Football and Data Protection: New Challenges on the Horizon? 

Football and Data Protection: New Challenges on the Horizon? 
[1] The importance of data continuously grows. This applies to sports - and in particular to football - just as much as to any other business sector. In a sporting context, data are used for various purposes, which can range from a performance analysis in one specific football game to the establishment of detailed databases about individual players throughout their entire career. Data are also used to predict the sporting development of young talents or to monitor the health of athletes, e.g. to track blood pressure, to establish and control training routines or to monitor the recovery from injuries. Not least, also in the context of the fight against doping or match-fixing, vast amounts of data are processed and used on a worldwide level.[2] This article gives a brief overview on the new legal framework under the GDPR, in particular on the main rights and obligations of parties involved in the processing of personal data. The article also addresses specific topics, where data protection matters are particularly relevant in professional sports. The article will not, however, address all possible compliance issues in connection with sport and data protection. Rather, it aims to put the spotlight on a few selected issues. The considerations in this article will primarily focus on the legal framework under the GDPR. Where relevant, reference will also be made to principles and provisions of Swiss data protection law. 

Legislative Background

The legal framework in the area of data protection is currently undergoing significant changes. At a European Level, the “General Data Protection Regulation” (GDPR) will enter into force on 25 May 2018 and will be directly applicable in all Member States of the European Union. The GDPR will replace the Data Protection Directive 95/46/EC.[3] As from 25 May 2018, the GDPR will provide harmonization in the applicable legal framework in data protection matters across Europe.[4]

 

As from 25 May 2018, the GDPR will provide harmonization in the applicable legal framework in data protection matters across Europe

 

The GDPR aims to guarantee a high standard of data protection, and more stringent rules will apply.