La Liga punished over clever − but very sneaky − piracy detecting tactics

La Liga has been hit with a €250,000 fine because of its… questionable piracy-sniffing methods.

The Spanish football league’s official Android app has been sneakily doubling up as a pirate stream detector. It emerged last year that the app had been using the microphone of the device it was installed on to listen in to the user’s surroundings and work out if a La Liga match was being played in the vicinity.

Read more: Best free VPN

That was then being cross-referenced with GPS data to figure out the user’s location, and work out whether the game was being shown legally or illegally by a bar or similar premises that requires a license.

Spain’s AEPD data protection agency issued the fine this week, after determining that La Liga hadn’t made it clear enough to users that the app would be used for this particular purpose (via El País).

The app’s Google Play description makes no reference to piracy detection. However, buried in the (difficult to access) Terms and Conditions, you’ll find this passage:

“To detect fraudulent behaviour related to the reproduction of football contents in unauthorised public establishments. If you accept the specific and optional box enabled for this purpose, you consent to the access and use of your mobile device’s microphone and geopositioning functionalities so that LaLiga knows from which locations football is being streamed and thus detect any fraudulent behaviour by unauthorised establishments. Activation of both the microphone and geopositioning of your mobile device will require your prior acceptance of our pop-up window. Said window will be displayed when you download the APP.

“By activating the microphone functionality, the user is hereby informed that LaLiga will only be able to record small and coded audio fragments / acoustic fingerprints. The purpose by which these fingerprints will be recorded is to adequately identify the broadcasting of an official LaLiga fixture. Because of the specific purpose of this processing, the APP may only access information through your microphone during the time slots of LaLiga’s matches. The acoustic fingerprint is automatically encoded in the telephone itself by means of an algorithm that impedes its reversal. This means that once the sound is encoded such information is turned into anonymized information and it is impossible to reverse the acoustic fingerprint and thus convert it back into user-identifiable audio. The user is also informed that LaLiga will not be able to process his/her information at any time shall the user not check the specific consent box that has been assigned as a means of acceptance of this purpose.”

Not exactly crystal clear, especially when you consider that the popup referenced above (that appears when you first download the app) is pretty vague. Here it is:

“Shall you authorize us to do so, we will furtherly process your personal data … for the detection of fraudulent behaviours from unauthorised establishments related to the consumption of the football product.”

Read more: Best VPN

La Liga, however, is appealing against the AEPD’s decision. “La Liga disagrees profoundly with this decision, rejects the penalty imposed as unjust, unfounded and disproportionate and considers that the AEPD has not made the necessary efforts to understand how the technology works,” it said in a statement.

According to El Pais, La Liga had always been planning to stop using this method on June 30, but will continue to work on new methods of detecting piracy.