lawyers

    © Copyright 2022 | VGS Corporate Lawyers | All right reserved.