Communication breakdowns could leave sporting bodies with heavy penalties

Most of us agree that FIFA’s final acceptance of goal-line technology is good for football. It could have transformed England’s 2010 World Cup defeat by Germany, never mind the competition’s 1966 final.

Yet technology is sometimes a double-edged sword. The General Data Protection Regulation (GDPR) is coming into force in May 2018, and the maximum fine of 20 million euros, or four per cent of annual global turnover, could have ruinous consequences for some organisations.

For Shrewsbury Town these numbers wouldn’t be huge, but if Manchester United or the Rugby Football Union (RFU) was hacked and players’ personal data got leaked, the situation could become critical. Imagine what might happen if someone hacked a player of the profile of Wayne Rooney’s medical file held by Everton.

The use of technology in international rugby could also present major legal challenges.

We are already seeing problems arising from technology in sport. The Boston Red Sox baseball team, for example, was recently accused of cheating in a game against the New York Yankees by using an Apple watch to make them better aware of the opposition pitcher’s intentions.

Moreover, technology is now used to monitor players and athletes in ways that would have been unthinkable 15 or 20 years ago. The advantages are clear, but there have been disturbing cases of personal data being hacked – notably when ‘Fancy Bears’ leaked information on Tour de France winners Sir Bradley Wiggins and Chris Froome.

If this happened under GDPR, would Wiggins or Froome consider legal action for breach of confidence against say, Team Sky, or their governing body?

Of course, privacy laws are nothing new. The seminal case of Prince Albert v Strange in 1849 addressed many of the issues we face today. The defendant was a publisher who obtained copies of private etchings made of Prince Albert and members of the royal family at home. The court granted an injunction restraining publication, ruling that it would represent ‘a sordid spying into the privacy of domestic life, hitherto sacred amongst us’. The language may be quaint, but the underlying legal principle of the right to privacy remains acutely relevant.

With this in mind, it’s going to be important for sports clubs and governing bodies to fully appreciate the changing scenario and risks represented by GDPR. Forward-thinking organisations will take this on board and give their data protection officers and compliance teams the respect and resources they need to operate effectively.

The use of technology in international rugby could also present major legal challenges. Anyone who watches these matches will see the coaching staff looking at their laptops as much as the match. They are not watching the Kardashians but monitoring the players’ performances to the nth degree, which impacts directly on tactical decisions.

Coaching staff are getting detailed information about how far and quickly players are running, which means they know when an individual player is starting to flag. In these circumstances, players are more vulnerable to getting hurt in a tackle.

Vicarious liability is a rapidly expanding area in its own right and it’s interesting to speculate whether the RFU could be held liable for the technology-based decisions of its coaches. For example, if players get injured and discover that the coaching staff knew they were flagging beforehand, they could argue that they should have been taken off – and avoided serious or career-ending injuries.

So where does this leave clubs and governing bodies? With the GDPR looming, they need to carefully consider all the risk factors around holding players’ data. And who knows, they may even reach the conclusion that it’s better – and financially safer – if they put their laptops away and actually watched the game.