Can football players get compensation from trade companies using their performance data?

The sports industry frequently uses data analytics to create valuable content for supporters and viewers. Although it is essential, this practice has become controversial due to wrongly used information for purposes that contravene the GDPR. Luckily, professionals have started to notice, and they’re making a change in the player data collection and processing landscape. Here’s how!

Project Red Card

One of the biggest petitions in the sports industry called “Project Red Card'' aims to safeguard players from big companies collecting their data without their consent. This movement started in 2020 with Russel Slade, the Global Sports Data and Technology Group (GSDT) owner. Now, in 2022, the initiative looks to take legal action, as the claim stated that third-party firms are using players’ personal, tracking and performance data without consent or compensation. 

It’s supposed that all this information has been used in the past six years, which is the maximum income recovering limit under UK law. Under the UK and Eu data protection laws, these practices are illegal and invade players' privacy because player data can provide the clubs with information that may influence a player’s performance. The case is to be tried in court as a class action lawsuit. 

The case of GDPR misuse 

Last year, 850 professional football players claimed compensation from companies trading their performance data. They asked for an annual fee for any future use, besides asking for consent first, because, due to GDPR, these companies are violating the regulations on data use. 17 major betting, entertainment and data collection firms have been identified as breaching information, according to BBC.

The information they’re referring to are detailed figures about the player’s height, for example. But this violates the fourth article of the European General Data Protection Regulations because personal data can mean anything on identifiable information like physical attributes, location or physiology. 

Unfortunately, this doesn’t happen only in football, but apparently, other professional sports have the same issue regarding data collection and are considering taking similar legal action over data trading. 

What is GDPR?

GDPR has imposed new rules from 25th May 2018 for organisations that can collect and use data about European residents. For the sports industry, this includes the information that community-owned clubs collect for their members, for example. There are six privacy principles that are to be followed:

• Personal data has to be processed lawfully;

• Personal data is to be collected for “specified, explicit and legitimate purposes”;

• Data must be limited to what is mandatory regarding the reasons for which they are needed;

• Personal data must be authentic and kept up to date;

• When it’s no longer required, personal data should be deleted from any system;

• Processors need to ensure that all personal data they hold is secure;

But what is personal data? 

This concept is defined as any information that can be used to identify an individual, including their name, phone number, email address, date of birth, location and others. There is also sensitive data, which organisations are banned from processing under the GDPR unless the individual consents:

• Racial or ethnic origin

• Political opinions

• Religious beliefs

• Trade union membership 

• Genetic or biometric details

• Health reports

On the other hand, information can be processed if at least one of these conditions is met:

• The data subject has given their consent;

• The processing is necessary for the performance of a contract

• For compliance with a legal obligation

• The processing is required to protect the interests of the individual

• There are public interest purposes

However, if the organisation won’t comply with these regulations and breach its duty of care, you can file a GDPR data breach claim if you suffered from material (finances) or non-material damage (mental health-related). For example, for less severe general psychiatric damage, you can get up to £5,860. Still, a GDPR data breach that affects the person until developing severe PTSD can get someone compensation for £100,670. 

If you’re wondering if the process will succeed, you can opt for a No Win No Fee claim, where you’ll pay for your advisor’s advice only if they’re able to win your case; otherwise, you won’t have any further payments to make. 

Why is player information so important?

You may be wondering why there's so much fuss around this subject if most football players already have great incentives. Well, besides this matter, the breaching issue falls under some major legal problems, like:

• Lack of transparency. Players aren’t informed on how their information is being used;

• Lack of player consent. Some of these companies have included the consent stipulations in contracts as just another clause instead of making a separate contract for this matter, and, therefore, the player’s consent is not taken lawfully;

• Sensitive data processing. Distance covered, speed or energy expenditure are easily available to anyone, even if biological functions are given extra protection under the GDPR;

• Profiling issues. Betting companies and video game developers are using data to create complete player profiles, and it may be promoting the toxic and judgemental nature of fans.

Such organisations heavily base their services and products and an array of player data. Even if all of them state that they’ve been collecting data illegally, players weren’t provided with explanations on what their data is used for, which is why they need to be paid compensation for. 

There’s been a change even in games regulations, as FIFA has changed their data collecting approach after facing the new GDPR, especially for the use of image rights, because all the characters in the game look similar to the real-life players. Along with that, real-life information has been used for in-game ranking and rating players. 

Final thoughts 

Using players’ sensitive and personal information to make a profit is changing, as organisations have to stick to a set of regulations in order to be able to use data legally. Even if it’s quite difficult to prove the GDPR data breach, the sports industry is taking significant steps towards transparent and fair use of players’ data.