1. There have been breaches of data protection law (GDPR as implemented in the Data Protection Act 2018), e.g. players did not consent to data transfer, the data isn't accurate, etc. and it's done on a commercial basis.
2. These breaches were injurious to the economic prospects of the affected players and therefore damages should be awarded.
I would imagine that the cause of action will be the tort of negligence against whoever sold the data on, and/or the gaming, betting, and data-processing companies. This is because they arguably had a duty of care to the players, the duty was breached, and the players suffered some harm -- based solely on the facts in this article.
Regarding personal compilation of statistics, that's fine - there's an exemption for activities of a purely personal nature in the GDPR - which is why you wouldn't get caught, but commercial exploitation of the data falls outside of that.
The idea that everything remotely involving data is forbidden under GDPR is giving it a bad name. I'm reminded of every Comcast sin being labeled as a "net neutrality" issue.
There are probably other exemptions that would apply for innocuous activity freely done in public, with the explicit understanding that it would be filmed.
I doubt statistics won't be consider personal data. For example "Someone shot 5 shots on goal" is not exactly personal data. "Simon Munster played 54 mintues" should not be personal data it's a fact of a public event.
A famous athlete wearing a brand sneaker is also just a fact of a public event. Yet if that brand uses it in advertisement they still need to pay the athlete for permission.
No they need to pay the athlete to wear the brand. Otherwise he wears a different brand that pays him. They also pay for the time the athlete spends making ads for the brand.
If the player just wears the brand through their own choice and they company advertises "As worn by Jordan in NBA all-star game!" then they would not need to pay.
Ads and stats are two completely different things.
GDPR personal data is anything relating to an identifiable person. It’s not an expectation of privacy standard. Data gathered by observing you in public is protected the same as data you share with the controller in confidence.
I think the challenge will be persuading courts that actions that users are paid to undertake in public and contractually agreed to reassign relevant image rights to are [i] 'personal data' under the intended meaning of GDPR and that [ii] something they didn't have informed consent about the possibility third parties might have access to when signing those contracts. Proving actual instances of harm suffered from the dissemination of unfavourable statistics is also going to be tricky (even though there are undoubtedly players that have lost out). It's plausible the net effect of increased statistics on player salaries is positive; certainly they haven't gone down on average.
Since most player contracts are frequently renegotiated and most clubs use third party databases and generate revenue from betting companies (so if necessary they'd all end up with clauses permitting this data use), the long term effects of a favourable stretch of the definition of 'personal data' are more likely to have chilling implications for people collating activity/performance metrics or compiling biographies of other types of public figure anyway...
>Proving actual instances of harm suffered from the dissemination of unfavourable statistics is also going to be tricky (even though there are undoubtedly players that have lost out).
All you would need is one club saying they searched the data for say "any player over six foot" and one player who fit the search term but the data was inaccurate.
I think betting is likely to have an unusually negative economic impact on the players. Loss avoidance means people are more likely to remember players ‘underperforming’ expectations than exceeding them. That’s going to have a negative impact on their marketability as paid sponsors independent of actual performance.
It’s questionable if they can win, but demonstrating damages may be the easiest part of this case.
I think proving a specific instance of lost sponsorship income to the satisfaction of a court is going to be extraordinarily difficult, especially if the argument is that consumers draw more adverse inferences from commercial datasets (which they generally don't have access to themselves; betting companies use them to help set the odds) than watching the matches.
Even more so when the context is that virtually any employer of professional footballers derives some of their revenue from betting, and betting companies are the primary sponsors of half the English Premier League teams and the English Football League organization
You can demonstrate harm without showing specific damages. Damaging someone’s reputation for example isn’t acceptable.
It’s the same basic principle as speeding or drunk driving being illegal even if nobody was actually harmed, putting people at significant risk of harm is not acceptable.
It’s a team sport so they don’t optimize for fantasy leagues. If they are pulled to avoid risk of injury on a blowout their stats look worse. Essentially, a 2:0 win could look worse than a 2:3 loss.
In effect their a RNG that happens to make people dislike them.
Yes, I quite agree that the prospect of success appears remote. They would have an arguable case for negligence regarding data inaccuracy though, so I wouldn't be surprised if they submit that as an additional claim and abandon the GDPR claim if that seems likely to fail.
It seems there's a huge difference if your data is collected when you engage in a private activity (i.e. was not intended for public consumption)and participating in a public event where your behaviour is intended to be consumed by the public.
The GDPR primarily focuses on the intent of the person processing or collecting the data rather than whether the activity you engaged in was private or public, although it does take into account reasonable expectations around privacy as well. I suppose it focuses on that because it's more flexible to enforce.
1. There have been breaches of data protection law (GDPR as implemented in the Data Protection Act 2018), e.g. players did not consent to data transfer, the data isn't accurate, etc. and it's done on a commercial basis.
2. These breaches were injurious to the economic prospects of the affected players and therefore damages should be awarded.
I would imagine that the cause of action will be the tort of negligence against whoever sold the data on, and/or the gaming, betting, and data-processing companies. This is because they arguably had a duty of care to the players, the duty was breached, and the players suffered some harm -- based solely on the facts in this article.
Regarding personal compilation of statistics, that's fine - there's an exemption for activities of a purely personal nature in the GDPR - which is why you wouldn't get caught, but commercial exploitation of the data falls outside of that.